1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

parasites:Dyfuca,blazefind,istbar.

Discussion in 'Virus & Other Malware Removal' started by Hottlips, Sep 13, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Hottlips

    Hottlips Thread Starter

    Joined:
    Sep 13, 2004
    Messages:
    3
    Win XP:Ran ad aware and spybot.Hjacklog enclosed needs analysis.
    NoAdware showed; Twain tech,Magic control,blazefind,dyfuca,istbar powerscan,dynamic desktop and ipinsight.

    Xoftspy showed; dyfuca,proclaim telcom,twaintech,vx2 Better internet,winpup32,cws.mrhop,toprebates,adlogix,mainpean dialler and dynamic desktop.

    * Xoftspy 3.44 seems to be more descriptive :Xoftspy did'nt detect istbar.
    listed dyfuca as malware. Twaintech as Annoyance,Dynamic desktop as min threat.

    *Noadware 2.01
    dyfuca recorded as a dialler. Twaintech as Dangerous,Dynamic desktop as dangerous

    Which one above is more accurate?

    Also windows\nem214.dll and wsem217.dll -are these deletable?or replaceable? what are they for?

    *Pal spyware remover detected only nem214.dll and Moneytree.

    Hjack log below needs to be analysed. Help!

    Logfile of HijackThis v1.97.7
    Scan saved at 8:32:32 p.m., on 12/09/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVirus\AVGUARD.EXE
    C:\Program Files\AntiVirus\AVWUPSRV.EXE
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\system32\crypserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AntiVirus\AVGNT.EXE
    C:\Program Files\Winad Client\Winad.exe
    C:\WINDOWS\System32\mbiwdc.exe
    C:\Program Files\Winad Client\WinClt.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Spyware\spywareremover\PAL SPYREM\spyrem.exe
    C:\Program Files\Spyware\noadware\NoAdware\NoAdware.exe
    C:\Program Files\Spyware\Hijack\HijackThis.exe

    R3 - Default URLSearchHook is missing
    F1 - win.ini: run=C:\WINDOWS\System32\services\wmplayer.exe
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
    O2 - BHO: (no name) - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll (disabled by BHODemon)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spyware\Spybot\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
    O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
    O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
    O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AntiVirus\AVGNT.EXE /min
    O4 - HKLM\..\Run: [sysu] "C:\progra~1\ddm\sysu.exe"
    O4 - HKLM\..\Run: [QXELSGN] C:\WINDOWS\QXELSGN.exe
    O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
    O4 - HKLM\..\Run: [WinInit] Win86.exe
    O4 - HKLM\..\Run: [WinLogin] win32x.exe
    O4 - HKLM\..\Run: [ptvfryy] C:\WINDOWS\System32\mbiwdc.exe
    O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...14f9bb93ddd5:061a5725d1c04e478de72640af5cb44d
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37663.0798032407
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea1fd.sea1.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/ieplugin.CAB
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab


    Really concerned about diallers.
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,253
    First Name:
    Derek
    All of the so called spyware removers except for adaware anmd spybot you have used are not recommended for use as they either have alot of false positives or are dangerous in themselves

    Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

    R3 - Default URLSearchHook is missing
    F1 - win.ini: run=C:\WINDOWS\System32\services\wmplayer.exe
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
    O2 - BHO: (no name) - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll (disabled by BHODemon)

    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
    O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
    O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
    O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)

    O4 - HKLM\..\Run: [sysu] "C:\progra~1\ddm\sysu.exe"
    O4 - HKLM\..\Run: [QXELSGN] C:\WINDOWS\QXELSGN.exe
    O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
    O4 - HKLM\..\Run: [WinInit] Win86.exe
    O4 - HKLM\..\Run: [WinLogin] win32x.exe
    O4 - HKLM\..\Run: [ptvfryy] C:\WINDOWS\System32\mbiwdc.exe
    O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...72 640af5cb44d
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/ieplugin.CAB

    Reboot into safe mode by following instructions here: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
    then as some of the files or folders you need to delete may be hidden do this:
    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Delete these files

    C:\WINDOWS\alchem.exe
    C:\WINDOWS\System32\mbiwdc.exe
    C:\WINDOWS\QXELSGN.exe
    C:\WINDOWS\System32\services\wmplayer.exe
    C:\WINDOWS\twaintec.dll
    C:\WINDOWS\2_0_1browserhelper2.dll
    C:\WINDOWS\System32\nvms.dll
    C:\WINDOWS\System32\mscb.dll
    C:\WINDOWS\System32\msbe.dll

    and Delete these folders

    C:\Program Files\Winad Client
    C:\program files\ddm
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA \Setup

    then go to C:\Documents and Settings\USER NAME\Local Settings\Temp and select everything in that folder and delete it (repeat for every user name/account )

    and select EVERYTHING in C:\windows\temp except temporary internet files, cookies and history folders and delete all that as well

    1) Open Control Panel
    2) Click on Internet Options
    3) On the General Tab, in the middle of the screen, click on Delete Files
    4) You may also want to check the box "Delete all offline content"
    5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
    6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive

    then
    Reboot normally &

    Download and unzip or install these programs/applications if you haven't already got them. If you have them, then make sure they are updated and configured as described

    Spybot - Search & Destroy from http://security.kolla.de
    AdAware SE from http://www.lavasoft.de/support/download


    Run Sybot S&D

    After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server

    Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.

    then reboot &

    Run ADAWARE

    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
    the current ref file should read at least SE1R7 06.09.2004 or a higher number/later date
    Then ........
    click the "Scan" button. and select full scan

    When scan is finished, mark everything for removal and get rid of it. (Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries. You can safely ignore any MRU entries though and not delete them

    reboot again

    then post a new hijackthis log to check what is left
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,253
    First Name:
    Derek
    Also update HJT to the latest version 1.98.2 before posting a new log or fixing the above
     
  4. Hottlips

    Hottlips Thread Starter

    Joined:
    Sep 13, 2004
    Messages:
    3
    Thanks for instructions will do shortly but....i happen to try manual removal for dyfuca..action/results listed below.

    Dyfuca manual removal…http://www.pestpatrol.com/PestInfo/d/dyfuca.asp

    Follow these steps to remove DyFuCA from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.

    Stop Running Processes:
    Kill these running processes with Task Manager:
    actalert.exe
    c:\spedia\setup.exe
    systemroot+\system32\ssupdate.exe
    systemroot+\temp\thi6026.tmp\preinstt.exe
    update.exe


    Remove AutoRun Reference:

    Go To the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
    If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\safesurfingupdate, delete it and reboot the machine immediately.
    Unregister DLLs:

    Unregister these DLLs with Regsvr32, then reboot:
    systemroot+\nem214.dll
    systemroot+\wsem216.dll
    wsem218.dll

    Clean Registry:

    Remove these registry items (if present) with RegEdit:
    HKEY_CLASSES_ROOT\clsid\{d8e25c53-9508-4f5c-9249-d98d438891d5}
    HKEY_CLASSES_ROOT\dyfuca_bh.bhobj
    HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1
    HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj
    HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj.1
    HKEY_CLASSES_ROOT\safesurfinghelper.iebho
    HKEY_CLASSES_ROOT\safesurfinghelper.iebho.1
    HKEY_CLASSES_ROOT\typelib\{00211813-6223-4c6a-be8d-4d2676cd1361}
    HKEY_CURRENT_USER\software\avenue media
    HKEY_LOCAL_MACHINE\software\avenue media
    HKEY_LOCAL_MACHINE\software\fci
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\safesurfingupdate
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstal l\dyfuca
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstal l\internet optimizer
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstal l\internet optimizer active alert
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstal l\internet optimizer software installer
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dyfuca
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer
    HKEY_LOCAL_MACHINE\software\safesurfing\update




    Remove Files:

    Remove these files (if present) with Windows Explorer:
    actalert.exe
    c:\documents and settings\administrator\desktop\second thought.lnk
    c:\spedia\setup.exe
    systemroot+\nem214.dll
    systemroot+\system32\ssupdate.exe
    systemroot+\temp\thi6026.tmp\preinstt.exe
    systemroot+\wsem216.dll
    update.exe
    wsem218.dll

    after completing above...

    Ran spybot –came up clean
    AdAware – [email protected],[email protected]_bin.txt,[email protected],@z1.adserver.txt.
    Spysweeper:

    - Adware..Winad,BargainBuddy,Twain-tech powerscan,opensite, moneytree,Istbar, HotasHell and eaccelaration.
    *hotasHell scanned as dialler.

    Running s/ware.. Twain Tech – twaintec.dll,Winad – winad.exe.

    Cookie shield removed- [email protected],[email protected],@realmedia.txt,@maxserving.txt,@fastclicks.txt,@com.txt,@atwola.txt,@as-us.falkag.txt,@advertising.txt.

    Xoftspy:22 items found.
    Adlogix,meanpean,vx2betterinternet,twaintech,proclaim telcom etc.
    * I will check actual reg entries and if present I’ll assume valid detection of parasite –some not detected by other scan progs.ie spybot.

    * will perform instructions by dvk01 later.
    Xoftspy?good or bad see link http://netrn.net/spywareblog/archives/2004/04/29/xoftspy-dont-buy-heres-why/

    Useful Spyware removal link

    thanks.Hope this has helped someone.
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,253
    First Name:
    Derek
  6. Hottlips

    Hottlips Thread Starter

    Joined:
    Sep 13, 2004
    Messages:
    3
    After following instructions as given ran...
    Spybot - clean result
    AdAware - surprisingly found traces of ...
    180Solutions(TAC index:8):6 total references
    AdLogix(TAC index:6):1 total references
    BargainBuddy(TAC index:8):19 total references
    BlazeFind(TAC index:5):2 total references
    BroadCastPC(TAC index:7):35 total references
    CasinoPalazzo(TAC index:4):2 total references
    CoolWebSearch(TAC index:10):42 total references
    Dialer(TAC index:5):5 total references
    DyFuCA(TAC index:3):7 total references
    EGroup Dialer(TAC index:5):4 total references
    EPSystems DialerMaker(TAC index:5):8 total references
    istbar(TAC index:6):23 total references
    Lop(TAC index:7):1 total references
    MetaDirect(TAC index:5):1 total references
    MRU List(TAC index:0):56 total references
    Navpmc(TAC index:7):3 total references
    Other(TAC index:5):11 total references
    Possible Browser Hijack attempt(TAC index:3):4 total references
    SideFind(TAC index:5):4 total references
    Tracking Cookie(TAC index:3):3 total references
    VX2(TAC index:10):10 total references

    Removed these as rerquested via Adaware. Rebooted and ran again.
    Found...
    BargainBuddy(TAC index:8):4 total references
    BlazeFind(TAC index:5):2 total references
    CoolWebSearch(TAC index:10):3 total references
    Dialer(TAC index:5):3 total references
    DyFuCA(TAC index:3):3 total references
    EGroup Dialer(TAC index:5):1 total references
    EPSystems DialerMaker(TAC index:5):8 total references
    istbar(TAC index:6):2 total references
    Lop(TAC index:7):1 total references
    MRU List(TAC index:0):56 total references
    Navpmc(TAC index:7):2 total references
    SideFind(TAC index:5):1 total references
    VX2(TAC index:10):5 total references
    Removed as required.

    Ran hJack log
    Logfile of HijackThis v1.97.7
    Scan saved at 7:57:06 p.m., on 16/09/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVirus\AVGUARD.EXE
    C:\Program Files\AntiVirus\AVWUPSRV.EXE
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\system32\crypserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AntiVirus\AVGNT.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Spyware\Hijack\HijackThis.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spyware\Spybot\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AntiVirus\AVGNT.EXE /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37663.0798032407
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea1fd.sea1.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab


    Ran Xoftspy just to see..guess what...
    1) AdLogix
    2) AdLogix
    3) Dynamic Desktop MediaName: software\ddm
    4) MainPean DialerName: Software\Freeware
    5) NCaseName: SOFTWARE\180solutions
    6) NetPalName: typelib\{0cf28135-b1dc-4f50-ab58-7cf5701a6ed6}
    7) NetPalName: software\microsoft\windows\currentversion\uninstall\npo
    8) Winpup32Name: Interface\{48E59291-9880-11CF-9754-00AA00C00908}
    9) Winpup32Name: Interface\{48E59292-9880-11CF-9754-00AA00C00908}
    10) CWS.mrhopName:Software\Microsoft\Internet Explorer\Main\Local Page:mad::C:\WINDOWS\System32\blank.htm
    Scan Finished

    None of these exist... As Spybot/adawareSE came up clean.
    1.Spy Sweeper came up with similar items as AdAware.
    2.. Found traces of Dyfuca still present even after I had manually removed all known traces of it. AdAware got the ones I missed.
    3. Found Winad.exe still present but removed it via Spybot/AdAware.
    4. Spysweeper came up close to AdAware for scan results.So AdAware,Spybot and Spysweeper you can't go wrong. All Ihave to do is remove completely Xoftspy.

    Thanks Dvk01.Have sent email to you.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/273401

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice