Highjackthis and spyware removal resources and tips.

November 28th, 2007, 10:44 pm

jesus, didn't know i had to know how to spell and a little about computers before giving tips and suggestions.

sorry, i guess i should type my posts in microsoft word and use the spell-checking thing, then post huh?

thanks for the tip

January 20th, 2008, 5:35 am

i have a problem of some adware,spyware attacked my PC ,i got all my files hidden and when i open taskmanager ,run: regedit,cmd ..it automaticall opens..i got a suggestion from webmaster that to download HIJACK THIS ...and i have done..and here is my log file copy, please get me out of this..i woill be very much thankful to you.



Logfile of HijackThis v1.99.1
Scan saved at 5:51:42 PM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\killer.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\DAP\DAP.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Google\Google Talk\googletalk.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
D:\Program Files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe
D:\WINDOWS\smss.exe
D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Maxthon2\Maxthon.exe
D:\WINDOWS\regedit.exe
F:\smss.exe
D:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\AJUISO~1\LOCALS~1\Temp\Rar$EX00.687\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedbit.com/FinishInstall.a ... InstallVA=
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=explorer.exe, killer.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [googletalk] "D:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Web Video Downloader] "D:\Program Files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe"
O4 - HKCU\..\Run: [Runonce] D:\WINDOWS\smss.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: lsass.exe
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://cache2.vuze.com/files/Azureus_Java_Installer.cab
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

[spork]

January 20th, 2008, 12:19 pm

Reboot into safe mode (hold down F8 as the computer is booting up) and fix the following entries using HijackThis:

Quote:

D:\WINDOWS\smss.exe

F:\smss.exe

F2 - REG:system.ini: Shell=explorer.exe, killer.exe

O4 - HKCU\..\Run: [Runonce] D:\WINDOWS\smss.exe

O4 - Global Startup: lsass.exe

O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://cache2.vuze.com/files/Azureus_Java_Installer.cab

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\

February 11th, 2008, 10:01 pm

Hello All:

I am new to threads but I wanted to log on to read what everyone has to say about these pesky spyware and adware issues.

I have a problem and was wondering what the best course of action was to take. I just set up my very first Media PC that links to my Home Theater.
I am using a freshly formated PC with Windows XP Pro just loaded. In my process of installing software......somehow I got nailed with these wierd POPUPS before I had a chance to get my anti-virus software up and running. Even though my pop-up blocker is running I am still getting Ads that pop up now and then for Party Poker, XXX, etc.

Please help. They are driving me insane. I don't want to re-format and start all over again. What programs do you recommend? Everyone seems to have different favorites, but HiJack This sounds to complex for me.
Any suggestions?

You help is greatly appreciated

April 8th, 2008, 2:13 pm

Hi I am new to this forum, but would really appreciate some help. I use Adobe Flash a lot as in everyday, and about a month ago it started to take to long to load, and sometimes the process itself is slow to response to tasks. I checked the processes and found csrss.exe takes up all the resources on certain application when I try to open them up.

I found your forum through the csrss.exe removal, and I've followed the Hijack This instructions. I ran Lavasoft Adaware, Spybot Search & Destroy, TweakNow Regcleaner, Ccleaner, IOBit SmartDefrag. I also installed all windows updates, and removed the spywares listed on Your Hijack This instructions, but to no avail. I ran my HijackThis log on the http://hijackthis.de/en. and found two Mprage.exe and an old button for Paltalk.exe and fixed those. I am hoping you can take a look at my HijackThis log, and offer some advice. Thanks in advance.

http://hijackthis.de/logfiles/ca7f84838 ... 3c38b.html

[spork]

April 9th, 2008, 5:20 pm

Hi Zeliah -- please start a new topic here in the Windows forum, and post a fresh HijackThis log directly into the topic. Someone will look at it from there.

April 19th, 2008, 8:22 pm

Great tips guys

Who uses Microsoft free spyware remover tool?

April 24th, 2008, 12:47 pm

Now a days browser hijacking has become a major problem. There are lots of Anti Spyware Software available, but most of the programs itself is a Spyware. So we've to be cautious while installing those programs, "Hijackthis" by TrendPc is the best free Anti Spyware Software available in the internet.