HPE Community
Internet Products
1819763 Members
3287 Online
109606 Solutions
New Discussion юеВ

help with adware removal

 
sharon amato
New Member

тАО06-05-2005 03:48 PM

тАО06-05-2005 03:48 PM

help with adware removal

Hi. I am desperate for help. I keep getting an icon on my desktop for party poker. Originally, something came up also that said "aurora advertising". I have run microsoft antispyware, adaware, pcpoint, and crapcleaner. I still keep getting the icon. I have deleted all my temporary files, run regedit, and everything else that I can think of. Can you help? thanks. Sharon
0 Kudos
10 REPLIES 10
Dexter Filmore
Honored Contributor

тАО06-05-2005 05:58 PM

тАО06-05-2005 05:58 PM

Re: help with adware removal

Try using hijackthis, but do not delete anything yet. Reply and attach the log - some of the forumers here should be able to advise you about what you can get rid of.
0 Kudos
Ronald Postma
Honored Contributor

тАО06-05-2005 09:18 PM

тАО06-05-2005 09:18 PM

Re: help with adware removal

Hi Sharon,
You can download it here:
http://www.majorgeeks.com/download3155.html

BTW. I have noticed that not all spyware can be removed with system restore enabeled. anyone else noticed that, or is this a coincidence.

Have a nice day,
HTH, Ronald
The logic of Microsoft: "Press START to shut down the pc"
0 Kudos
sharon amato
New Member

тАО06-06-2005 06:02 AM

тАО06-06-2005 06:02 AM

Re: help with adware removal

Hi. Here is the requested log. Thanks. Sharon

Logfile of HijackThis v1.99.1
Scan saved at 2:00:07 PM, on 6/6/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\AIM95\aim.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system\sysctrl.exe
0 Kudos
Jay Bollyn
Honored Contributor

тАО06-06-2005 10:53 AM

тАО06-06-2005 10:53 AM

Re: help with adware removal

Hi Ronald,

You are right. Before I start working on a spyware-infected PC, I turn off system restore. This will delete all restore points. When all spyware has been removed, I turn system restore back on. (It might be a good idea to create a manual restore point at this point, though I do not bother doing so.)

Spyware can hide in restore points, and anti-spyware products often cannot remove the spyware from the restore point.

- Jay
check Facebook
0 Kudos
Dexter Filmore
Honored Contributor

тАО06-06-2005 11:55 AM

тАО06-06-2005 11:55 AM

Re: help with adware removal

Hi Sharon,

Thanks for the feedback. Please include the entire log, not just the running processes. Also, rather than appending the log to your reply, include it as an attachment.

From your log, the last process in your list (sysctrl.exe) might be questionable. Can anyone else confirm?

0 Kudos
Ronald Postma
Honored Contributor

тАО06-06-2005 07:11 PM

тАО06-06-2005 07:11 PM

Re: help with adware removal

Hi there,
About sysctrl.exe have a look here:
http://www.nontoxic-internet.com/Spyware/Spyware.WinGuardian.htm

Have a nice day,
Regards, Ronald

The logic of Microsoft: "Press START to shut down the pc"
0 Kudos
sharon amato
New Member

тАО06-07-2005 02:07 AM

тАО06-07-2005 02:07 AM

Re: help with adware removal

okay. here is the logfile
0 Kudos
sharon amato
New Member

тАО06-07-2005 02:13 AM

тАО06-07-2005 02:13 AM

Re: help with adware removal

Sorry about that error. Here is the logfile. Sharon
0 Kudos
Ronald Postma
Honored Contributor

тАО06-07-2005 08:06 PM

тАО06-07-2005 08:06 PM

Re: help with adware removal

Hi Sharon,
Found a few things,

O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O3 - Toolbar: &Zero-Knowledge Freedom - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll
O4 - HKLM\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\AutoStarterR.exe

These one can be removed, probably from add/remove programs in control panal, otherwise do it in hijackthis. read this for info: http://www.file.net/process/freebhor.dll.html

Select the following in hijackthis and fix them:
O4 - HKLM\..\Run: [System] C:\WINDOWS\system\sysctrl.exe /a
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw2.cab

This one I do not know, anyone else?
O4 - HKLM\..\Run: [him] C:\WINDOWS\System32\him.exe

Have a nice day,
HTH, Ronald


The logic of Microsoft: "Press START to shut down the pc"
0 Kudos
Venkatesh_16
Respected Contributor

тАО06-09-2005 10:28 AM

тАО06-09-2005 10:28 AM

Re: help with adware removal

Hi there,

In case you have the below icons on your desktop:

Website hosting
Bingo
Casino Online
Card Games
Poker
Travel
Printer Cartridges

To get rid of the icons, download and install the Uninstaller Utility of LOP search. It is available as download from the following weblink:
http://lop.com/new_uninstall.exe

HTH
Venkatesh

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.