Results 1 to 7 of 7

Thread: How can i remove spyware.possible_website_hijack

  1. #1
    Join Date
    Jan 2009
    Posts
    124

    How can i remove spyware.possible_website_hijack

    From last few days my pc had slow down, it was working very slow. So, in order to speed up my system, i had done a virus scan on my pc. I found many files containing spyware.possible_website_hijack on my system. I try to delete it from my system, but i couldn't delete it. So, please can any body help me out to remove this spyware.possible_website_hijack from my system? Does any body knows about how can i remove it form my system? Kindly provide the solution to get rid of the above issue.

  2. #2
    Join Date
    Apr 2008
    Posts
    3,424

    Re: How can i remove spyware.possible_website_hijack

    If you are using any free version of protection programs on your system, then just uninstall them and try to download AVG antivirus/spyware program on your system. Its good and will help you to remove the spyware.possible_website_hijack from your system.

  3. #3
    Join Date
    May 2008
    Posts
    3,516

    Re: How can i remove spyware.possible_website_hijack

    Try to download HostsXpert.zip on your system. then follow the below steps mention to remove the spyware from your system.

    1) Unzip HostsXpert.zip on you pc.
    2) Then double click on HostsXpert.exe, where you have save the .exe file on your system.
    3) Then try to click on "Restore Original Hosts" to restore your Hosts file to its default condidtion on your system.
    4) Then click on Make Hosts Read Only, in order to secure it, in order to avoid any further infection on your system.
    5) Then, finally close the program when it get completed.

  4. #4
    Join Date
    Apr 2008
    Posts
    3,339

    Re: How can i remove spyware.possible_website_hijack

    Spyware.Possible_Website_Hijack is a spyware threat that get installed in a compressed malware files on a infected pc and opens backdoors to outlying attackers. It will generate corrupt executable files, inactivate security tools and install annoying popups on your system. Normally the Spyware.Possible_Website_Hijack infects the system only through pornographic web sites, video codec bundles and File sharing programs that you do on your pc. The Spyware.Possible_Website_Hijack is a dangerous infection that can steal confidential information from your pc and let your pc slow down.

  5. #5
    Join Date
    Aug 2010
    Posts
    1

    smile Re: How can i remove spyware.possible_website_hijack

    Hello Techies,

    To continue with the solution Syprus has posted, I've run the file and below is the details of the log file. Kindly send me an email with further updates.
    Email ID: nikhil.gedam1@gmail.com. Thanks a lot.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:51:31 AM, on 8/15/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17080)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Google\Update\GoogleUpdate.exe
    D:\Program Files\DAP\DAP.EXE
    D:\Program Files\Webshots\WebshotsTray.exe
    D:\WINDOWS\system32\inetsrv\inetinfo.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\WINDOWS\system32\syscache.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\WINDOWS\system32\notepad.exe
    D:\Program Files\Spyware Doctor\pctsGui.exe
    D:\Program Files\Spyware Doctor\pctsTray.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    O1 - Hosts: pGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArAaGpINQG!Ij
    O1 - Hosts: VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03n
    O1 - Hosts: LaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDh
    O1 - Hosts: mDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTw
    O1 - Hosts: 2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQ
    O1 - Hosts: kthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLC
    O1 - Hosts: pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOu
    O1 - Hosts: PKYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295h
    O1 - Hosts: D45fIlUcQXkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkr
    O1 - Hosts: BFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQ
    O1 - Hosts: B0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZ
    O1 - Hosts: VsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZe
    O1 - Hosts: 0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI
    O1 - Hosts: SkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQF
    O1 - Hosts: CB0M8QVqQ03njLaEvqEZgGrC6YxzcAH
    O1 - Hosts: EfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlF
    O1 - Hosts: wmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkth
    O1 - Hosts: MSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37
    O1 - Hosts: 1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPK
    O1 - Hosts: iAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArA
    O1 - Hosts: GpINQG!Ij1VH7UJ1cSRClSixPsNwB8
    O1 - Hosts: 51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLa
    O1 - Hosts: vqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuH
    O1 - Hosts: KYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUc
    O1 - Hosts: XkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULU
    O1 - Hosts: 37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptj
    O1 - Hosts: 6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApG
    O1 - Hosts: yxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI
    O1 - Hosts: SkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQF
    O1 - Hosts: CB0M8QVqQ03njLaEvqEZgGrC6YxzcAH
    O1 - Hosts: EfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlF
    O1 - Hosts: wmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkth
    O1 - Hosts: MSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37
    O1 - Hosts: 1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPK
    O1 - Hosts: iAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArA
    O1 - Hosts: GpINQG!Ij1VH7UJ1cSRClSixPsNwB8
    O1 - Hosts: 51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLa
    O1 - Hosts: vqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuH
    O1 - Hosts: KYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUc
    O1 - Hosts: XkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULU
    O1 - Hosts: 37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptj
    O1 - Hosts: 6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApG
    O1 - Hosts: yxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI
    O1 - Hosts: SkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQF
    O1 - Hosts: CB0M8QVqQ03njLaEvqEZgGrC6YxzcAH
    O1 - Hosts: EfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlF
    O1 - Hosts: wmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkth
    O1 - Hosts: MSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37
    O1 - Hosts: 1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPK
    O1 - Hosts: iAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArA
    O1 - Hosts: GpINQG!Ij1VH7UJ1cSRClSixPsNwB8
    O1 - Hosts: 51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLa
    O1 - Hosts: vqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuH
    O1 - Hosts: KYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUc
    O1 - Hosts: XkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULU
    O1 - Hosts: 37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptj
    O1 - Hosts: 6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApG
    O1 - Hosts: yxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI
    O1 - Hosts: SkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQF
    O1 - Hosts: CB0M8QVqQ03njLaEvqEZgGrC6YxzcAH
    O1 - Hosts: EfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlF
    O1 - Hosts: wmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkth
    O1 - Hosts: MSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37
    O1 - Hosts: 1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPK
    O1 - Hosts: iAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArA
    O1 - Hosts: GpINQG!Ij1VH7UJ1cSRClSixPsNwB8
    O1 - Hosts: 51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLa
    O1 - Hosts: vqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuH
    O1 - Hosts: KYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUc
    O1 - Hosts: XkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULU
    O1 - Hosts: 37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptj
    O1 - Hosts: 6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApG
    O1 - Hosts: yxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI
    O1 - Hosts: SkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQF
    O1 - Hosts: CB0M8QVqQ03njLaEvqEZgGrC6YxzcAH
    O1 - Hosts: EfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlF
    O1 - Hosts: wmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkth
    O1 - Hosts: MSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37
    O1 - Hosts: 1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPK
    O1 - Hosts: iAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArA
    O1 - Hosts: GpINQG!Ij1VH7UJ1cSRClSixPsNwB8
    O1 - Hosts: 51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLa
    O1 - Hosts: vqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuH
    O1 - Hosts: KYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUc
    O1 - Hosts: XkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULU
    O1 - Hosts: 37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptj
    O1 - Hosts: 6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApG
    O1 - Hosts: yxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI
    O1 - Hosts: SkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQF
    O1 - Hosts: CB0M8QVqQ03njLaEvqEZgGrC6YxzcAH
    O1 - Hosts: EfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlF
    O1 - Hosts: wmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkth
    O1 - Hosts: MSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37
    O1 - Hosts: 1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPK
    O1 - Hosts: iAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArA
    O1 - Hosts: GpINQG!Ij1VH7UJ1cSRClSixPsNwB8
    O1 - Hosts: 51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLa
    O1 - Hosts: vqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuH
    O1 - Hosts: KYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUc
    O1 - Hosts: XkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULU
    O1 - Hosts: 37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptj
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - D:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - D:\PROGRA~1\DAP\DAPIEL~1.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O4 - HKLM\..\Run: [vmgre32] D:\WINDOWS\system32\vmgre32.exe
    O4 - HKLM\..\Run: [9801] D:\WINDOWS\system32\syscache.exe
    O4 - HKCU\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O4 - S-1-5-18 Startup: Webshots.lnk = D:\Program Files\Webshots\WebshotsTray.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Webshots.lnk = D:\Program Files\Webshots\WebshotsTray.exe (User 'Default user')
    O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\WebshotsTray.exe
    O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
    O10 - Unknown file in Winsock LSP: d:\progra~1\speedb~1\sblsp.dll
    O10 - Unknown file in Winsock LSP: d:\progra~1\speedb~1\sblsp.dll
    O10 - Unknown file in Winsock LSP: d:\progra~1\speedb~1\sblsp.dll
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A68498CE-7C56-435A-A49A-7722AD78C3AC}: NameServer = 218.248.255.212 218.248.241.2
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

    --
    End of file - 13907 bytes

  6. #6
    Join Date
    Nov 2010
    Posts
    1

    Re: How can i remove spyware.possible_website_hijack

    heres my log
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:09:55 PM, on 11/20/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    D:\SpyDoc\Spyware Doctor\pctsAuxs.exe
    D:\SpyDoc\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
    D:\SpyDoc\Spyware Doctor\pctsTray.exe
    C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\DL's\Internet Download Manager\IDMan.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\DL's\PowerSuite\powersuite.exe
    C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\JEFF\My Documents\Downloads\Programs\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=16148&l=dis
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\DL's\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: CheckHO Class - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [SwitchBoard] "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [M-Audio Taskbar Icon] "C:\WINDOWS\system32\M-AudioTaskBarIcon.exe"
    O4 - HKLM\..\Run: [ISTray] "D:\SpyDoc\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
    O4 - HKCU\..\Run: [IDMan] "D:\DL's\Internet Download Manager\IDMan.exe" /onboot
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ares] "D:\movie\Ares\Ares.exe" -h
    O4 - HKCU\..\RunOnce: [PowerSuite] "D:\DL's\PowerSuite\launcher.exe" delay 20000 -m
    O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
    O8 - Extra context menu item: Download all links with IDM - D:\DL's\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - D:\DL's\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - D:\DL's\Internet Download Manager\IEExt.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: 1261128508 (.1261128508) - Unknown owner - C:\Program Files\1261128508\JEFF1261128508L.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\SpyDoc\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\SpyDoc\Spyware Doctor\pctsSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
    O23 - Service: WLSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

    --
    End of file - 8468 bytes

  7. #7
    Join Date
    Oct 2010
    Posts
    88

    Re: How can i remove spyware.possible_website_hijack

    Looks like your computer system is in a real mess, there is allot of spyware on your computer system and I think the only solution would be to format the computer. Also, after formatting I request you to please have a legal antivirus software on the system that protects from all the malicious programs to avoid any problem in the future. I hope you understand how important is the antivirus for your computer security.

Similar Threads

  1. How to remove Fun Web Products Spyware
    By Laquan in forum AntiVirus Software
    Replies: 3
    Last Post: 25-08-2011, 11:35 AM
  2. HELP cannot remove spyware (Antivirus 2008 spyware removal)
    By Jaiyana in forum Networking & Security
    Replies: 5
    Last Post: 31-08-2010, 02:54 AM
  3. I am not able to remove Spyware Doctor
    By Nipissing in forum Networking & Security
    Replies: 6
    Last Post: 11-06-2010, 05:16 AM
  4. How to remove KVMSecure Spyware
    By Malorie in forum Networking & Security
    Replies: 4
    Last Post: 17-03-2010, 06:51 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,620,475.78695 seconds with 17 queries