Help needed to remove spyware,etc.

By SabakuKyuu
Jan 30, 2005
  1. This is my 1st time using Hijackthis and i have almost no clue on how to remove the spyware on the log, can anyone give me some help on how to remove it or what program i should use to remove it? I have a log posted below, not sure what i should delete or leave.

    Thanks in advance.

    Edit: ahh, just figured out how to remove things. but i still need help on what i should remove.

    Edit: changed the attachment to a txt file

    Attached Files:

  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Nobody in their right mind will open a .doc file (MS and virus)
    Repost please with a .txt extension.
  3. SabakuKyuu

    SabakuKyuu TS Rookie Topic Starter

    can anyone help?
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Move your HJT to its OWN directory, don't run it from the desktop!

    Boot in Safe mode.

    Switch OFF Restore Points.

    UNinstall anything to do with:
    C:\Program Files\Optimum Online\Netsurf.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\LiveUpdate\LiveUpdate.exe
    C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll
    C:\Program Files\Ares Lite Edition\AresLite.exe

    Next, click Ctrl/Alt/Del and in Taskmanager try to STOP these processes:

    Next, run HJT on its own and let it 'fix' (if still there):
    C:\Program Files\Optimum Online\Netsurf.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mgdwg.dll/sp.html#37049
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mgdwg.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mgdwg.dll/sp.html#37049
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {395654E0-C152-DEFC-F1D5-D4ED74FC94EC} - C:\WINDOWS\javaer32.dll
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
    O4 - HKLM\..\Run: [netdll] C:\WINDOWS\Drivers\netdll.exe
    O4 - HKLM\..\Run: [mstb32.exe] C:\WINDOWS\system32\mstb32.exe
    O4 - HKLM\..\Run: [msjv.exe] C:\WINDOWS\system32\msjv.exe
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) -
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) -
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) -
    O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)
    O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\addfj32.exe

    When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.

    Clean all contents from your Temp. Internet Files in IE and Firefox.
    Clean all contents from: c:\Documents and Settings\[username]\Local Settings\Temp

    If all is OK, switch ON Restore Points.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...