Spyware Removal

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

CoasterFreak

Thread Starter
Joined
Aug 22, 2003
Messages
2,330
First Name
Everett
Here is my HijackThis Log:
(Can you help me remove uneccesarry items (spyware/adware, etc.) thnx.

Logfile of HijackThis v1.96.1
Scan saved at 6:56:44 PM, on 10/9/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\CREATACARD\GOLD\FMREMIND.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\STOP-THE-POP\STOPTHEPOP.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.passthison.com/r2/?http://www.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.prodigy.net:8080;http=proxy.prodigy.net:8080;http=proxy.prodigy.net:8080;http=proxy.prodigy.net:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.prodigy.net;enroll.prodigy.net;enroll-isp.prodigy.net
F1 - win.ini: run=hpfsched
O2 - BHO: Httper - {A5483501-070C-41DD-AF44-9BD8864B3015} - C:\PROGRAM FILES\HTTPER\HTTPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [WorksFUD] c:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [ICSDCLT] c:\windows\rundll32.exe c:\windows\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\PROGRAM FILES\STOP-THE-POP\STOPTHEPOP.EXE" -minimized
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] c:\windows\SYSTEM\ssdpsrv.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRAM FILES\SYSTEM SOAP PRO\SOAP.exe min
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: reg.hta
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Gold\FMRemind.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpe: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pptproactauthakamai/systemsoappro.cab
 

CoasterFreak

Thread Starter
Joined
Aug 22, 2003
Messages
2,330
First Name
Everett
o yea, pass this on is keeping me from browsing web pages (thought i would add that)
 
Joined
Jul 26, 2002
Messages
46,331
thugedout

First you should got to Add/Remove programs and uninstall System Soap Pro (SSP)and ZipClix

Run Hijack This again and put a check by these. Close all browser windows and "Fix checked"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.passthison.com/r2/?http://www.msn.com/

O2 - BHO: Httper - {A5483501-070C-41DD-AF44-9BD8864B3015} - C:\PROGRAM FILES\HTTPER\HTTPER.DLL

O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup

O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRAM FILES\SYSTEM SOAP PRO\SOAP.exe min

O4 - Startup: reg.hta

O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/s...stemsoappro.cab

Restart to Safe Mode: press f8 on startup and select Safe Mode from the boot menu.

In Safe Mode click Start, Run and type in "explorer" without the quotes. Navigate to the folder C:\Documents and Settings\All Users\Start Menu\Programs\Startup and delete:

reg.hta
 
Joined
Oct 9, 2003
Messages
1
Hi,
I have spyware search and destroy, but when I start the searching process, it passes over things like "XXX dialer" and other porn crap. It does not get rid of these things. I would like to get rid of this crap,lol. Can anyone recommend a more comprehensive (free) program I can use??? I really need help!!!
 
Joined
Aug 18, 2003
Messages
2,438
Download the free Ad-Aware 6 Personal Build 181 and have it do a thorough cleaning of your unwanted files: http://www.lavasoft.de/support/download/

Launch the program ... on the start-up screen, you will need to first run the Webupdate Feature (globe at the top), or click "check for updates" to get the Reference File up to date.

Please use the Custom Scan with Memory and Both registry scans ON. Also.... make sure that you activate IN-DEPTH scanning before you proceed.

Then see that you have these options checked:
Under Ad-Aware 6 Settings, Tweaks, Scanning Engine:
"Unload recognized processes during scanning."
Under Ad-Aware 6 Settings, Tweaks, Cleaning Engine:
"Let Windows remove files in use after reboot."

Next ...

Run Ad-Aware 6.
Mark the objects you wish to eliminate for removal. There are many options available with a right-click.
Make a Quarantine only if you do not have the Auto-Quarantine option ON.
Then choose "Next" to remove the chosen objects.
Finally ... Reboot

Please read http://forums.techguy.org/t164245/s.html for further instructions, settings , etc.

Once you are cleaned up, you might want to visit http://www.wilderssecurity.net/index.html and download the following:

SpywareBlaster v2.6.1
SpywareGuard v2.2

These will prevent Active-X drive-by installations, as well as provide real-time browser hijacking protection.

Lastly, consider installing IE-SPYAD, a registry file that adds a long list of known crapware to the Restricted Sites of your Internet Explorer: http://www.staff.uiuc.edu/~ehowes/resource.htm
 
Joined
Jul 26, 2002
Messages
46,331
mgrl345

Welcome to TSG!

After running Adaware please do this. Go here http://www.tomcoyote.org/hjt/ and download Hijack This. Un Zip it and click on the Hijackthis.exe.

Click the "Scan" button when the scan is finished the scan button will become "Save Log" click that and save the log.

Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

Do NOT have Hijack This fix anything yet. Most of what it finds will be harmless. Someone here will be glad to advise you on what to fix.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top