| reply to John2g
HELP! Hi!
im all stressed and now confuse how to remove this crap spyware from my pc... its slowing down in net service too  :[
ive went thru many pages but now im really tired and get read 100s of replies now
can any kind person please free me??
can anyone pls post here how i can get rid of it? ive also checked the add/remove stuff in control panel but this anthology or accelaration stuff is not there at all to remove :[
SOMEONE PLEASE HELP!
.
[text was edited by author 2003-09-29 14:17:08]
[text was edited by author 2003-09-29 14:21:56] |
|
|
|
 John2gQui Tacet ConsentitPremium
join:2001-08-10
England | said by not_stressed:
Hi!
im all stressed and now confuse how to remove this crap spyware from my pc... its slowing down in net service too :[
ive went thru many pages but now im really tired and get read 100s of replies now
can any kind person please free me??
can anyone pls post here how i can get rid of it? ive also checked the add/remove stuff in control panel but this anthology or accelaration stuff is not there at all to remove :[
SOMEONE PLEASE HELP!
.
Have you read the PestPatrol info? I posted a link in the first post in this thread. It tells you what needs removing.
HTH.
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. |
|
 sigPremium
join:2001-05-05 | reply to not_stressed
Adaware and SpyBot Search and Destroy (both free) should remove StopSign. Also, Pest Patrol linked to above said it does also. I imagine they have a free trial evaluation version but don't know if it's limited in function or just to a trial period. Whichever app you choose to install, download the latest updates before you run it. |
|
| Thank you guys
but pestpatrol doesnt delete cos its trial version and adaware and spybot deleted them but then that stupid stop sign pops up again ask if i wanna finish my scan
also i cant see so many files like it is said in pestpatrol site |
|
| stressed,
Please download and run this free program so we can see what is running at startup.
HijackThis v1.97
Download *Hijack This!* »www.tomcoyote.org/hjt/
Unzip, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet. Just post the results of the scan, and someone here can help you determine what is safe to fix.
Edit: BTW, Welcome! to DSLR/BBR.
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum
[text was edited by author 2003-09-29 15:44:44] |
|
| thank you!... im downloading it now
will you give an update in a few mins. |
|
| FILES.... Logfile of HijackThis v1.97.2
Scan saved at 3:45:36 PM, on 9/29/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\WINDOWS\System32\regsvc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE
C:\PROGRA~1\ACCELE~1\SYSTEM~1\sys_alert.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PESTPA~1\PPCONT~1.EXE
C:\PROGRA~1\PESTPA~1\pestpatrol.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\user\Local Settings\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = »www.free-popup-killer.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = »www.free-popup-killer.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »rd.yahoo.com/customize/ymsgr/def···ahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = »www.free-popup-killer.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »www.free-popup-killer.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »rd.yahoo.com/customize/ymsgr/def···ahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »rd.yahoo.com/customize/ymsgr/def···ahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = »www.free-popup-killer.com/ie/?q=%s
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\nalb1jz0.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\ycomp5_1_2_0.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\ycomp5_1_2_0.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [MSRegSvc] C:\WINDOWS\System32\regsvc32.exe
O4 - HKLM\..\Run: [regsvc32] C:\WINDOWS\System32\regsvc32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MCCInstall] D:\Intro\AA\MCCInstall\English\MCCInstall.exe -Step=15
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WebScan] C:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k
O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\SYSTEM~1\sys_alert.exe /Startup
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKCU\..\Run: [Terminate Popup] C:\Program Files\Free-Popup-Killer\fpuk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: RealGuide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: Yahoo! Dominoes - »download.games.yahoo.com/games/c···t4_x.cab
O16 - DPF: Yahoo! Hearts - »download.games.yahoo.com/games/c···t0_x.cab
O16 - DPF: Yahoo! Literati - »download.games.yahoo.com/games/c···t0_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - »www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - »www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - »download.macromedia.com/pub/shoc···r/sw.cab
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - »www.stop-sign.com/pub/download/s···cnry.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - »security.symantec.com/sscv6/Shar···niff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - »download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - »a1540.g.akamai.net/7/1540/52/200···ller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - »207.188.7.150/189a53781d949391c0···E601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - »security.symantec.com/sscv6/Shar···absa.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - »v4.windowsupdate.microsoft.com/C···27430556
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - »us.dl1.yimg.com/download.yahoo.c···0727.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »download.macromedia.com/pub/shoc···lash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - »us.dl1.yimg.com/download.yahoo.c···_2_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FDDC7B7-6D64-4B6A-BDA3-9898E07A44C2}: NameServer = 207.236.176.12 198.235.216.110
O17 - HKLM\System\CS1\Services\Tcpip\..\{4FDDC7B7-6D64-4B6A-BDA3-9898E07A44C2}: NameServer = 207.236.176.12 198.235.216.110 |
|
| gosh! what are these files?
john thanks for the link...
its that crap stuffs help page i suppose |
|
