Don't download this piece of sh*t
It is slower than a model T Ford
and it comes with more spyware than an atom bomb
i have more spyware prevention/removal progs than i can remember
the spyware still got in and i cant get rid of it
any help appreciated
regards Alex
oh if u actually have that much anti-spyware proggs, then reformat.
Click the longhorn icon to visit my website.
<span style='color:blue'><span style='font-size:8pt;line-height:100%'> You try Everything in my/our post(s) at YOUR own risk. I/we do not take responsibily for damages, caused by the post(s). Clicking on/or modifying anything in here is not permitted. Whoever edits my sig is a pussy.</span></span>
::::::::::::::::::::::::::::::::::::::::
it my of been installed here C:\WINDOWS\Downloaded Program Files
try spy sweeper
Software Farmer
BT Rep: +15
Huh ? What are you saying?Originally posted by supersonic@18 June 2004 - 13:24
oh if u actually have that much anti-spyware proggs, then reformat.Reformat because you have spyware , that seems kinda like throwing the baby out with the bath water.
ok peat moss you know what your doing
I've run
ad aware
spybot
spywareblaster
spysweeper which say they have removed them..........but they come back
avg has got rid of 1 of three left but cant get rid of the other two
any ideas...........what more information can i give you
regards Alex
Software Farmer
BT Rep: +15
Gee off the top of my head, disable System restore, delete saved points , but we'll help . WE might have to sleep on it, but your no dummy either Alex.
Software Farmer
BT Rep: +15
Alex whats that shreder something program? Or Mabye High jink this the one where you post your running services , that would be a good start .Sorry I can't remember the name .
Alex its called CWSHREDDER, and HIGHJACKTHIS.
Good morning Peat thanks for that
cw shredder says nothing wrong
here is the hijack this log........im not really sure what to do with it
very wary of what to delete
perhaps you could have a look or show it to someone in the board who knows a bit more
regards
alex
..sorry forgot to add the log!!!!!!!!!!!!
Logfile of HijackThis v1.97.7
Scan saved at 11:13:18, on 19/06/2004
Platform: Windows ME (Win9x 4.90.3000A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\PROGRAM FILES\WHITECANYON\SECURECLEAN 4\SCWATCH4.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\INTERNET KEYWORD\INETMGR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\WHITECANYON\SECURECLEAN 4\SCREGMANAGER4.EXE
C:\PROGRAM FILES\WHITECANYON\SECURECLEAN 4\SCTRAY4.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\IOLO\SYSTEM MECHANIC 4\POPUPSTOPPER.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\LRDSVR.EXE
C:\PROGRAM FILES\INTERNET KEYWORD\INETSVC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\INTDRV.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\INETMGR.EXE
O4 - HKLM\..\Run: [SecureClean4RegManager] "C:\Program Files\WhiteCanyon\SecureClean 4\scregmanager4.exe"
O4 - HKLM\..\Run: [SecureClean4Tray] "C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [SecureClean4Service] "C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe"
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\PROGRAM FILES\IOLO\SYSTEM MECHANIC 4\POPUPSTOPPER.EXE"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [svcSystem] C:\WINDOWS\SYSTEM\lrdsvr.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8157.1371064815
.
I tend to agree with Foot Loose.
Look in C:\WINDOWS\Downloaded Program Files.
If there's anything there that you aren't ABSOLUTELY sure about, get rid of it, you can easily dl them again.
Make sure your browser is not open when you do this, otherwise your browser may already have an infected prog loaded and simply dl it again. Better still, do it in safe mode.
Edit: Also, check your IE security settings, you may well find that they have been set to LOW, which means you are open to re-infection.
.Political correctness is based on the principle that it's possible to pick up a turd by the clean end.
Posting Permissions
Reply With Quote
it my of been installed here C:\WINDOWS\Downloaded Program Files
Reformat because you have spyware , that seems kinda like throwing the baby out with the bath water.
Bookmarks