1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

"SPYWARE WARNING" has hijacked my desktop

Discussion in 'Virus & Other Malware Removal' started by dosequis, Oct 14, 2005.

Thread Status:
Not open for further replies.
  1. dosequis

    dosequis Thread Starter

    Oct 14, 2005
    Please help. I do not think of myself as a beginner when it comes to computers, but this thing has me to the edge. I would like to know how to remove the "Spyware Warning" from my desktop. Here is a copy of my HJT log file.

    Logfile of HijackThis v1.99.1
    Scan saved at 3:26:20 PM, on 10/14/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\PROGRA~1\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.worldwinner.com/
    F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
    O1 - Hosts: n-glx.s-redirect.com
    O1 - Hosts: x.full-tgp.net
    O1 - Hosts: counter.sexmaniack.com
    O1 - Hosts: autoescrowpay.com
    O1 - Hosts: www.autoescrowpay.com
    O1 - Hosts: www.awmdabest.com
    O1 - Hosts: www.sexfiles.nu
    O1 - Hosts: awmdabest.com
    O1 - Hosts: sexfiles.nu
    O1 - Hosts: allforadult.com
    O1 - Hosts: www.allforadult.com
    O1 - Hosts: www.iframe.biz
    O1 - Hosts: iframe.biz
    O1 - Hosts: www.newiframe.biz
    O1 - Hosts: newiframe.biz
    O1 - Hosts: www.vesbiz.biz
    O1 - Hosts: vesbiz.biz
    O1 - Hosts: www.pizdato.biz
    O1 - Hosts: pizdato.biz
    O1 - Hosts: www.aaasexypics.com
    O1 - Hosts: aaasexypics.com
    O1 - Hosts: www.virgin-tgp.net
    O1 - Hosts: virgin-tgp.net
    O1 - Hosts: www.awmcash.biz
    O1 - Hosts: awmcash.biz
    O1 - Hosts: buldog-stats.com
    O1 - Hosts: www.buldog-stats.com
    O1 - Hosts: fregat.drocherway.com
    O1 - Hosts: slutmania.biz
    O1 - Hosts: www.slutmania.biz
    O1 - Hosts: toolbarpartner.com
    O1 - Hosts: www.toolbarpartner.com
    O1 - Hosts: www.megapornix.com
    O1 - Hosts: megapornix.com
    O1 - Hosts: www.sp2****ed.biz
    O1 - Hosts: sp2****ed.biz
    O1 - Hosts: greg-tut.com
    O1 - Hosts: www.greg-tut.com
    O1 - Hosts: nylonsexy.com
    O1 - Hosts: www.nylonsexy.com
    O1 - Hosts: vparivalka.com
    O1 - Hosts: www.vparivalka.com
    O1 - Hosts: iframeprofit.com
    O1 - Hosts: www.iframeprofit.com
    O1 - Hosts: topsearch10.com
    O1 - Hosts: www.topsearch10.com
    O1 - Hosts: statscash.biz
    O1 - Hosts: www.statscash.biz
    O1 - Hosts: vxiframe.biz
    O1 - Hosts: www.vxiframe.biz
    O1 - Hosts: crazy-toolbar.com
    O1 - Hosts: www.crazy-toolbar.com
    O1 - Hosts: topcash.biz
    O1 - Hosts: www.topcash.biz
    O1 - Hosts: loadcash.biz
    O1 - Hosts: www.loadcash.biz
    O1 - Hosts: txiframe.biz
    O1 - Hosts: www.txiframe.biz
    O1 - Hosts: procounter.biz
    O1 - Hosts: www.procounter.biz
    O1 - Hosts: advadmin.biz
    O1 - Hosts: www.advadmin.biz
    O1 - Hosts: trafficbest.net
    O1 - Hosts: www.trafficbest.net
    O1 - Hosts: besthvac.com
    O1 - Hosts: www.besthvac.com
    O1 - Hosts: traff4.com
    O1 - Hosts: www.traff4.com
    O1 - Hosts: ambush-script.com
    O1 - Hosts: www.ambush-script.com
    O1 - Hosts: beehappyy.biz
    O1 - Hosts: www.beehappyy.biz
    O1 - Hosts: tracktraff.cc
    O1 - Hosts: www.tracktraff.cc
    O1 - Hosts: allcount.net
    O1 - Hosts: www.allcount.net
    O1 - Hosts: onedayoffer.biz
    O1 - Hosts: www.onedayoffer.biz
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Smarty] C:\Program Files\PCAccel6000\clk.exe -l 1 -m 2 187
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SymNetDrv\SNDMon.exe
    O4 - HKLM\..\Run: [msoft-updater23] slssystem.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\RunServices: [msoft-updater23] slssystem.exe
    O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
    O4 - HKCU\..\Run: [acc] C:\PROGRA~1\acc\acc.exe
    O4 - Startup: Drempels Desktop.lnk = C:\WINDOWS\drempels.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v51/h2hpool/h2hpool.cab
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\Symantec Shared\Script Blocking\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  2. tj416


    Nov 18, 2004
    Hi dosequis,

    Since HijackThis does not scan the entire system and only certain areas are scanned to help diagnose the presence of undetected malware in some of the telltale places it hides. It is extremely important that you run a full system scan tool like an online virus scan, Ad-aware SE and Spybot S&D. I would like to START with those steps and finish the cleanup of strays or undetected items with HJT. I have provided instructions on how to run scans with a Online virus scanner, Ad-aware SE and Spybot S&D in this post.

    1) Run one of these Online virus scanners:2) Download, install, update and run a scan with Spybot S&D:
    • Download and Install Spybot S&D, accepting the Default Settings.
    • In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it.
    • Close ALL windows except Spybot S&D
    • Click the button to ‘Search for Updates’ and then download and install all available Updates.
    • Next click the button ‘Check for Problems’
    • When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and ‘GREEN’ entries in the window.
    • Make certain there is a check mark beside all of the RED entries ONLY.
    • Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.
    • REBOOT to complete the scan and clear memory.
    3) Download, install, update, configure and run a scan with Ad-aware SE:
    1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan.
    2. Close ALL windows except Ad-Aware SE.
    3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.
    4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window:
      • In the ‘General’ window make sure the following are selected in green:
        • Under Safety:
          • Automatically save log-file
          • Automatically quarantine objects prior to removal
          • Safe Mode (always request confirmation)
        • Under Definitions:
          • Prompt to update outdated definitions - set the number of days
      • Click on the ‘Scanning’ button on the left and select in green :
        • Under Driver, Folders & Files:
          • Scan Within Archives
        • Under Select drives & folders to scan:
          • choose all hard drives
        • Under Memory & Registry: all green
          • Scan Active Processes
          • Scan Registry
          • Deep Scan Registry
          • Scan my IE favorites for banned URL’s
          • Scan my Hosts file
      • Click on the ‘Advanced’ button on the left and select in green:
        • Under Shell Integration:
          • Move deleted files to recycle bin
        • Under Logfile Detail Level: (all green)
          • include addtional object information
          • DESELECT - include negligible objects information
          • include environment information
        • Under Alternate Data Streams:
          • Don't log streams smaller than 0 bytes
          • Don't log ADS with the following names: CA_INOCULATEIT
      • Click the ‘Tweak’ button and select in green:
        • Under ‘Scanning Engine’:
          • Unload recognized processes during scanning
          • Scan registry for all users instead of current user only
        • Under ‘Cleaning Engine’:
          • Let Windows remove files in use at next reboot
        • Under Log Files:
          • Include basic Ad-aware SE settings in logfile
          • Include additional Ad-aware SE settings in logfile
          • Please do not check: Include Module list in logfile
    5. Click on ‘Proceed’ to save the settings.
    6. Click ‘Start’
    7. Choose 'Perform Full System Scan'
    8. DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.
    9. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.
    10. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window
    11. Save the log file when it asks and then click ‘Finish’
    12. REBOOT to complete the removal of what Ad-Aware SE found.
    4) Download and run Hoster:
    • Download Hoster.
    • Unzip hoster to its own folder, for example: C:\Hoster.
    • Start Hoster.exe.
    • Click 'Restore Original Hosts'.
    • Click OK.
    • Exit the program.

    5) Prepare in your reply:
    • A fresh HijackThis log.
  3. Cheeseball81

    Cheeseball81 Retired Moderator

    Mar 3, 2004
    Sounds like SmitFraud, tj :)
  4. tj416


    Nov 18, 2004
    Hi Cheeseball81,

    Yup, just want to get this log cleaned up a bit and then I'll be using SmitRem....
  5. Cheeseball81

    Cheeseball81 Retired Moderator

    Mar 3, 2004
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Similar Threads - SPYWARE WARNING hijacked
  1. TeeTee7
  2. midiboy
  3. PacerFan1
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/407763

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice