CLEANING YOUR PC

rygon · August 27, 2005

as theres been loads of posts relating to this i thought i'd help others out...

slow as fuck pc...riddled with spyware..then try me.

1st of all download these programs.

cwshredder

http://www.trendmicro.com/ftp/products/onl.../cwshredder.exe

adaware

http://www.download.com/3001-8022_4-10399602.html

ccleaner

http://www.filehippo.com/download/file/37c.../ccsetup122.exe

regseeker

http://downloads.pcworld.com/pub/new/utili..._/RegSeeker.zip

hijack this

http://www.merijn.org/files/hijackthis.zip

to me these are the main programs you need to remove spyware etc off you pc. most of these files should be self explanitory once you have installed them, if not pls pm myself or a mod who could help and insert a bit of txt in this post to help yourself and others.

1st run cwshredder. this will get rid of a thing called coolwebsearch. it hijacks your home page directing you to other unwanted sites.

next run adaware. this will remove spyware and trojans from you pc. Some ppl use spybot as well but i never feel the need to (spybot can be found at this link http://www.download.com/3001-8022_4-10401314.html , it is pretty useful)

next run ccleaner. once finished run regseeker. this will be deleting files you may need so backup before deleting (backups will be prompted if you press the delete button on these program)

in ccleaner there are 3 different areas you can delete files from (windows, applications and issues...i delete from all of them)

regseeker allows you to do other things as well as clean the registry..have a play with it and see...backup before doing anything and you can always undo your mistakes.

your pc should be pretty clean now...if you find you are still experiencing a slow pc or just wanna make sure that everything is ok run hijack this and save the log. This ca then be posted here http://www.digitalvertigo.co.uk/index.php?showtopic=90

DO NOT REMOVE ANYTHING YOU ARE UNSURE ABOUT...THIS CAN SERIOUSLY DAMAGE YOUR PC

thats it for cleaning shit off ya pc..i havent talked about antivirus' and firewalls..except you need them both..theres free ones to be d/l. zonealarm comes to mind as a free firewall (and also SP2 has a built in one)

AVG is a free antivirus which can be used. I prefer to go with the payable ones as it gives you a bit more security...try sygate firewall and kaspersky antivirus. i find these the best as do many others (word of warning..remove one anti virus before installing another..i didnt and it buggered my pc up for a bit)

hope that helps..any admin feel free to edit this post

Steve · August 28, 2005

Good post mate, although I think RegSeeker should only be run once the PC is spyware/virus free. I'd run the programs in this order: -

Ad-Aware

CWShredder

CCleaner

Then if you still have problems post a HijackThis log. Once the PC is free of rubbish, run RegSeeker to remove any orphaned registry entries. Once that's done it's a good idea to run NTRegOpt to compact the registry.

If you learn how to use HijackThis, it's pretty much the only tool you need to remove spyware/viruses/trojans. Ad-Aware and CWShredder work by using reference files containing common spyware. Obviously the person writing the spyware has access to these reference files and can make sure their next batch of scumware isn't detected. They are still useful programs though because they automate the removal process and on a badly infected machine, they'll get rid of a lot of rubbish making the HijackThis log easier to analyse.

As far is firewalls are concerned, the one built into XP is inadequate. A good firewall works by analysing incoming and outgoing traffic. The XP firewall only analyses and blocks incoming traffic so if you are unlucky enough to get a trojan it can make an outbound connection to the Internet. Sygate make a free version of their firewall which can be downloaded HERE.

A firewall only works if it's set up correctly. After installing Sygate, any time a program wants to access the Internet, a box will appear asking if you want to allow it or not. If it's Firefox for example, you can say yes and check a box so you're not asked again. You would do a similar thing with all the software you know and trust. If a box pops up asking if "pop_downloader_setup.exe" can have access for example, you might not know what it is. The best thing to do in this case is to Google the full name of the file and you'll usually find out what the program does and if it's legitimate or not. If there's any doubt always say no to access because it can be changed at a later date if you've made a mistake and blocked something that shouldn't be blocked.

Free antivirus programs are OK, but they do not compare to paid for products. AVG and Avast are the best choices if you don't want to pay, but in tests they are nowhere near as effective as something like Kaspersky. If you value your data it's worth obtaining a copy of a good antivirus program, because in the worst case it could save you from literally losing everything. Most viruses these days are in the form of self-replicating worms, but there are still plenty of destructive viruses out there with new ones appearing every day.

Liam · October 12, 2005

Your PC needs more cleaning than this... computers have been identified as a major culprit for spreading disease and infection.

Turn your keyboard upside down on a piece of paper, and bang it hard, three times. I defy you not to retch when you see the shit that comes out. Urgggggghhhhhhh

A friend of mine once ran a business cleaning PC's. No word of a lie, they charged Â£10 to clean a keyboard. FLOL! Most keyboards can be REPLACED for less.

muzzell · February 14, 2006

cool nice1 for that. I got rid of some shit. heres that hijack thing'y if you can help anymore.

Safe

ogfile of HijackThis v1.99.1

Scan saved at 09:48:21, on 08/02/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

C:\WINDOWS\system32\ZONELABS\vsmon.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Common Files\CMEII\CMESys.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe

C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\PrecisionTime\PrecisionTime.exe

C:\Program Files\Date Manager\DateManager.exe

C:\Program Files\Common Files\GMT\GMT.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\Lyne\Desktop\RegSeeker\RegSeeker.exe

C:\Documents and Settings\Lyne\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentrix.com/sidecat.jsp?p=985...203521713524957

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchcentrix.com/sidecat.jsp?p=985...203521713524957

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo

F2 - REG:system.ini: Shell=Explorer.exe

O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: WZHELPER - {4E7BD74F-2B8D-469E-C0FB-EF60B19DA02A} - C:\WINDOWS\System32\wzhelper.dll

O2 - BHO: WEBALIZE - {4E7BD74F-2B8D-469E-D7E4-F660B597BF2A} - C:\WINDOWS\System32\webalize.dll

O2 - BHO: G1.GZ - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.dll (file missing)

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll

O3 - Toolbar: WEBALIZE - {4E7BD74F-2B8D-469E-D7E4-F660B597BF2A} - C:\WINDOWS\System32\webalize.dll

O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll

O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL

O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"

O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe -invisible

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [unuezci] c:\windows\system32\rcisuj.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe

O4 - HKCU\..\RunOnce: [{D32470A1-B10C-4059-BA53-CF0486F68EBC}] RunDll32.exe C:\DOCUME~1\Lyne\LOCALS~1\Temp\3.1.60.2-EasyShrx.Dll,_UninstallPlatform@16 C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup

O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe

O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095013225807

O16 - DPF: {BB0578ED-E672-4697-9663-EC5A0460B949} (SomaticCAB.Setup) - http://downloads.searchcentrix.com/install/weblz.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{E68631AA-A1A4-4450-83A1-9DB04D9C9C29}: NameServer = 195.92.195.95 195.92.195.94

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

snuff · February 14, 2006

dont forget to run em with system restore turned off......otherwise catch 22

flowerpot · February 14, 2006

Some interesting processes running there m8

(Thats justs my way of trying to sound smart,Steve will sort it)

muzzell · February 14, 2006

Some interesting processes running there m8
(Thats justs my way of trying to sound smart,Steve will sort it)
<{POST_SNAPBACK}>

owww right, so Ive been looking at to much porn! :$

flowerpot · February 14, 2006

Too much porn???I dont get it?

rygon · February 14, 2006

it seems you are running kazaa, which is where you get a lot of spyware from. (precisiontime, cms, cmeii, mysearchbar. All of these will slow your pc down..if i remember rightly there is something called diet-k which will remove these for you and still et kazaa work..if you dont want to get rid of it completely

muzzell · February 14, 2006

thanks

Infinite · February 14, 2006

back in the day when i downloaded it the ad and evil-free version was called K++ lite i think, although even with that typed in a search engine you'll have to trawl through a lot of dirty versions.

Steve · February 15, 2006

OK mate, before you start, go to Add or Remove Programs and uninstall the following if found: -

Kazaa

Precision Time

Gain

Gator

MSN Toolbar

MSN Apps

MySearch

MysearchBar

SearchCentrix

Webalize

FastFind

SideBar

DateManager

If you do have Kazaa installed, make sure you move all your files out of the Kazaa shared folder or you will lose them all in the uninstall process. If you do uninstall anything, reboot the PC before you continue.

Download CCleaner from this site, install it, but don't run it yet: -

http://www.ccleaner.com

Run HijackThis and check off all of the following (if they still show up in the scan): -