Powerscan Spyware

OK...

I have Windows XP and I've gotten a powerscan spyware program on my pc. I have adaware but it doesnt recognize it and I've tried going into the registry and deleting the appropriate files as some websites have informed on doing but i can't find powerscan under my windows

Can anyone help me remove this? is there a tool that can remove this without having me pay to buy it?? its beginning to annoy me as i've getting pop up after pop up ... please help!

thank u

 

hope this helps

SPY BOT S&D

AD WARE 6.0 FREE

SPYWAREBLASTER

SPYWAREGUARD

These are all free and very affective

Regards,
FireDancer

 

All the spyware removal apps need to be updated before each use.

You need to have system restore turned off during the removal process to get rid of problems stored in the system restore file since none of the removal apps can remove contents from there.

 

If you still have problems after that, and I think you will with POWERSCAN


Post a log from HijackThis so our forum members can see
what's going on. The current version is 1.97.7 [created by merijn bellekom]
Most of what it lists will be harmless, even essential,DON'T fix anything yet please.

First make a new folder, for instance C:\Antispyware

Get it here here http://radiosplace.com/
Choose save, NOT OPEN
Save it to that new folder, double-click HijackThis.exe,
and hit "Scan ". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, Once saved it will open in notepad, click edit, select all, then edit copy. Then close the notepad and Hijackthis for now.
Then in your post simple rIght click and in the contect menu choose paste
More Informatione here http://tomcoyote.com/hjt/#copyandpaste

Regards

 

hey lonny jones, here is my hijackthis log, let m eknow if i should be deleting anythng:

Logfile of HijackThis v1.97.7
Scan saved at 10:28:32 AM, on 5/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\wmwlnhq.exe
C:\Program Files\ClockSync\Sync.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Documents and Settings\martin wasiel\My Documents\HiJACK\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4DF1DB24-A57C-11d3-A180-00A0C90AE44B} - C:\Program Files\BPS Popup Killer and Ads Filter\PopupKiller.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [xcqdmhddn] C:\WINDOWS\System32\wmwlnhq.exe
O4 - HKCU\..\Run: [BPS Popup Killer and Ads Filter] C:\Program Files\BPS Popup Killer and Ads Filter\Popup.exe
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\ "
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2999b0b75d1a62aaff00/netzip/RdxIE601.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

 

First wait for our other forum memeber's to confirm or add to my suggestions, please.


freescan Spyware Begone and anything BPS is iether bogus or ineffective
http://pcpitstop.ibforums.com/axslinger/helpfiles/bogus.htm
I suggest you uninstall them. before these next steps
also Messenger Plus! 2 it usualy installs a lop parisite, although i do not see it in your log, I still urge you to uninstall that program.

Start Hijackthis and place a check next to these items
Close all browser windows and shut down all other programs(even Folders) that show in the taskbar. Then Hit fix selected.
[items in blue are recommended or optional]
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {4DF1DB24-A57C-11d3-A180-00A0C90AE44B} - C:\Program Files\BPS Popup Killer and Ads Filter\PopupKiller.dll (file missing)
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [xcqdmhddn] C:\WINDOWS\System32\wmwlnhq.exe
O4 - HKCU\..\Run: [BPS Popup Killer and Ads Filter] C:\Program Files\BPS Popup Killer and Ads Filter\Popup.exe
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2999b0b75d1a62...ip/RdxIE601.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
=============
In control panel addremove program's uninstall ClockSync

Then restart the PC and delete these folders/files

c:\freescan
C:\Program Files\ClockSync
C:\Program Files\Messenger Plus! 2
C:\WINDOWS\System32\wmwlnhq.exe
You might have to have windows show hidden file's and folder's in order to see them.
How to Show hidden files and folders.



Have you taken FireDancer's advice ?

is there a reason for this ?
[RemoteControl] C:\WINDOWS\System32\rmctrl.exe


If you have any problem fixing and delting the above items do it again while in safe mode
How to start in safe mode

You should update anything that uses the intsernet, for example Acrobat reader. media players, chat programs, windows etc etc etc.

Next step is to Make and post a new log

 

Thank you very much! i'll wait it out about a dayand hopefully hear from other members and their suggestions as well...

As for the Remote control ..i'm not really sure what it may be..what is it?

 

O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
About Remote Control.
Added via the installation of PowerDVD 4 software. Function unknown but not required.

I agree with Lonny's advice.

 

Thanks for your advice...i've removed everything as you've told me but the C:\WINDOWS\System32\wmwlnhq.exe file wont delete as its being used, how would i go about removing it now?

 

Check task manager to see if it is running. If so, end process on it and you should be able to delete the file. You could also use a little program called Move-on-Boot which when installed will give you a new right click option. Simply right click the file and select 'delete file on next boot' then reboot.