rygon Posted August 27, 2005 Share Posted August 27, 2005 as theres been loads of posts relating to this i thought i'd help others out... slow as fuck pc...riddled with spyware..then try me. 1st of all download these programs. cwshredder http://www.trendmicro.com/ftp/products/onl.../cwshredder.exe adawarehttp://www.download.com/3001-8022_4-10399602.html ccleanerhttp://www.filehippo.com/download/file/37c.../ccsetup122.exe regseekerhttp://downloads.pcworld.com/pub/new/utili..._/RegSeeker.zip hijack thishttp://www.merijn.org/files/hijackthis.zip to me these are the main programs you need to remove spyware etc off you pc. most of these files should be self explanitory once you have installed them, if not pls pm myself or a mod who could help and insert a bit of txt in this post to help yourself and others. 1st run cwshredder. this will get rid of a thing called coolwebsearch. it hijacks your home page directing you to other unwanted sites. next run adaware. this will remove spyware and trojans from you pc. Some ppl use spybot as well but i never feel the need to (spybot can be found at this link http://www.download.com/3001-8022_4-10401314.html , it is pretty useful) next run ccleaner. once finished run regseeker. this will be deleting files you may need so backup before deleting (backups will be prompted if you press the delete button on these program)in ccleaner there are 3 different areas you can delete files from (windows, applications and issues...i delete from all of them) regseeker allows you to do other things as well as clean the registry..have a play with it and see...backup before doing anything and you can always undo your mistakes. your pc should be pretty clean now...if you find you are still experiencing a slow pc or just wanna make sure that everything is ok run hijack this and save the log. This ca then be posted here http://www.digitalvertigo.co.uk/index.php?showtopic=90 DO NOT REMOVE ANYTHING YOU ARE UNSURE ABOUT...THIS CAN SERIOUSLY DAMAGE YOUR PC thats it for cleaning shit off ya pc..i havent talked about antivirus' and firewalls..except you need them both..theres free ones to be d/l. zonealarm comes to mind as a free firewall (and also SP2 has a built in one)AVG is a free antivirus which can be used. I prefer to go with the payable ones as it gives you a bit more security...try sygate firewall and kaspersky antivirus. i find these the best as do many others (word of warning..remove one anti virus before installing another..i didnt and it buggered my pc up for a bit) hope that helps..any admin feel free to edit this post Quote Link to comment Share on other sites More sharing options...
Steve Posted August 28, 2005 Share Posted August 28, 2005 Good post mate, although I think RegSeeker should only be run once the PC is spyware/virus free. I'd run the programs in this order: - Ad-AwareCWShredderCCleaner Then if you still have problems post a HijackThis log. Once the PC is free of rubbish, run RegSeeker to remove any orphaned registry entries. Once that's done it's a good idea to run NTRegOpt to compact the registry. If you learn how to use HijackThis, it's pretty much the only tool you need to remove spyware/viruses/trojans. Ad-Aware and CWShredder work by using reference files containing common spyware. Obviously the person writing the spyware has access to these reference files and can make sure their next batch of scumware isn't detected. They are still useful programs though because they automate the removal process and on a badly infected machine, they'll get rid of a lot of rubbish making the HijackThis log easier to analyse. As far is firewalls are concerned, the one built into XP is inadequate. A good firewall works by analysing incoming and outgoing traffic. The XP firewall only analyses and blocks incoming traffic so if you are unlucky enough to get a trojan it can make an outbound connection to the Internet. Sygate make a free version of their firewall which can be downloaded HERE. A firewall only works if it's set up correctly. After installing Sygate, any time a program wants to access the Internet, a box will appear asking if you want to allow it or not. If it's Firefox for example, you can say yes and check a box so you're not asked again. You would do a similar thing with all the software you know and trust. If a box pops up asking if "pop_downloader_setup.exe" can have access for example, you might not know what it is. The best thing to do in this case is to Google the full name of the file and you'll usually find out what the program does and if it's legitimate or not. If there's any doubt always say no to access because it can be changed at a later date if you've made a mistake and blocked something that shouldn't be blocked. Free antivirus programs are OK, but they do not compare to paid for products. AVG and Avast are the best choices if you don't want to pay, but in tests they are nowhere near as effective as something like Kaspersky. If you value your data it's worth obtaining a copy of a good antivirus program, because in the worst case it could save you from literally losing everything. Most viruses these days are in the form of self-replicating worms, but there are still plenty of destructive viruses out there with new ones appearing every day. Quote Link to comment Share on other sites More sharing options...
Liam Posted October 12, 2005 Share Posted October 12, 2005 Your PC needs more cleaning than this... computers have been identified as a major culprit for spreading disease and infection. Turn your keyboard upside down on a piece of paper, and bang it hard, three times. I defy you not to retch when you see the shit that comes out. Urgggggghhhhhhh A friend of mine once ran a business cleaning PC's. No word of a lie, they charged £10 to clean a keyboard. FLOL! Most keyboards can be REPLACED for less. Quote Link to comment Share on other sites More sharing options...
muzzell Posted February 14, 2006 Share Posted February 14, 2006 cool nice1 for that. I got rid of some shit. heres that hijack thing'y if you can help anymore. Safe ogfile of HijackThis v1.99.1Scan saved at 09:48:21, on 08/02/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\pctspk.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exeC:\WINDOWS\system32\ZONELABS\vsmon.exeC:\WINDOWS\Explorer.exeC:\Program Files\Common Files\CMEII\CMESys.exeC:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exeC:\Program Files\ScanSoft\OmniPageSE\opware32.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exeC:\Program Files\Java\jre1.5.0_01\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\PrecisionTime\PrecisionTime.exeC:\Program Files\Date Manager\DateManager.exeC:\Program Files\Common Files\GMT\GMT.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\taskmgr.exeC:\Documents and Settings\Lyne\Desktop\RegSeeker\RegSeeker.exeC:\Documents and Settings\Lyne\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentrix.com/sidecat.jsp?p=985...203521713524957R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchcentrix.com/sidecat.jsp?p=985...203521713524957R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by WanadooF2 - REG:system.ini: Shell=Explorer.exe O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: WZHELPER - {4E7BD74F-2B8D-469E-C0FB-EF60B19DA02A} - C:\WINDOWS\System32\wzhelper.dllO2 - BHO: WEBALIZE - {4E7BD74F-2B8D-469E-D7E4-F660B597BF2A} - C:\WINDOWS\System32\webalize.dllO2 - BHO: G1.GZ - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.dll (file missing)O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dllO3 - Toolbar: WEBALIZE - {4E7BD74F-2B8D-469E-D7E4-F660B597BF2A} - C:\WINDOWS\System32\webalize.dllO3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll (file missing)O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dllO3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLLO4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe -invisibleO4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exeO4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -uO4 - HKLM\..\Run: [unuezci] c:\windows\system32\rcisuj.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exeO4 - HKCU\..\RunOnce: [{D32470A1-B10C-4059-BA53-CF0486F68EBC}] RunDll32.exe C:\DOCUME~1\Lyne\LOCALS~1\Temp\3.1.60.2-EasyShrx.Dll,_UninstallPlatform@16 C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetupO4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exeO4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exeO4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htmO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095013225807O16 - DPF: {BB0578ED-E672-4697-9663-EC5A0460B949} (SomaticCAB.Setup) - http://downloads.searchcentrix.com/install/weblz.CABO17 - HKLM\System\CCS\Services\Tcpip\..\{E68631AA-A1A4-4450-83A1-9DB04D9C9C29}: NameServer = 195.92.195.95 195.92.195.94O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exeO23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exeO23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe Quote Link to comment Share on other sites More sharing options...
snuff Posted February 14, 2006 Share Posted February 14, 2006 dont forget to run em with system restore turned off......otherwise catch 22 Quote Link to comment Share on other sites More sharing options...
flowerpot Posted February 14, 2006 Share Posted February 14, 2006 Some interesting processes running there m8(Thats justs my way of trying to sound smart,Steve will sort it) Quote Link to comment Share on other sites More sharing options...
muzzell Posted February 14, 2006 Share Posted February 14, 2006 Some interesting processes running there m8(Thats justs my way of trying to sound smart,Steve will sort it)<{POST_SNAPBACK}> owww right, so Ive been looking at to much porn! :$ Quote Link to comment Share on other sites More sharing options...
flowerpot Posted February 14, 2006 Share Posted February 14, 2006 Too much porn???I dont get it? Quote Link to comment Share on other sites More sharing options...
rygon Posted February 14, 2006 Author Share Posted February 14, 2006 it seems you are running kazaa, which is where you get a lot of spyware from. (precisiontime, cms, cmeii, mysearchbar. All of these will slow your pc down..if i remember rightly there is something called diet-k which will remove these for you and still et kazaa work..if you dont want to get rid of it completely Quote Link to comment Share on other sites More sharing options...
muzzell Posted February 14, 2006 Share Posted February 14, 2006 thanks Quote Link to comment Share on other sites More sharing options...
Infinite Posted February 14, 2006 Share Posted February 14, 2006 back in the day when i downloaded it the ad and evil-free version was called K++ lite i think, although even with that typed in a search engine you'll have to trawl through a lot of dirty versions. Quote Link to comment Share on other sites More sharing options...
Steve Posted February 15, 2006 Share Posted February 15, 2006 OK mate, before you start, go to Add or Remove Programs and uninstall the following if found: - KazaaPrecision TimeGainGatorMSN ToolbarMSN AppsMySearchMysearchBarSearchCentrixWebalizeFastFindSideBarDateManager If you do have Kazaa installed, make sure you move all your files out of the Kazaa shared folder or you will lose them all in the uninstall process. If you do uninstall anything, reboot the PC before you continue. Download CCleaner from this site, install it, but don't run it yet: - http://www.ccleaner.com Run HijackThis and check off all of the following (if they still show up in the scan): - R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentrix.com/sidecat.jsp?p=985...203521713524957R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchcentrix.com/sidecat.jsp?p=985...203521713524957R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by WanadooO2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLLO2 - BHO: WZHELPER - {4E7BD74F-2B8D-469E-C0FB-EF60B19DA02A} - C:\WINDOWS\System32\wzhelper.dllO2 - BHO: WEBALIZE - {4E7BD74F-2B8D-469E-D7E4-F660B597BF2A} - C:\WINDOWS\System32\webalize.dllO2 - BHO: G1.GZ - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.dll (file missing)O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dllO3 - Toolbar: WEBALIZE - {4E7BD74F-2B8D-469E-D7E4-F660B597BF2A} - C:\WINDOWS\System32\webalize.dllO3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll (file missing)O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dllO3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLLO4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe -invisibleO4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -uO4 - HKLM\..\Run: [unuezci] c:\windows\system32\rcisuj.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exeO4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exeO4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exeO4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exeO4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exeO8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htmO16 - DPF: {BB0578ED-E672-4697-9663-EC5A0460B949} (SomaticCAB.Setup) - http://downloads.searchcentrix.com/install/weblz.CAB Close ALL other windows and hit Fix Checked. Reboot the PC into Safe Mode by tapping F8 as it's booting. Start Windows Explorer and hit Tools, then Folder Options. On the View tab, set the following like this: - Show hidden files and folders - CheckedHide extensions for known file types - NOT checkedHide protected operating system files (Recommended) - NOT checked Then hit Apply then OK. Search for the following files and folders shown in bold and delete them if found. Make sure you double check, cos if you miss one it can cause some or all of the others to come back: - C:\Program Files\MySearch C:\DOCUMENTS & SETTINGS\ALLUSERS\APPLICATION DATA\Pribi C:\DOCUMENTS & SETTINGS\ALLUSERS\APPLICATION DATA\IESERVICE C:\Program Files\MSN Apps C:\Program Files\Common Files\CMEII C:\Program Files\PrecisionTime C:\Program Files\Date Manager C:\Program Files\Common Files\GMT C:\WINDOWS\System32\wzhelper.dll C:\WINDOWS\System32\webalize.dll C:\WINDOWS\system32\spoolsvv.exe C:\windows\system32\rcisuj.exe Now run CCleaner and have it clean your drive, then reboot into regular Windows. Start Internet Explorer and hit Tools, then Internet Options. Click on the Programs tab, followed by the Reset Web Settings button. Next, click on the Security tab, then the Internet zone icon and see if the security level has been set to low. If it has, hit the Default Level button. Click on the General tab and re-enter the home page you want to use. Now you must click Apply then OK. The next thing you need to do is update Java. Download the latest version by clicking this link: - http://jdl.sun.com/webapps/download/AutoDL?BundleId=10343 Uninstall your current version via Add or Remove Programs, reboot, then install the latest version. Once you've done all that, come back and post a new log. Your machine is riddled with spyware, but thankfully no viruses. Once all the crap is removed it should run a whole lot better. Quote Link to comment Share on other sites More sharing options...
djxander Posted February 15, 2006 Share Posted February 15, 2006 fuckin awesome thread... I know what I'm doing tonight Quote Link to comment Share on other sites More sharing options...
rygon Posted February 15, 2006 Author Share Posted February 15, 2006 fuckin awesome thread... I know what I'm doing tonight <{POST_SNAPBACK}> do u remember when my smily faces turned to porn? lol yes im sure we can guess Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.