Ive had enough spyware

July 1st, 2004, 4:23 pm

That's good. That reg key is probably harmless now but I'd feel better if it was gone.

I'd recommend you install spywareblaster. It will greatly reduce the risk of future infection.

http://www.javacoolsoftware.com/spywareblaster.html

Install and update, then enable all protection. It won't use up any system resources. ie it doesn't run in the background.

It comes with protection for IE and Mozilla/Firefox.

July 1st, 2004, 4:33 pm

yeah i took your advise before and got the spyware blaster, realy nice layout and easy to set up. Thanks again for everything.

July 1st, 2004, 4:41 pm

beings wrote:

the Network Security Service isnt in the services anymore. for the permisions should i allow full control? it is on "read" at the molment

Full control will be fine since you are going to delete it anyway.

Glad everything helped.

July 1st, 2004, 4:49 pm

ok that worked... i hate to be a pest but how do i properly uninstall internet explorer, i cant find an IE uninstal.exe nor can i find it in add/remove programs, i see the update in add/remove programs but not the entire program.

July 1st, 2004, 5:13 pm

You can't really remove it. Some components can be removed but the core files are integrated into the OS. I've heard of people trying to completely remove it but it ended being more trouble than it's worth. Best to leave it.

From http://support.microsoft.com/default.as ... us;q293907

Quote:

NOTE: Internet Explorer 6 is preinstalled by default in all versions of Windows XP. To provide computer manufacturers greater flexibility in configuring desktop versions of Windows XP, Microsoft has made it possible for OEMs, administrators, and users to remove user access to Internet Explorer while leaving the Internet Explorer code intact and fully functional to ensure the functionality of programs and operating system functions that rely on it.

July 1st, 2004, 5:21 pm

Ok thank you so much for everything. i guess internet explorer doesnt suck too much of my system speed. having both firefox and explorer should be all right. il make firefox default. Thanks again.

July 2nd, 2004, 1:31 am

If you use Windows Updates, you'll need to keep IE installed. Windows Update doesn't work with other browsers.

I don't update through WU myself but I do use the scan occasionally to see if any new criticals are offered.

July 2nd, 2004, 2:37 am

beings wrote:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\syshn32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\sdkxa32.exe
C:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Tristan\Desktop\hjtlog.exe
c:\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vzwhh.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://vzwhh.dll/index.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://vzwhh.dll/index.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vzwhh.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://vzwhh.dll/index.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vzwhh.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {006822A7-054C-D4E1-5DD5-312044BEE60E} - C:\WINDOWS\system32\atlcc.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sdkxa32.exe] C:\WINDOWS\system32\sdkxa32.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - User Startup: PowerReg Scheduler V3.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_41.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdat ... t/opuc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/24fbdb2a143 ... xIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/softwar ... launch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/contr ... assCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab

July 2nd, 2004, 2:51 am

I use Spybot, Spy Sweeper (paid), Adaware, and Spyware Buster.
all but Spy Sweeper is free.
Spyware Buster is free but if you want to have your comuter automatically updated with latest definitions then it is 9.95 a year and well worth it. What it does it blocks your computer from downloading all the spyware that is in their data base and they have tons of it.

Since I started useing it, I have not had any spyware and up to that point I had tons of it. The spyware was just messing up everything and poping up all kinds of adds and taking me against my will to wherever it wanted to.

I also ran hijackthis and posted my log on their forum. They helped me clean out my registry, telling me what to delte. It worked and did not harm anything like someone else said. You don't want to delete it without them telling you what to delete.

I also deleted messenger service. There is a program called shootthemessenger that allows you to disable it. I went one step further and went to Kelleys korner and clicked on the option to delete it all together. I also went to the start up in msconfig and unchecked for messenger to start up.


Windows messenger is real bad about pop ups and adds etc.

July 2nd, 2004, 12:35 pm

yeah that messenger thing was realy bad, i got rid of it about 2 years ago.