TechSpot

Help needed to remove spyware,etc.

By SabakuKyuu
Jan 30, 2005
Topic Status:
Not open for further replies.
  1. This is my 1st time using Hijackthis and i have almost no clue on how to remove the spyware on the log, can anyone give me some help on how to remove it or what program i should use to remove it? I have a log posted below, not sure what i should delete or leave.

    Thanks in advance.

    Edit: ahh, just figured out how to remove things. but i still need help on what i should remove.

    Edit: changed the attachment to a txt file

    Attached Files:

  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Nobody in their right mind will open a .doc file (MS and virus)
    Repost please with a .txt extension.
  3. SabakuKyuu

    SabakuKyuu TS Rookie Topic Starter

    can anyone help?
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Move your HJT to its OWN directory, don't run it from the desktop!

    Boot in Safe mode.

    Switch OFF Restore Points.

    UNinstall anything to do with:
    C:\Program Files\Optimum Online\Netsurf.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\LiveUpdate\LiveUpdate.exe
    C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll
    C:\Program Files\Ares Lite Edition\AresLite.exe

    Next, click Ctrl/Alt/Del and in Taskmanager try to STOP these processes:
    C:\WINDOWS\system32\msjv.exe
    C:\WINDOWS\addfj32.exe
    C:\WINDOWS\Drivers\netdll.exe
    C:\WINDOWS\system32\mstb32.exe

    Next, run HJT on its own and let it 'fix' (if still there):
    C:\Program Files\Optimum Online\Netsurf.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\addfj32.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mgdwg.dll/sp.html#37049
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mgdwg.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mgdwg.dll/sp.html#37049
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {395654E0-C152-DEFC-F1D5-D4ED74FC94EC} - C:\WINDOWS\javaer32.dll
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
    O4 - HKLM\..\Run: [netdll] C:\WINDOWS\Drivers\netdll.exe
    O4 - HKLM\..\Run: [mstb32.exe] C:\WINDOWS\system32\mstb32.exe
    O4 - HKLM\..\Run: [msjv.exe] C:\WINDOWS\system32\msjv.exe
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)
    O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\addfj32.exe

    When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.

    Clean all contents from your Temp. Internet Files in IE and Firefox.
    Clean all contents from: c:\Documents and Settings\[username]\Local Settings\Temp

    If all is OK, switch ON Restore Points.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.