MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Adware,Spyware etc.etc
November 13, 2019, 02:30:59 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 13, 2019, 02:30:59 PM

Login with username, password and session length
 Featured Sites:
News
New  Looking for cheap hardware and/or software?
Visit our new Online Store where you will be able to purchase from a reputable vendor by country.
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Adware,Spyware etc.etc  (Read 2560 times)
Taz Eats Cookies
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 112


Bookmark and Share

View Profile
« on: July 30, 2004, 05:22:47 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:win XP
Problem Application Name & Version.Adware,Spyware,Etc.....
I need help i get a error when i boot up my pc and when i send error report it takes me to a site called pest control, when i run a check on my pc it tells me that i have got 268 pests bugs etc on my pc such as spyware adware etc,etc, My pc is also running slow and i guess that this is why. I think the problem begins to do with kazaa i still want to use kazaa for tunes and stuff but i dnt want all the **** that comes with it!!!!
 Could anybody offer me some advice on how to remove all this **** from off my system and how to keep free from it.
   Many thanks
       TAZ
Logged

Martin.J.
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: July 30, 2004, 05:36:52 AM »

Hi Taz, can we take a closer look, I may not have time tonight

But to get you started
Just a guess
I would almost bet that you have p2p networking installed...Just guessing
A useless addon by Kazaa
Access your Add/Remove programs and Remove it, if you get a prompt to remove Altnets--do it!!!!!

You may have to close down Kazaa and p2pnetworking and Altnets in the taskmanager first

Would you please download Hijackthis---Important---Create a permanent folder hijackthis
EG---- Open MyDocuments----Right click an empty spot and select NEW---Folder----Name the new folder HJT ---this is where you will want to save Hijackthis too, also, backups will be stored there.
download from
HERE or HERE


Do a SCAN----Scan will change to SAVE LOG----copy and paste the WHOLE contents of the log
here... Don't try and fix anything yet----It is all important
Logged

 
Taz Eats Cookies
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 112


Bookmark and Share

View Profile
« Reply #2 on: July 30, 2004, 06:02:37 AM »

Cheers Benditup,
   i am currently at work in uk at the time and so will not be able to sort my pc out til later on tonight, but i will do what you asked and post it back here.
Please be patient with me as i am not very pc literate.lol.
   Many thanks
         TAZ
Logged

Martin.J.
Taz Eats Cookies
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 112


Bookmark and Share

View Profile
« Reply #3 on: July 31, 2004, 07:57:55 PM »

I hope this is what your after...........
Logfile of HijackThis v1.98.0
Scan saved at 20:55:45, on 31/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\System32\NVATray.exe
C:\WINDOWS\System32\Oadaemon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\GMT\GMT.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Martin Johnston\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk
R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [OADAEMON] Oadaemon.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\TSAdBot.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} (MediaConnect Control) - http://plugin.euro-infomedia.com/mpv0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE5637D9-DFA9-4F1F-BDB3-0FCE24B4AE22}: NameServer = 194.72.9.34 194.74.65.68
O20 - AppInit_DLLs: NVDESK32.DLL

Many thanks
         TAZ
Logged

Martin.J.
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #4 on: August 01, 2004, 01:24:18 AM »

Hi again Taz,
Let's do the following,
Download and Install the free version of Ad-Aware
After installation CHECK FOR UPDATES---this is important

Disconnect from the NET

Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)

O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\TSAdBot.exe"

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} (MediaConnect Control) - http://plugin.euro-infomedia.com/mpv0.cab

RESTART your Computer in SAFE MODE

Set Windows to Show Hidden Files and Folders
Find and delete these folders

C:\Program Files\Common files\updmgr <--the updmgr folder
C:\Program Files\Common Files\CMEII <--this folder
C:\Program Files\TimeSink <--this folder

RESTART your computer in Normal Mode, stay disconnected

Open Ad-Aware and set these additional options for a custom scan
click the gear wheel at the top and check these options:

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"

Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry", "Scan my IE Favorites for banned sites" and "Scan my Hosts file"

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

Click "Proceed" to save your settings, then click "Start", make sure "Activate in-depth scan" is ticked green then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?".

RESTART your computer one more time
Post back with a fresh hijackthis log
« Last Edit: August 01, 2004, 01:25:21 AM by benditup » Logged

 
Taz Eats Cookies
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 112


Bookmark and Share

View Profile
« Reply #5 on: August 02, 2004, 09:39:32 AM »

Cheers Benditup
  I have got a really mad week ahead of me this week as i am getting married on saturday and shall be on honeymoon for a week ,i will try and get round to doin what you said but if you dnt hear anything from me im not beng ignorant just busy
many thanks  
      TAZ
Logged

Martin.J.
Taz Eats Cookies
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 112


Bookmark and Share

View Profile
« Reply #6 on: August 18, 2004, 11:51:23 AM »

Hiya Benditup
  Sorry its taken a while i been on honeymoon,
  I did what you said but i had a problem in deleting the folder
C:\Program Files\Common files\updmgr <--the updmgr folder
Everything else seemed to go ok, i hope this helps here is the new hijack this log
Logfile of HijackThis v1.98.0
Scan saved at 12:47:20, on 18/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\System32\NVATray.exe
C:\WINDOWS\System32\Oadaemon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Martin Johnston\My Documents\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [OADAEMON] Oadaemon.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1553e8431776672c3c05/netzip/RdxIE601.cab
O20 - AppInit_DLLs: NVDESK32.DLL



Many thanks
  TAZ
Logged

Martin.J.
Taz Eats Cookies
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 112


Bookmark and Share

View Profile
« Reply #7 on: August 19, 2004, 09:39:07 AM »

Hi there benditup, could you just check and see that i done everything correct, the only problem i had is trying to remove the updmgr folder it said it was protected or summat like that.
 Many thanks
        TAZ
Logged

Martin.J.
Taz Eats Cookies
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 112


Bookmark and Share

View Profile
« Reply #8 on: August 19, 2004, 09:42:56 AM »

Also because i have removed lots of the **** from on my pc i cannot use kazaa anymore because in order for it to work i have to accept the free ads and stuff from them, is there any way around this problem so i can still use it to download items from kazaa or do i have to pay for it so as not to recieve all the ****.


            TAZ
Logged

Martin.J.
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #9 on: August 19, 2004, 11:25:25 PM »

Did you try restarting into safe mode to delete that folder?
How to take ownership of a file or folder
http://support.microsoft.com/default.aspx?scid=kb;en-us;308421&sd=tech

You may want to uninstall Kazaa completely
If you really need a P2P file sharing program search for one that is spyware free.
This doesn't mean that you still won't get infected, you must watch what
you download and have good Anti-Virus protections

You can have hijackthis fix this one too
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1553e8431776672c3c05/netzip/RdxIE601.cab

You should install these 2 apps., they add extra security while
silently protecting you without running in the background
 
SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
http://www.bleepingcomputer.com/forums/index.php?showtutorial=53

With both---Check for updates every couple of weeks

READ THIS
How did I get Infected

How's everything running?
Logged

 
Taz Eats Cookies
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 112


Bookmark and Share

View Profile
« Reply #10 on: August 23, 2004, 06:52:15 PM »

How do......
  I managed to delete the file by regaining custody of it and i have installed the 2 applications that you said..... as far as i know it all went to plan.
 The one problem that i have got is that it will not let me un-install kazaa it comes up with something like intall shield setup launcher has encountered a problem and has to close. i dont know what this means?Huh?Huh??
 thanks
  TAZ
Logged

Martin.J.
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #11 on: August 24, 2004, 12:00:03 AM »

Hi again Taz. There's a few methods of ridding yourself of Kazaa

1. Re-install Kazaa and then properly uninstall, make sure you run a spyware checker afterwards.....

2. You can download Kazaabegone, it will hunt down the remaining *#%* left behind.
Be forwarned, in rare circumstances this may result in loss of Internet Connection. You will want to first download and save to desktop  LSP fix beforehand in case it's needed>>> I don't see anything in your log that would indicate you would have this problem
This usually happens when Kazaa is installed it may come bundled with
spyware such as NewdotNet, which does effect winsock. Your log shows no indication of such....

3. You can try downloading a RegCleaner such as REGSEEKER
Try removing it thru installed applications and Clean the registry
Also look for leftover folders.....

There may be other methods....

If you go with the first method can you please post another Hijackthis log afterwards, thanks...
Logged

 
Taz Eats Cookies
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 112


Bookmark and Share

View Profile
« Reply #12 on: August 26, 2004, 06:26:13 PM »

Logfile of HijackThis v1.98.0
Scan saved at 19:26:54, on 26/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\System32\NVATray.exe
C:\WINDOWS\System32\Oadaemon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Martin Johnston\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\4.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-gb\msntb.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\4.bin\MYBAR.DLL (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [OADAEMON] Oadaemon.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE5637D9-DFA9-4F1F-BDB3-0FCE24B4AE22}: NameServer = 194.72.9.34 194.74.65.68
O20 - AppInit_DLLs: NVDESK32.DLL

Hi there benditup
  I did what you said and managed to delete kazaa, here is the latest hijack this log see what you think, i reckon my pc is running alot better since i got rid of some of the useless junk.
  cheers
   TAZ
let me know if anything seems out of order.
Logged

Martin.J.
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #13 on: August 26, 2004, 06:55:30 PM »

Looking good Taz, just some final cleanup

You can have Hijackthis fix these entries
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\4.bin\MYBAR.DLL (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\4.bin\MYBAR.DLL (file missing)

Optionally, you really don't need RealPlayers' updater running on startup
I recommend
Ending this process in the task manager
realsched.exe
Navigate to this file
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
RENAME realsched.exe>>>>realsched.old

Have Hijackthis fix this entry too
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

RESTART your computer
Delete this folder if it exists
C:\Program Files\MyWay <--this folder

FYI---Since you first posted your log, Ad-Aware may have been updated to a new version===== SE Personal 1.03, is this what your using or Ad-Aware 6?
You can download Ad-Aware SE Personal from here--Ad-Aware
You should uninstall your version of Ad-Aware 6 first and then install
the newest version
Again--Check for updates----Do a Full System Scan
I'll lock this topic in a couple days if everything stays well for you

« Last Edit: August 26, 2004, 06:57:05 PM by benditup » Logged

 
Taz Eats Cookies
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 112


Bookmark and Share

View Profile
« Reply #14 on: August 28, 2004, 12:17:40 PM »

Hi there sorry that it takes me a while to get to you, but i deleted what you have said all went well, the version of ad-aware that i am using is  se personal so i dont think i have to download another version.
  I will just have to make sure that i check for updates regularly and get rid of any un-wanted **** that there might be lurking around.
My pc seems to be running really well now, now thank you very much for your help i will reccomend this site and yourself to my friends
  cheers
        TAZ
Logged

Martin.J.
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page August 24, 2018, 03:20:53 PM