Spyware remover

Discussion in 'Computer Support' started by DaveG, Dec 30, 2003.

  1. DaveG

    DaveG Guest

    Certain applications I attempt to open are preceded by a spyware
    installer dialogue
    "spyware remover,preparing to install-please wait while windows
    configures spyware remover"
    It fails and makes a prompt for a CD.
    Is this a remnant of Spybot,now uninstalled?
    The applications are valid,purchased,others for example are demos such
    as recent Kibisis Media converter.
    What can I do to get rid of this spyware dialogue?
    I have Ad-Aware 6 installed btw.
    Thanks.
    --
    dg-2003
     
    DaveG, Dec 30, 2003
    #1
    1. Advertising

  2. DaveG

    °Mike° Guest

    SpyBot S&D is NOT "spyware remover" (sic).


    On Tue, 30 Dec 2003 03:29:48 -0000, in
    <bsqrfd$ha1$>
    DaveG scrawled:

    >Certain applications I attempt to open are preceded by a spyware
    >installer dialogue
    > "spyware remover,preparing to install-please wait while windows
    >configures spyware remover"
    >It fails and makes a prompt for a CD.
    >Is this a remnant of Spybot,now uninstalled?
    >The applications are valid,purchased,others for example are demos such
    >as recent Kibisis Media converter.
    >What can I do to get rid of this spyware dialogue?
    >I have Ad-Aware 6 installed btw.
    >Thanks.


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Dec 30, 2003
    #2
    1. Advertising

  3. DaveG

    trout Guest

    DaveG wrote:

    > Certain applications I attempt to open are preceded by a spyware
    > installer dialogue
    > "spyware remover,preparing to install-please wait while windows
    > configures spyware remover"
    > It fails and makes a prompt for a CD.
    > Is this a remnant of Spybot,now uninstalled?
    > The applications are valid,purchased,others for example are demos such
    > as recent Kibisis Media converter.
    > What can I do to get rid of this spyware dialogue?
    > I have Ad-Aware 6 installed btw.
    > Thanks.


    It's probably a 'payload' product that's come 'bundled' with another
    application. This alone, I'd consider suspicious enough to assume that
    it's spyware. It's *certainly* 'foist-ware'.
    Ironically; it would likely be detected and removed by a 'real'
    program like Spybot S&D.
    I'd re-install *that*; or try:
    Highjack This: http://www.tomcoyote.org/hjt/
    --
    "Get that machine clean."
     
    trout, Dec 30, 2003
    #3
  4. DaveG

    DaveG Guest

    Here's what it found-

    Logfile of HijackThis v1.97.7
    Scan saved at 22:17:52, on 30/12/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\GEARSEC.EXE
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hdsp32.exe
    C:\WINDOWS\System32\hdspmix.exe
    C:\Program Files\Grisoft\AVG6\avgcc32.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    D:\Program Files\ICONDESK\IconDesk.exe
    C:\Documents and Settings\DAVID G*********\My Documents\My Received
    Files\Apps\Hi_Jack\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://www.freeserve.com/iesearch/default.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.freeserve.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
    Microsoft Internet Explorer provided by Freeserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
    O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe
    /startup
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep
    0 -k
    O4 - HKLM\..\Run: [Zone Labs Client]
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - Startup: ICONDESK.lnk = D:\Program Files\ICONDESK\IconDesk.exe
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
    O15 - Trusted Zone: *.Sony-europe.com
    O15 - Trusted Zone: *.Sonystyle-europe.com
    O16 - DPF: ChatSpace Full Java Client 3.1.0.235 -
    http://chat-c1.freeserve.com/Java/cfs31235.cab
    O16 - DPF: ChatSpace Java Client 2.1.0.92N -
    http://freeserve-a1.chatspace.com/Java/cs4msn092.cab
    O16 - DPF: ChatSpace Java Client 3.1.0.222N -
    http://chat-a1.freeserve.com/Java/cmsn31222.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
    http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes
    Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
    Control) -
    http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
    http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37423.
    778900463
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    (IntraLaunch.MainControl) - file://E:\PCFormat\IntraLaunch.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
    Object) -
    http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj
    Class) -
    https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{336141DA-981B-4E6A-98B5-6A6F9289845
    8}: NameServer = 195.92.195.95 195.92.195.94

    I didn't run the "clean" ,I wanted some advice first,like why has it
    pointed out my soundcard driver and mixer-04-HDSP??
    What do you think I should do next?

    --
    dg-2003

    " I'm thinkin'- will there ever be a boy born that can swim faster
    than a shark?"- Gareth Keenan
     
    DaveG, Dec 30, 2003
    #4
  5. DaveG

    trout Guest

    DaveG wrote:

    > Here's what it found-

    <snip>

    > I didn't run the "clean" ,I wanted some advice first,like why has it
    > pointed out my soundcard driver and mixer-04-HDSP??
    > What do you think I should do next?


    Frankly; I'd wait until I got the opinion of someone that knows more
    about this than I do. There's a couple of hinky-looking things that I'd
    take a whack at on *my* computer, but I don't want to take the blame for
    yours.
    --
    "There *are* more specific forums, if you don't get a reply in this
    thread."
     
    trout, Dec 30, 2003
    #5
  6. DaveG

    °Mike° Guest

    On Tue, 30 Dec 2003 22:22:37 -0000, in
    <bsstrd$mi8$>
    DaveG scrawled:

    >Here's what it found-
    >
    >Logfile of HijackThis v1.97.7


    <snip>

    >O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    >(IntraLaunch.MainControl) - file://E:\PCFormat\IntraLaunch.CAB


    Have HijackThis fix the above.

    <snip>

    >I didn't run the "clean" ,I wanted some advice first,like why has it
    >pointed out my soundcard driver and mixer-04-HDSP??
    >What do you think I should do next?


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Dec 30, 2003
    #6
  7. DaveG

    DaveG Guest

    "°Mike°" <> wrote in message
    news:...
    > On Tue, 30 Dec 2003 22:22:37 -0000, in
    > <bsstrd$mi8$>
    > DaveG scrawled:
    >
    > >Here's what it found-
    > >
    > >Logfile of HijackThis v1.97.7

    >
    > <snip>
    >
    > >O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    > >(IntraLaunch.MainControl) - file://E:\PCFormat\IntraLaunch.CAB

    >
    > Have HijackThis fix the above.


    Done.
    What was that °Mike°??

    --

    dg-2003
     
    DaveG, Dec 31, 2003
    #7
  8. DaveG

    DaveG Guest

    "trout" <> wrote in message
    news:bst1m6$162sh$-berlin.de...
    >
    > Frankly; I'd wait until I got the opinion of someone that knows

    more
    > about this than I do. There's a couple of hinky-looking things that

    I'd
    > take a whack at on *my* computer, but I don't want to take the blame

    for
    > yours.


    Posted to "alt.privacy.spyware" thanks,any other places worth
    considering with regard to this problem?
    Many thanks.

    --
    dg-2003

    " I'm thinkin'- will there ever be a boy born that can swim faster
    than a shark?"- Gareth Keenan
     
    DaveG, Dec 31, 2003
    #8
  9. DaveG

    °Mike° Guest

    On Wed, 31 Dec 2003 00:25:18 -0000, in
    <bst51f$lvb$>
    DaveG scrawled:

    >"°Mike°" <> wrote in message
    >news:...
    >> On Tue, 30 Dec 2003 22:22:37 -0000, in
    >> <bsstrd$mi8$>
    >> DaveG scrawled:
    >>
    >> >Here's what it found-
    >> >
    >> >Logfile of HijackThis v1.97.7

    >>
    >> <snip>
    >>
    >> >O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    >> >(IntraLaunch.MainControl) - file://E:\PCFormat\IntraLaunch.CAB

    >>
    >> Have HijackThis fix the above.

    >
    >Done.
    >What was that °Mike°??


    It's an IE ActiveX control that can allow:
    ".. web page links to execute anything from applications to associations
    such as Word or Acrobat PDF documents both locally and across a
    network without prompts or security warnings."


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Dec 31, 2003
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. using wart remover (17%) for acne?

    , Aug 14, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    617
  2. a-makanji

    looking 4 a good spyware remover

    a-makanji, Jun 2, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    511
  3. A MAK

    best free spyware remover

    A MAK, Jun 5, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    735
    sethra
    Jun 5, 2004
  4. aretired

    Spyware Remover

    aretired, Oct 27, 2004, in forum: Computer Support
    Replies:
    6
    Views:
    540
    °Mike°
    Oct 27, 2004
  5. Nowhere

    microsoft spyware remover

    Nowhere, Mar 7, 2005, in forum: Computer Support
    Replies:
    2
    Views:
    486
    ~Brian~
    Mar 7, 2005
Loading...

Share This Page