help, i have a nasty spyware issue
02-24-2006, 10:43 PM
#11
3.0 BAR
Join Date: Oct 2005
Posts: 9,282
Re: help, i have a nasty spyware issue
Originally Posted by signorelli21
i use avi anti virus, its like mcaffee but seems to do a better job of preventing ---- from getting on your machine,and its free. also be carefull with hijack this because it just gives you a list of ---- that it thinks may be harmful, so you can potentially delete something important.
i like to use adaware for spyware ---- but sometimes it doesn;t get rid of everything.
i like to use adaware for spyware ---- but sometimes it doesn;t get rid of everything.
02-25-2006, 05:24 PM
#14
1.5 BAR
Thread Starter
Join Date: Nov 2003
Posts: 909
Re: help, i have a nasty spyware issue
Logfile of HijackThis v1.99.1
Scan saved at 5:10
8 PM, on 2/25/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\winupdates\winupdates.exe
C:\WINDOWS\System32\segcbfcu.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\regsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\sendi.exe
C:\Documents and Settings\Special ED\Desktop\HijackThis.exe
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\system32\Kernel32.win
O4 - HKLM\..\Run: [Israfel] C:\WINDOWS\system32\Israfel.vbs
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [segcbfcu] C:\WINDOWS\System32\segcbfcu.exe
O4 - HKLM\..\Run: [67ab9f52de0] C:\WINDOWS\System32\67ab9f52de0.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [segcbfcu] C:\WINDOWS\System32\segcbfcu.exe
O4 - HKCU\..\Run: [67ab9f52de0] C:\WINDOWS\System32\67ab9f52de0.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O21 - SSODL: IEFilter - {55EFC62B-7BBD-4F76-A587-960E55B181EB} - C:\WINDOWS\system32\IEFilter.dll
O23 - Service: WindowInstallSystem (67ab9f52de0svr) - Unknown owner - C:\WINDOWS\67ab9f52de0.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Scan saved at 5:10
8 PM, on 2/25/2006Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\winupdates\winupdates.exe
C:\WINDOWS\System32\segcbfcu.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\regsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\sendi.exe
C:\Documents and Settings\Special ED\Desktop\HijackThis.exe
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\system32\Kernel32.win
O4 - HKLM\..\Run: [Israfel] C:\WINDOWS\system32\Israfel.vbs
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [segcbfcu] C:\WINDOWS\System32\segcbfcu.exe
O4 - HKLM\..\Run: [67ab9f52de0] C:\WINDOWS\System32\67ab9f52de0.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [segcbfcu] C:\WINDOWS\System32\segcbfcu.exe
O4 - HKCU\..\Run: [67ab9f52de0] C:\WINDOWS\System32\67ab9f52de0.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O21 - SSODL: IEFilter - {55EFC62B-7BBD-4F76-A587-960E55B181EB} - C:\WINDOWS\system32\IEFilter.dll
O23 - Service: WindowInstallSystem (67ab9f52de0svr) - Unknown owner - C:\WINDOWS\67ab9f52de0.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
02-25-2006, 08:56 PM
#16
1.5 BAR
Join Date: Feb 2005
Posts: 1,171
Re: help, i have a nasty spyware issue
Originally Posted by buk9tp
---- that..
right click save target as:
http://tomcoyote.org/hjt/hjt199//HijackThis.exe
download it to desktop.. run it.. click scan only.. scan.. wait for it to finish.. click config.. check the box that says mark everything to be fixed after scan.. click ok.. close everything.. rerun it.. click scan only.. let it scan.. wait for it to finish.. everything will be checked.. click fix all checked..
and ur done..
a number of people on here including dustin can vouch for this...
right click save target as:
http://tomcoyote.org/hjt/hjt199//HijackThis.exe
download it to desktop.. run it.. click scan only.. scan.. wait for it to finish.. click config.. check the box that says mark everything to be fixed after scan.. click ok.. close everything.. rerun it.. click scan only.. let it scan.. wait for it to finish.. everything will be checked.. click fix all checked..
and ur done..
a number of people on here including dustin can vouch for this...
02-25-2006, 09:40 PM
#17
0.0 BAR
Join Date: Feb 2005
Posts: 0
Re: help, i have a nasty spyware issue
Originally Posted by Special ED
i think that is what i needed to post
Logfile of HijackThis v1.99.1
Scan saved at 5:10
8 PM, on 2/25/2006Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\winupdates\winupdates.exe
C:\WINDOWS\System32\segcbfcu.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\regsrv.exe
C:\WINDOWS\system32\sendi.exe
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\system32\Kernel32.win
O4 - HKLM\..\Run: [Israfel] C:\WINDOWS\system32\Israfel.vbs
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [segcbfcu] C:\WINDOWS\System32\segcbfcu.exe
O4 - HKLM\..\Run: [67ab9f52de0] C:\WINDOWS\System32\67ab9f52de0.exe
O4 - HKCU\..\Run: [segcbfcu] C:\WINDOWS\System32\segcbfcu.exe
O4 - HKCU\..\Run: [67ab9f52de0] C:\WINDOWS\System32\67ab9f52de0.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O21 - SSODL: IEFilter - {55EFC62B-7BBD-4F76-A587-960E55B181EB} - C:\WINDOWS\system32\IEFilter.dll
O23 - Service: WindowInstallSystem (67ab9f52de0svr) - Unknown owner - C:\WINDOWS\67ab9f52de0.exe
all of that is bad ----
02-26-2006, 02:03 AM
#18
0.0 BAR
Join Date: Dec 2002
Posts: 0
Re: help, i have a nasty spyware issue
Format re-install...
Programs like Ad-Aware and Spybot will only do so much. Some of that ---- is so embedded in your system you will never get it out even when you try and manually remove it. When you reformat your computer make sure you download service pack 2 and always keep your system updated (windows update). Also get a cheap router that has a built-in firewall because more than likely you will get spyware again if you hook it up directly to your cable modem.
Just make sure you always have your music, videos, files, and most importantly your **** backed up and you will be fine. It's a lot easier installing a fresh copy of XP than it is sifting through your whole system trying to get rid of spyware, which in some cases is nearly impossible or even worth the time.
I do ---- like this daily and it's a pain in the *** trying to get rid of all the ---- people download onto there systems.
Programs like Ad-Aware and Spybot will only do so much. Some of that ---- is so embedded in your system you will never get it out even when you try and manually remove it. When you reformat your computer make sure you download service pack 2 and always keep your system updated (windows update). Also get a cheap router that has a built-in firewall because more than likely you will get spyware again if you hook it up directly to your cable modem.
Just make sure you always have your music, videos, files, and most importantly your **** backed up and you will be fine. It's a lot easier installing a fresh copy of XP than it is sifting through your whole system trying to get rid of spyware, which in some cases is nearly impossible or even worth the time.
I do ---- like this daily and it's a pain in the *** trying to get rid of all the ---- people download onto there systems.
02-26-2006, 02:13 AM
#19
Administrator
Join Date: Dec 2002
Posts: 13,991
Re: help, i have a nasty spyware issue
I got a really ------- nasty issue right now on my computer, I accidently hit the enter key on some pop up and whatever it did it installed something into my explorer.exe because if I let my computer chill for about 3 hours I'll have 400 pop ups of new windows. Adaware, and hijack this didnt get rid of it, and its driving me insane.. especially the audio pop ups that I cant even stop 
02-26-2006, 02:20 AM
#20
3.0 BAR
Join Date: Oct 2005
Posts: 9,282
Re: help, i have a nasty spyware issue
start > run > msconfig
start up tab.. click disable all..
restart pc.. run hijackthis.. fix all checked..
should fix it. but just incase it doesnt.. youll need to scan with ad aware and hijackthis in safemode..
nope.. nothing important.. anything important comes back.. ive been doing it for years now and ive never had a problem.. everytime i just click mark all to be fixed and click fix all checked.. neither i.. or anyone else i showed this to / done it for have ever complained..
start up tab.. click disable all..
restart pc.. run hijackthis.. fix all checked..
should fix it. but just incase it doesnt.. youll need to scan with ad aware and hijackthis in safemode..
Originally Posted by d0nfry
u just told him to delete a whole bunch of files that he probably needs and uses every day wtf.
