Highjackthis and spyware removal resources and tips.

  • Byrddog
  • Beginner
  • Beginner
  • Byrddog
  • Posts: 41
  • Loc: New Jersey, USA

Post 3+ Months Ago

free download manager is a decent one and from what my roomate tells me contains no adware. search it on - c-net to find the download.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • blink182av
  • Guru
  • Guru
  • blink182av
  • Posts: 1258
  • Loc: New York

Post 3+ Months Ago

avast! Self-Cleaner
This tool is made by the anti-virus company "avast!" This will search your whole computer thoroughly. Any viruses that it picks up will be reported to you.

http://files.avast.com/files/eng/aswclnr.exe
  • jona69
  • Born
  • Born
  • jona69
  • Posts: 2

Post 3+ Months Ago

Logfile of HijackThis v1.99.1
Scan saved at 9:13:44 PM, on 12/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ASUSKBService.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Rediff Bol\RediffMessenger.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\jona\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=219.142.40.82:80
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: Underground Toolbar - {CCA00000-0000-0000-0000-000000000000} - C:\PROGRA~1\UNDERG~1\update.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{88D76665-037B-4E6B-9C41-988AF85E15F5}: NameServer = 140.114.63.1,140.114.64.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F32CAD17-6D7A-4BFC-89DE-6F991140D89A}: NameServer = 140.114.63.1,140.114.64.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ASUSKBService.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • pramitroy
  • Guru
  • Guru
  • pramitroy
  • Posts: 1284

Post 3+ Months Ago

I would suggest you to read these before posting HijackThis log
http://www.ozzu.com/mswindows-forum/steps-take-before-posting-your-hijack-this-log-t34568.html
http://www.ozzu.com/mswindows-forum/highjackthis-and-spyware-removal-resources-and-tips-t31034.html

Then please create a new topic, describe in brief about the problem and post a fresh new log(full log along with the header). It is better for many of the cases to take a log in safe mode.

Well, it doesnt show up any potetially dangerous entry. You can fix this instead.
Quote:
O3 - Toolbar: Underground Toolbar - {CCA00000-0000-0000-0000-000000000000} - C:\PROGRA~1\UNDERG~1\update.dll
Though this toolbar removal is under debate but I suggest to delete that
  • littlephoenix
  • Graduate
  • Graduate
  • User avatar
  • Posts: 147

Post 3+ Months Ago

Avast is great yes, but I have found AVG to be a little more friendly, fast and is updated frequently by their servers, you can get it from http://www.softe.org along with other tools for spyware removal and such,
remember to use a firewall, I use Filseclab, its free and gives super protection, you can also get that at softe.org

good luck
  • cnun
  • Novice
  • Novice
  • cnun
  • Posts: 21

Post 3+ Months Ago

try sypwareterminator , i highly recommend it.
  • malaysiamanufac
  • Born
  • Born
  • malaysiamanufac
  • Posts: 3

Post 3+ Months Ago

I am using Spyware terminator and i found it is better than Spybot S&D
  • pearl5
  • Novice
  • Novice
  • pearl5
  • Posts: 29

Post 3+ Months Ago

great link mate! it is the right time to patch my OS!
  • Latindesign
  • Novice
  • Novice
  • Latindesign
  • Posts: 21
  • Loc: Bogotá

Post 3+ Months Ago

Hi!

Well, I've had good results with these two tools:

- SpywareBlaster.
- Spybot S&D.

They're for free, by the way.
Hope they're useful!
  • faith1986
  • Born
  • Born
  • faith1986
  • Posts: 2

Post 3+ Months Ago

Wooow, this is an amazing list!

If you allow me I have another FREE links:

AVG Free Anti-Spyware
PC Tools Antivirus
Infected Or Not
Panda ActiveScan

Cheers
  • jamestcs2
  • Novice
  • Novice
  • jamestcs2
  • Posts: 20

Post 3+ Months Ago

faith1986 wrote:
Wooow, this is an amazing list!

If you allow me I have another FREE links:

AVG Free Anti-Spyware
PC Tools Antivirus
Infected Or Not
Panda ActiveScan

Cheers


Which is better from the list you recommend ? I am finding a free and good anti-virus because I suspect my computer is infected but my current spybot search and destory cannot detect it.
  • bodom321
  • Graduate
  • Graduate
  • bodom321
  • Posts: 141

Post 3+ Months Ago

hi guys, i am one of the new members of this forum and i really like it cause i can share my knowledge with you and i also learn some new tricks.
anyway, i've been reading this threat and is interesting; however, i decided i wanna share some other tricks to defeat viruses, spyware and trojans.

all your tips are very good but sometimes anti-viruses and other programs can get the job done completely, i know this, for i got infected with a program that totally hijacked my computer at work and it did a mess with my computer, eventually i tried to use my anti-spyware (windows defender, ad-aware etc) but none of these tools helped me at all. if you have similar problems to the ones i just described then don't get crazy. try to get as much information as you can from those programs, such as the name of the virus etc, (the most important part to me). and if the location of the files.

this information is really important, for you can get more information from there. so how can you get rid of those programs with that information and a few other tricks. well the first thing i would do is to try to get as much info as i can (like i said) then try to deny your system to access those files. sometimes you can't delete the files that belong to the virus because the system itself is using them. you can try to kill explorer.exe and then try to delete the files from the command prompt, but if you can't then use a program called "UNLOCKER" that program is great to unlock filed that are bing use in your system, after you unlock those files you will be probably be able to delete them without any problems.

if you can't do that then like i said try to deny your system to access those files, so how can you do this, well this is gonna work in windows xp pro and 2003, it is not gonna work in home edition unless you use the command prompt.

to deny access to fiules just go to the the folder options then go to view and uncheck the box that says"use simple file sharing"
that is gonna create a new tab in the properties of all the files in your computer, the tab name is "security" if you know about that is not a big deal but it is off by default in windows. now right click omn the files that belong to the virus or trojan and go to properties and click on the security tab. there you can deny access tyo any user account to that files (not recommended if you are trying to use that for security against other admin users, for they can override that security, for they have admin rights) anyway, there just uncheck the box that allow your system to access those files and check the one that says "deny";likewise, only let checked the box that allow your username to acccess that files.

after you do that with all the files that belong to the virus, just reboot your computer. after that your computer will not be able to access those files because you just denied access to them, then just go to the location of those files and delete them manually. this is a great trick that has worked for me 100%, i figured it out how to do this, when i got infected by a piece of spyware that no antyspyware could delete.

after you do this then, run your antivirus or antispyware to delete the mini files that are not working anymore because you don't have the main files that were infecting your computer, now your antivirus should not have any problems deleting the rest of the files such as registry keys and things like those.

2) another tip i would suggest is to use bootable operating systems such as knoppix or your own bootable cd such as the one that you can create with "pebuilder". PEBUILDER is a great program to create your own windows bootable cds, as you might already know there are many portable antiviruses and antispyware, so you can use them from your bootable cd and delete all the viruses that are in your computer, this will work pretty good because your system is not gonna be using the files, for you are using your system to run your bootable operating system not the one installed in your hard drive. Likewise, you can delete the files manually once you know where they are and the name of them. if you decide to built your windows bootable cd with pebuilder, look for the hundreds and hunderds of plugins for your cd, there are plugins even to create admin accounts in your operating system that is install in your computer, this is great when you can't remember your administrator password or when you wanna bet the password of other accounts in the computer by getting the hashes from your new admin account and cracking them.

another tool you can use is one of those "hiren's versions" that are out there, this is basically the same as having a bootable cd, but the only difference is that "hiren" has the antiviruses included within it, and some other great tools such as poartition magic and some other recovery programs.

another great tool that i love is a progrtam called "sandboxie" http://www.sandboxie.com/

this program is great because it creates a buffer in your computer in which you can run programs, when you run the program in that buffer created by sandboxie, the program is not able to infect, damage or affect your computer. so for instance if you think you might be getting viruses from your internet explorer, you can run internet explorer or mozilla from sandboxie,so that all the coockies, viruses, activex programs, or any other program that think you get from the net throught your browser will be totally delete it when you close sandproxy, all those viruses will go directly to the buffer, so they will never touch your any files in your hard drive. those viruses or program will not have any power on your computer because they are not written in your hard driove, but in the buffer. it is also great to test programs such as viruses and programs that you think are trojans etc.

also try to check what ports are open in your computer, for it can help you to see if you have a backdoor open in your computer, this is not gonna guaranty you don't have a trojan, for they can hide themselves sometimes; however, it will help you to find the ones that are not hiding from you. it is also good to take a snapshot of the processes running in your computer, just open your taskbar and maximize the windows then take a snapshot and save it, then if you see that something is going on wwith your computer then just check that pic that you had of your processes running in your computer and compare the ones that are in the pic with the ones that are running now in your computer, that might help you to see what processes might be affecrting your computer.

if you have a virus that is not letting you use your task manager then don't use the windows task manager, i recomment you use the ones from systernals http://www.microsoft.com/technet/sysint ... lorer.mspx
it is a great program that will give you much more info about all the processes running in your computer, it will also show you a bar that tells you what processes has been using more cpu cycles in your computer. it can also hijack your windows taskbar, so that every times you press ctrl alt delete, it will appear instead of the windows taskmanager.

try to use a good firewall, do not use the one that comes from windows, i also recomment you don't use zonealarm firewall because you will get problems to connect to the internet from times to time. you will have to set many thing to the firewall to work properly in your computer, i recomment you use the comodo firewall http://www.personalfirewall.comodo.com/
it is a great firewall, and creating the rules for it is very easy and does not take a lot of time.
i recommend you block icmp traffic in your computer, with the comodo firewall you can block icmp traffic coming to your computer not the one sleaving from your computer. i say this because i read on the new that new trojans are able to be activated by icmp traffic, which is a protocol not very observed by many firewalls.

if you are really afraid of viruses and trojans, then try to use a user account in your computer, not the admin account. i know this is a pain in the @## but if you want to have admin rights in your computer then just use the "ruin as" command that is given to you when you right click on a program when using a user account, if you don't like that then create a shortcut to command prommt, then open it by using the "run as" command and leave it open while you use your computer, then just type in the your cmd shell the name of the programs you wanna use with admin rights in your computer and command prompt will open them with admin rights without asking you everytime for the password and username.

i also recomment you never use internet explorer, usefirefox with the plugin to block scripts, that is good because you will not have to worry much about java scripts and activex programs running in your computer without you knowing about them.

if i remember more things i will post them, i am sorry if my post is taking so much space, sorry about that.

i hope i was helpful and that my tips can help you at least a little bit to get rid of viruses or spyware in your computer.

cya
  • bodom321
  • Graduate
  • Graduate
  • bodom321
  • Posts: 141

Post 3+ Months Ago

oh sorry , for those with very powerful computer, you might wanna use virtual computer. try to create a virtual computer of windows xp or 2003 with with virtual computer 2007 then use the converter of vmware to convert that virtualc omputer to vmware format, then just use vmware player to use your virtual computer. this is good because anything the you do in that virtual commputer does not affect your physical computer, unless it crashes, it might use more cpu cycles but at least you don't get infected with any viruses. then only probelsm is that if you get a virus in your virtual computer it will be there untill you use an antivirus to delete it, that is not good if you wanna tranfer files from your virtual computer to your physical computer. if you don't weanna have those problems then just create your virtual computer with "virtual computer 2007 from microsoft(free)" and use your virtual computer with that program, just check the box that says undo changes, in the menu. every time you shut down your virtual computer it will automatically delete any changes you made to it, including viruses and trojans and anything like it.

if you wanna use linux then you should use vmplayer. you can't just use linux if you don't have the files to use it. al you need is sa linux iso image and a vmware files to run that linux image, if you wanna have those vmware files you need to get the workstation program created by them; however, you can get them for free in some websites so that you don't have to have the workstation version. i will upload my file so that you can download it, just let me know if somebody needs it so that i can upload it to one of those websites and you can download it.

cya
  • bodom321
  • Graduate
  • Graduate
  • bodom321
  • Posts: 141

Post 3+ Months Ago

no offense man, but this threat was created to be some kind of tutorial for people, not to post your problems but your solutions and suggestions. if you have a problem with your computer, then create a new threat
  • spork
  • Brewmaster
  • Silver Member
  • User avatar
  • Posts: 6252
  • Loc: Seattle, WA

Post 3+ Months Ago

halen wrote:
no offense man, but this threat was created to be some kind of tutorial for people, not to post your problems but your solutions and suggestions. if you have a problem with your computer, then create a new threat

No offense either, but it would be nice if you'd start spell-checking your posts before you submit them.
  • bodom321
  • Graduate
  • Graduate
  • bodom321
  • Posts: 141

Post 3+ Months Ago

jesus, didn't know i had to know how to spell and a little about computers before giving tips and suggestions.

sorry, i guess i should type my posts in microsoft word and use the spell-checking thing, then post huh?

thanks for the tip
  • ajuisonline
  • Born
  • Born
  • ajuisonline
  • Posts: 1

Post 3+ Months Ago

i have a problem of some adware,spyware attacked my PC ,i got all my files hidden and when i open taskmanager ,run: regedit,cmd ..it automaticall opens..i got a suggestion from webmaster that to download HIJACK THIS ...and i have done..and here is my log file copy, please get me out of this..i woill be very much thankful to you.



Logfile of HijackThis v1.99.1
Scan saved at 5:51:42 PM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\killer.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\DAP\DAP.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Google\Google Talk\googletalk.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
D:\Program Files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe
D:\WINDOWS\smss.exe
D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Maxthon2\Maxthon.exe
D:\WINDOWS\regedit.exe
F:\smss.exe
D:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\AJUISO~1\LOCALS~1\Temp\Rar$EX00.687\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedbit.com/FinishInstall.a ... InstallVA=
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=explorer.exe, killer.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [googletalk] "D:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Web Video Downloader] "D:\Program Files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe"
O4 - HKCU\..\Run: [Runonce] D:\WINDOWS\smss.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: lsass.exe
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://cache2.vuze.com/files/Azureus_Java_Installer.cab
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
  • spork
  • Brewmaster
  • Silver Member
  • User avatar
  • Posts: 6252
  • Loc: Seattle, WA

Post 3+ Months Ago

Reboot into safe mode (hold down F8 as the computer is booting up) and fix the following entries using HijackThis:
Quote:
D:\WINDOWS\smss.exe

F:\smss.exe

F2 - REG:system.ini: Shell=explorer.exe, killer.exe

O4 - HKCU\..\Run: [Runonce] D:\WINDOWS\smss.exe

O4 - Global Startup: lsass.exe

O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://cache2.vuze.com/files/Azureus_Java_Installer.cab

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
  • rocketman888
  • Born
  • Born
  • rocketman888
  • Posts: 1
  • Loc: Canada

Post 3+ Months Ago

Hello All:

I am new to threads but I wanted to log on to read what everyone has to say about these pesky spyware and adware issues.

I have a problem and was wondering what the best course of action was to take. I just set up my very first Media PC that links to my Home Theater.
I am using a freshly formated PC with Windows XP Pro just loaded. In my process of installing software......somehow I got nailed with these wierd POPUPS before I had a chance to get my anti-virus software up and running. Even though my pop-up blocker is running I am still getting Ads that pop up now and then for Party Poker, XXX, etc.

Please help. They are driving me insane. I don't want to re-format and start all over again. What programs do you recommend? Everyone seems to have different favorites, but HiJack This sounds to complex for me.
Any suggestions?

You help is greatly appreciated
  • Zeliah
  • Born
  • Born
  • Zeliah
  • Posts: 3

Post 3+ Months Ago

Hi I am new to this forum, but would really appreciate some help. I use Adobe Flash a lot as in everyday, and about a month ago it started to take to long to load, and sometimes the process itself is slow to response to tasks. I checked the processes and found csrss.exe takes up all the resources on certain application when I try to open them up.

I found your forum through the csrss.exe removal, and I've followed the Hijack This instructions. I ran Lavasoft Adaware, Spybot Search & Destroy, TweakNow Regcleaner, Ccleaner, IOBit SmartDefrag. I also installed all windows updates, and removed the spywares listed on Your Hijack This instructions, but to no avail. I ran my HijackThis log on the http://hijackthis.de/en. and found two Mprage.exe and an old button for Paltalk.exe and fixed those. I am hoping you can take a look at my HijackThis log, and offer some advice. Thanks in advance.

http://hijackthis.de/logfiles/ca7f84838 ... 3c38b.html
  • spork
  • Brewmaster
  • Silver Member
  • User avatar
  • Posts: 6252
  • Loc: Seattle, WA

Post 3+ Months Ago

Hi Zeliah -- please start a new topic here in the Windows forum, and post a fresh HijackThis log directly into the topic. Someone will look at it from there.
  • lajocar
  • Proficient
  • Proficient
  • User avatar
  • Posts: 272
  • Loc: South Africa

Post 3+ Months Ago

Great tips guys

Who uses Microsoft free spyware remover tool?
  • Craig_85
  • Newbie
  • Newbie
  • User avatar
  • Posts: 8

Post 3+ Months Ago

Now a days browser hijacking has become a major problem. There are lots of Anti Spyware Software available, but most of the programs itself is a Spyware. So we've to be cautious while installing those programs, "Hijackthis" by TrendPc is the best free Anti Spyware Software available in the internet.
  • Allwyna
  • Novice
  • Novice
  • Allwyna
  • Posts: 20

Post 3+ Months Ago

I have recently installed superantispywre, and it removed a lot of spyware from another so-called antispyware........

I had Hijackthis, but it is too complicated, so I removed it.
  • Mr OBrien
  • Graduate
  • Graduate
  • User avatar
  • Posts: 185
  • Loc: down a creek without a paddle

Post 3+ Months Ago

halen wrote:
jesus, didn't know i had to know how to spell and a little about computers before giving tips and suggestions.

sorry, i guess i should type my posts in microsoft word and use the spell-checking thing, then post huh?

thanks for the tip


What do you mean? Goto post advance reply and Right click and select spell check this field.

By the way i use Norton and i recommend it.
  • susanqy2
  • Newbie
  • Newbie
  • susanqy2
  • Posts: 10

Post 3+ Months Ago

I have just deleted my search and destroy. It couldnt rid me of all the spybots I want.
  • paul8368
  • Novice
  • Novice
  • paul8368
  • Posts: 27
  • Loc: UK

Post 3+ Months Ago

MOC wrote:
This is ScumWare : I will keep this updated this is dated 09/20/04
this is software that is not what it says it is ,and this is the most recent list.

Instead of removing spyware, they install it. Some will even attack whatever genuine protection your computer may already have, leaving it wide open to hackers, viruses, spyware and every other kind of malware imaginable.

Worse, trying to remove the scumware in the usual way can often result in even more spyware being installed, so if you have installed anything on this list, please get some advice before trying to remove it.




Interesting list makes me a bit worried about freeware I've been using

superantispyware and malwarebytes

How can I tell if they are for real or if they are "scumware"
  • Zenislevs
  • Born
  • Born
  • Zenislevs
  • Posts: 3

Post 3+ Months Ago

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:08 PM, on 2/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\VSTASCAN\vsaccess.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://stats.garena.com/clientinstall.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local; http://192.168.0.150:918
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\PC\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6115 bytes
  • phamornmi
  • Born
  • Born
  • User avatar
  • Posts: 3

Post 3+ Months Ago

thanks for useful info.
  • phamornmi
  • Born
  • Born
  • User avatar
  • Posts: 3

Post 3+ Months Ago

- I have used AVG Anti Virus, Comodo Pro Firewall, I have recently added superantispyware and Malwarebytes. They are all free for personal use and I have had no trouble with Viruses Trojans Hackers etc. They can all be downloaded from http://malware-virus-spyware-remover-to ... gspot.com/ Online Armor Free is good and is fairly easy to use.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

Post Information

  • Total Posts in this topic: 66 posts
  • Users browsing this forum: lenga_92 and 64 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.