| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 46437 | 2004-06-23 21:36:00 | very slow removal | brandybottle (5805) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 247147 | 2004-06-24 23:31:00 | oh dear I forgot to answer the question Yes my window op is windows me | brandybottle (5805) | ||
| 247148 | 2004-06-24 23:40:00 | Manually deleting it is fine, but you must unregister it first. The manual instructions are given in the link I posted above. Unregistering of the dll is also explained from that page. You have to actually find and note down -exactly- where the stumbleapon.dll file is first. Have you done that? |
godfather (25) | ||
| 247149 | 2004-06-25 00:46:00 | thank you for you suggestion to manually delete/uninstal stumbleupon. I do not feel confident enough to take on the task to do it manually. I just get confused with the file names and my short term memory is not good at times. Is there any other way I could do it? I know stumbleupon is eating up my memory. I have run pestpatrol and nothing come up. I have a shampoo programme that says it cleans the registry and there is nothing there. All this came about when I ran spysweeper. It said there was stumbleupon and Alexia on my computer. I ran it but it took for ever to remover stumbleupon only 30% so I closed it down. If all these remove programmes except spy sweeper say it is not there, maybe it has gone? I am not ok when it comes to threads etc. I have copied and pasted stumbleupon.dll on to the search facility but it said there was nothing there either. I apologize for my lack of skill. kind regards |
brandybottle (5805) | ||
| 247150 | 2004-06-25 01:15:00 | Download HiJackThis from here: www.spychecker.com Save the program to a folder (My Documents is OK) and run the program. Select Scan, then Save Log A logfile will open up in Notepad, save this also to my documents, but highlight the entire text and copy it as a post back here as a reply. That will tell us (and you) just what is running, and where it is located. |
godfather (25) | ||
| 247151 | 2004-06-25 01:18:00 | If you cant find the dll file you might need to enable viewing of hidden and system files. Do this in Win Explorer, Tools, Folder Options, View tab. Try another search for 'stumbleupon' and see what comes up. Don't worry about "lack of skill" just take your time and work through things one step at a time. ;-) |
Fire-and-Ice (3910) | ||
| 247152 | 2004-06-25 01:44:00 | Logfile of HijackThis v1.97.7 Scan saved at 12:41:11 PM, on 25/06/2004 Platform: Windows ME (Win9x 4.90.3000A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\ATICWD32.EXE C:\WINDOWS\SYSTEM\ATITASK.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\TINYSPELL\TINYSPELL.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE C:\PROGRAM FILES\WORDWEB\WWEB32.EXE C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE C:\MY DOCUMENTS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = search.presario.net R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = xtra.co.nz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = search.presario.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = search.presario.net R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = search.yahoo.com F1 - win.ini: run=C:\CPQS\BACKWEB\HELP\QRUNQ.PIF, O2 - BHO: (no name) - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe O4 - HKLM\..\Run: [AtiKey] Atitask.exe O4 - HKLM\..\Run: [Essdc] essdc.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN O4 - HKLM\..\Run: [Introduction-Registration] C:\PROGRA~1\INTROREG\RUNALL.EXE O4 - HKLM\..\Run: [PCHealth] c:\windows\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKCU\..\Run: [tinySpell] C:\PROGRAM FILES\TINYSPELL\tinyspell.exe O4 - HKCU\..\Run: [Systweak Wallpaper Changer] wallpaper.exe -minimize O4 - HKCU\..\Run: [SurfSecret] C:\Program Files\SurfSecret\Privacy Protector\SS2-TRIAL.exe /min O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - v4.windowsupdate.microsoft.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - download.macromedia.com O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - download.macromedia.com O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.imgfarm.com O16 - DPF: ppctlcab - www.pestscan.com O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - www.surfsecret.com O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - www.pestscan.com |
brandybottle (5805) | ||
| 247153 | 2004-06-25 02:56:00 | As you will see for yourself, there is no sign of stumbleupon running there. One or two items running that don't need to be probably, but nothing I see is of concern. If it was there, it would have an entry like this: O3 - Toolbar: StumbleUpon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL |
godfather (25) | ||
| 247154 | 2004-06-25 03:30:00 | hope I have done it right. Logfile of HijackThis v1.97.7 Scan saved at 12:41:11 PM, on 25/06/2004 Platform: Windows ME (Win9x 4.90.3000A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\ATICWD32.EXE C:\WINDOWS\SYSTEM\ATITASK.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\TINYSPELL\TINYSPELL.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE C:\PROGRAM FILES\WORDWEB\WWEB32.EXE C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE C:\MY DOCUMENTS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = search.presario.net R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = xtra.co.nz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = search.presario.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = search.presario.net R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = search.yahoo.com F1 - win.ini: run=C:\CPQS\BACKWEB\HELP\QRUNQ.PIF, O2 - BHO: (no name) - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe O4 - HKLM\..\Run: [AtiKey] Atitask.exe O4 - HKLM\..\Run: [Essdc] essdc.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN O4 - HKLM\..\Run: [Introduction-Registration] C:\PROGRA~1\INTROREG\RUNALL.EXE O4 - HKLM\..\Run: [PCHealth] c:\windows\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKCU\..\Run: [tinySpell] C:\PROGRAM FILES\TINYSPELL\tinyspell.exe O4 - HKCU\..\Run: [Systweak Wallpaper Changer] wallpaper.exe -minimize O4 - HKCU\..\Run: [SurfSecret] C:\Program Files\SurfSecret\Privacy Protector\SS2-TRIAL.exe /min O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - v4.windowsupdate.microsoft.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - download.macromedia.com O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - download.macromedia.com O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.imgfarm.com O16 - DPF: ppctlcab - www.pestscan.com O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - www.surfsecret.com O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - www.pestscan.com |
brandybottle (5805) | ||
| 247155 | 2004-06-25 05:40:00 | maybe leave the computer on overnight with spysweeper running? | Megaman (344) | ||
| 247156 | 2004-06-25 08:50:00 | Thank you so much for your help and concern. I will leave things as they are as maybe I am worried about a storm in a teacup. Thanks again |
brandybottle (5805) | ||
| 1 2 3 | |||||