Go Back   TechArena Community > Technology > Networking & Security
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



How can i remove spyware.possible_website_hijack

Networking & Security


Reply
 
Thread Tools Search this Thread
  #1  
Old 15-05-2009
Member
 
Join Date: Jan 2009
Posts: 124
How can i remove spyware.possible_website_hijack
  

From last few days my pc had slow down, it was working very slow. So, in order to speed up my system, i had done a virus scan on my pc. I found many files containing spyware.possible_website_hijack on my system. I try to delete it from my system, but i couldn't delete it. So, please can any body help me out to remove this spyware.possible_website_hijack from my system? Does any body knows about how can i remove it form my system? Kindly provide the solution to get rid of the above issue.

Reply With Quote
  #2  
Old 15-05-2009
Member
 
Join Date: Apr 2008
Posts: 3,418
Re: How can i remove spyware.possible_website_hijack

If you are using any free version of protection programs on your system, then just uninstall them and try to download AVG antivirus/spyware program on your system. Its good and will help you to remove the spyware.possible_website_hijack from your system.
Reply With Quote
  #3  
Old 15-05-2009
Member
 
Join Date: May 2008
Posts: 3,519
Re: How can i remove spyware.possible_website_hijack

Try to download HostsXpert.zip on your system. then follow the below steps mention to remove the spyware from your system.

1) Unzip HostsXpert.zip on you pc.
2) Then double click on HostsXpert.exe, where you have save the .exe file on your system.
3) Then try to click on "Restore Original Hosts" to restore your Hosts file to its default condidtion on your system.
4) Then click on Make Hosts Read Only, in order to secure it, in order to avoid any further infection on your system.
5) Then, finally close the program when it get completed.
Reply With Quote
  #4  
Old 15-05-2009
Member
 
Join Date: Apr 2008
Posts: 3,343
Re: How can i remove spyware.possible_website_hijack

Spyware.Possible_Website_Hijack is a spyware threat that get installed in a compressed malware files on a infected pc and opens backdoors to outlying attackers. It will generate corrupt executable files, inactivate security tools and install annoying popups on your system. Normally the Spyware.Possible_Website_Hijack infects the system only through pornographic web sites, video codec bundles and File sharing programs that you do on your pc. The Spyware.Possible_Website_Hijack is a dangerous infection that can steal confidential information from your pc and let your pc slow down.
Reply With Quote
  #5  
Old 15-08-2010
Member
 
Join Date: Aug 2010
Posts: 1
smile Re: How can i remove spyware.possible_website_hijack

Hello Techies,

To continue with the solution Syprus has posted, I've run the file and below is the details of the log file. Kindly send me an email with further updates.
Email ID: nikhil.gedam1@gmail.com. Thanks a lot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:31 AM, on 8/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\Program Files\DAP\DAP.EXE
D:\Program Files\Webshots\WebshotsTray.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\syscache.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Spyware Doctor\pctsGui.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O1 - Hosts: pGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArAaGpINQG!Ij
O1 - Hosts: VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03n
O1 - Hosts: LaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDh
O1 - Hosts: mDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTw
O1 - Hosts: 2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQ
O1 - Hosts: kthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLC
O1 - Hosts: pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOu
O1 - Hosts: PKYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295h
O1 - Hosts: D45fIlUcQXkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkr
O1 - Hosts: BFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQ
O1 - Hosts: B0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZ
O1 - Hosts: VsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZe
O1 - Hosts: 0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI
O1 - Hosts: SkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQF
O1 - Hosts: CB0M8QVqQ03njLaEvqEZgGrC6YxzcAH
O1 - Hosts: EfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlF
O1 - Hosts: wmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkth
O1 - Hosts: MSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37
O1 - Hosts: 1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPK
O1 - Hosts: iAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArA
O1 - Hosts: GpINQG!Ij1VH7UJ1cSRClSixPsNwB8
O1 - Hosts: 51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLa
O1 - Hosts: vqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuH
O1 - Hosts: KYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUc
O1 - Hosts: XkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULU
O1 - Hosts: 37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptj
O1 - Hosts: 6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApG
O1 - Hosts: yxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI
O1 - Hosts: SkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQF
O1 - Hosts: CB0M8QVqQ03njLaEvqEZgGrC6YxzcAH
O1 - Hosts: EfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlF
O1 - Hosts: wmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkth
O1 - Hosts: MSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37
O1 - Hosts: 1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPK
O1 - Hosts: iAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArA
O1 - Hosts: GpINQG!Ij1VH7UJ1cSRClSixPsNwB8
O1 - Hosts: 51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLa
O1 - Hosts: vqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuH
O1 - Hosts: KYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUc
O1 - Hosts: XkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULU
O1 - Hosts: 37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptj
O1 - Hosts: 6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApG
O1 - Hosts: yxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI
O1 - Hosts: SkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQF
O1 - Hosts: CB0M8QVqQ03njLaEvqEZgGrC6YxzcAH
O1 - Hosts: EfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlF
O1 - Hosts: wmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkth
O1 - Hosts: MSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37
O1 - Hosts: 1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPK
O1 - Hosts: iAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArA
O1 - Hosts: GpINQG!Ij1VH7UJ1cSRClSixPsNwB8
O1 - Hosts: 51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLa
O1 - Hosts: vqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuH
O1 - Hosts: KYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUc
O1 - Hosts: XkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULU
O1 - Hosts: 37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptj
O1 - Hosts: 6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApG
O1 - Hosts: yxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI
O1 - Hosts: SkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQF
O1 - Hosts: CB0M8QVqQ03njLaEvqEZgGrC6YxzcAH
O1 - Hosts: EfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlF
O1 - Hosts: wmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkth
O1 - Hosts: MSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37
O1 - Hosts: 1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPK
O1 - Hosts: iAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArA
O1 - Hosts: GpINQG!Ij1VH7UJ1cSRClSixPsNwB8
O1 - Hosts: 51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLa
O1 - Hosts: vqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuH
O1 - Hosts: KYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUc
O1 - Hosts: XkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULU
O1 - Hosts: 37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptj
O1 - Hosts: 6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApG
O1 - Hosts: yxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI
O1 - Hosts: SkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQF
O1 - Hosts: CB0M8QVqQ03njLaEvqEZgGrC6YxzcAH
O1 - Hosts: EfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlF
O1 - Hosts: wmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkth
O1 - Hosts: MSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37
O1 - Hosts: 1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPK
O1 - Hosts: iAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArA
O1 - Hosts: GpINQG!Ij1VH7UJ1cSRClSixPsNwB8
O1 - Hosts: 51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLa
O1 - Hosts: vqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuH
O1 - Hosts: KYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUc
O1 - Hosts: XkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULU
O1 - Hosts: 37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptj
O1 - Hosts: 6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApG
O1 - Hosts: yxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI
O1 - Hosts: SkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQF
O1 - Hosts: CB0M8QVqQ03njLaEvqEZgGrC6YxzcAH
O1 - Hosts: EfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPKYiAJLQohRTwD2aYztusygoxRmlF
O1 - Hosts: wmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkth
O1 - Hosts: MSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37
O1 - Hosts: 1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuHPK
O1 - Hosts: iAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUcQXkthTNOMSArA
O1 - Hosts: GpINQG!Ij1VH7UJ1cSRClSixPsNwB8
O1 - Hosts: 51rSkrnBFXmnzLEdwTgExkQ897bULUuJJ37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLa
O1 - Hosts: vqEZgGrC6YxzcAHREfqrpvX6dO43lptjN6QDhkJgmDzeuZZvFVsPqUeKeslHnOuH
O1 - Hosts: KYiAJLQohRTwD2aYztusygoxRmlFtwmQo1XBnMApGTyxiiPZeM0KcyNyvoKG9O295hCD45fIlUc
O1 - Hosts: XkthTNOMSArAaGpINQG!Ij1VH7UJ1cSRClSixPsNwB8SPI51rSkrnBFXmnzLEdwTgExkQ897bULU
O1 - Hosts: 37!1tLCjY2pY4jvVaQFbCB0M8QVqQ03njLaEvqEZgGrC6YxzcAHREfqrpvX6dO43lptj
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - D:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - D:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [vmgre32] D:\WINDOWS\system32\vmgre32.exe
O4 - HKLM\..\Run: [9801] D:\WINDOWS\system32\syscache.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-18 Startup: Webshots.lnk = D:\Program Files\Webshots\WebshotsTray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Webshots.lnk = D:\Program Files\Webshots\WebshotsTray.exe (User 'Default user')
O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\WebshotsTray.exe
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O10 - Unknown file in Winsock LSP: d:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: d:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: d:\progra~1\speedb~1\sblsp.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A68498CE-7C56-435A-A49A-7722AD78C3AC}: NameServer = 218.248.255.212 218.248.241.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

--
End of file - 13907 bytes
Reply With Quote
  #6  
Old 21-11-2010
Member
 
Join Date: Nov 2010
Posts: 1
Re: How can i remove spyware.possible_website_hijack

heres my log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:09:55 PM, on 11/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\SpyDoc\Spyware Doctor\pctsAuxs.exe
D:\SpyDoc\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
D:\SpyDoc\Spyware Doctor\pctsTray.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\DL's\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\DL's\PowerSuite\powersuite.exe
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\JEFF\My Documents\Downloads\Programs\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=16148&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\DL's\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CheckHO Class - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] "C:\WINDOWS\system32\M-AudioTaskBarIcon.exe"
O4 - HKLM\..\Run: [ISTray] "D:\SpyDoc\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [IDMan] "D:\DL's\Internet Download Manager\IDMan.exe" /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "D:\movie\Ares\Ares.exe" -h
O4 - HKCU\..\RunOnce: [PowerSuite] "D:\DL's\PowerSuite\launcher.exe" delay 20000 -m
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: Download all links with IDM - D:\DL's\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\DL's\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\DL's\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: 1261128508 (.1261128508) - Unknown owner - C:\Program Files\1261128508\JEFF1261128508L.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\SpyDoc\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\SpyDoc\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WLSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 8468 bytes
Reply With Quote
  #7  
Old 22-11-2010
Member
 
Join Date: Oct 2010
Posts: 88
Re: How can i remove spyware.possible_website_hijack

Looks like your computer system is in a real mess, there is allot of spyware on your computer system and I think the only solution would be to format the computer. Also, after formatting I request you to please have a legal antivirus software on the system that protects from all the malicious programs to avoid any problem in the future. I hope you understand how important is the antivirus for your computer security.
Reply With Quote
Reply

  TechArena Community > Technology > Networking & Security
Tags: , , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "How can i remove spyware.possible_website_hijack"
Thread Thread Starter Forum Replies Last Post
How to remove Fun Web Products Spyware Laquan AntiVirus Software 3 25-08-2011 11:35 AM
HELP cannot remove spyware (Antivirus 2008 spyware removal) Jaiyana Networking & Security 5 31-08-2010 02:54 AM
I am not able to remove Spyware Doctor Nipissing Networking & Security 6 11-06-2010 05:16 AM
How to remove KVMSecure Spyware Malorie Networking & Security 4 17-03-2010 06:51 AM


All times are GMT +5.5. The time now is 04:44 PM.