Home > Please Help > Please Help Me Remove WorldAntiSpy! HJT Log Inside

Please Help Me Remove WorldAntiSpy! HJT Log Inside

Please help me as soon as possible. Logfile of HijackThis v1.99.1 Scan saved at 1:33:53 AM, on 11/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe My spybot check will detect 'ShopAtHome' and 'CoolSearch', something of this sort. Please don't fill out this field. http://swiftinv.com/please-help/please-help-hjt-log-inside.html

Open a new file in NotePad, and copy the contents of the below mentioned "Quote" box to NotePad:- cd %windir% cd system32 attrib -s -r -h apigz32.exe del apigz32.exe attrib -s If you need help please start a new thread and post a new HJT log The forum is run by volunteers who donate their time and expertise.Want to help others? Follow Us Facebook Twitter Help Community Forum Software by IP.BoardLicensed to: What the Tech Copyright © 2003- Geeks to Go, Inc. Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file https://www.bleepingcomputer.com/forums/t/27985/hjt-log-please-analyse/?view=getnextunread

Article Which Apps Will Help Keep Your Personal Computer Safe? To make sure that there are no viruses/spyware lurking in the PC, you can perform online virus scan at TrendMicro HouseCall and an online spyware scan at TrendMicro Spyware Scan. 0 Seaner, Sep 27, 2005 Replies: 8 Views: 3,439 Seaner Sep 29, 2005 Locked Downloader.Trojan Agent uj episcopo, Sep 29, 2005 Replies: 0 Views: 1,846 episcopo Sep 29, 2005 Locked lockx.exe problems

After these steps, reboot the PC, and post a fresh HijackThis log and also post the SpSeHjFix log that was created earlier. 0 OPDiscussion Starter faery 11 Years Ago Hi, I O4 - Global Startup: WorldAntiSpy.lnk = C:\Program Files\WorldAntiSpy\WorldAntiSpy.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130969172343 O18 - Filter: Click here to join today! It's 100% free.

This is my newest HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 9:45:13 AM, on 9/19/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: Cluster headaches forced retirement of Tom in 2007, and the site was renamed "What the Tech". Rogue/Suspect Anti-Spyware Products - Notes - Listing Criteria - Special Cases - De-Listed Applications - Not On the List - Old News Rogue/Suspect Anti-Spyware Sites - Bogus Security Pages Legitimate/Licensed Clones The same goes for the 'SearchList' entries.

Then run, you will receive a warning message saying "Database not found", click "OK" for this. Reboot and post a new HJT log and the log that was created by 'SpSeHjfix'. So you can always have HijackThis fix this.O12 - IE pluginsWhat it looks like: O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dllWhat to do:Most All Rights Reserved.

End without Reboot (9/17/05 6:38:31 PM) Disinfection started (9/17/05 6:38:31 PM) Bad-Dll(IEP): c:\windows\diapt.dll (9/17/05 6:38:31 PM) UBF: 8 - UBB: 2 - UBR: 21 (9/17/05 6:38:31 PM) UBF: 8 - UBB: http://www.geekstogo.com/forum/topic/71562-bloodhoundw32ep-closed/ O15 - Unwanted sites in Trusted ZoneWhat it looks like: O15 - Trusted Zone: http://free.aol.comO15 - Trusted Zone: *.coolwebsearch.comO15 - Trusted Zone: *.msn.comWhat to do:Most of the time only AOL and Thank you. The F1 items are usually very old programs that are safe, so you should find some more info on the filename to see if it's good or bad.

For the R3 items, always fix them unless it mentions a program you recognize, like Copernic.F0, F1, F2, F3 - Autoloading programs from INI filesWhat it looks like:F0 - system.ini: Shell=Explorer.exe Check This Out If you are looking for information on the most recent rogue anti-spyware applications, we recomend visiting these sites: BleepingComputer.com: Spyware & Malware Removal Guides MalwareBytes: Newest Rogue Threats MalwareBytes Blog Bharath's Please check the HJT log below. HijackThis uses a whitelist of several very common SSODL items, so whenever an item is displayed in the log it is unknown and possibly malicious.

Follow the prompts on screen.Wait for the tool to complete and disk cleanup to finish.The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk Entries for those applications remain to point to explanatory notes below the main list If you don't find an application included on the main list of "rogue/suspect" anti-spyware products below, you Additional Details + - Last Updated 22 hours ago Registered 2011-12-29 Maintainers merces License GNU General Public License version 2.0 (GPLv2) Categories Anti-Malware User Interface Win32 (MS Windows) Intended Audience Advanced Source I understand that I can withdraw my consent at any time.

I find hijackthis very usful and easy to use.I have saved that web page to my disk to come back again and again. associations (1); same app as AntiVirus Gold, MalwareWiped, SpyAxe, SpyFalcon, SpyLocked, Spyware Sheriff, SpywareStrike, TitanShield AntiSpyware, & VirusBlast [A: 6-14-05 / U: 1-4-06] AdwareDeluxe adwaredeluxe.com platinumparter.com false positives work as goad If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I scanned my computer using Hijackthis is below is the log.

I alsom have symantic antivirus installed in my computer. Article 4 Tips for Preventing Browser Hijacking Article Malware 101: Understanding the Secret Digital War of the Internet Article How To Configure The Windows XP Firewall List How to Remove Adware Register now to gain access to all of our features, it's FREE and only takes one minute. Avast also pops up with a notification saying it has blocked a threat whenever I am using google chrome.

It is important to exercise caution and avoid making changes to your computer settings, unless you have expert knowledge. The list should be the same as the one you see in the Msconfig utility of Windows XP. Yes, my password is: Forgot your password? http://swiftinv.com/please-help/please-help-hijack-this-log-inside.html PEC2 8/4/2004 8:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc PTech 8/3/2005 10:33:42 AM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL PECompact2 9/9/2005 11:08:28 AM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe aspack 9/9/2005 11:08:28 AM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe aspack 8/4/2004 8:00:00 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll UPX!

bloomcounty, Sep 27, 2005 Replies: 10 Views: 2,353 bloomcounty Sep 28, 2005 Locked ! Advertisements do not imply our endorsement of that product or service. It was originally developed by Merijn Bellekom, a student in The Netherlands. End without Reboot (9/17/05 6:38:48 PM) Disinfection started (9/17/05 6:38:48 PM) Bad-Dll(IEP): c:\windows\diapt.dll (9/17/05 6:38:48 and this is the second: (9/17/05 6:37:56 PM) SPSeHjFix started v1.1.2 (9/17/05 6:37:56 PM) OS: WinXP

An extended list of quality anti-spyware products is HERE.If your PC is already infested with spyware or adware, see the instructions below for getting help. Really appreciate your help =) Regards, faery 0 swatkat 14 11 Years Ago Hi, Download CleanUp! Very few legitimate programs use it (Norton CleanSweep uses APITRAP.DLL), most often it is used by trojans or agressive browser hijackers.In case of a 'hidden' DLL loading from this Registry value Show Full Article Up Next Up Next Article Malware 101: Understanding the Secret Digital War of the Internet Up Next Article How To Configure The Windows XP Firewall Up Next List

Username or email: I've forgotten my password Forum Password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Community Forum Back to top #6 LDTate LDTate Forum God Root Admin 57,133 posts Posted 15 November 2005 - 07:22 PM I suggest you do this: Double-click My Computer. Isn't enough the bloody civil war we're going through? To free up disk space, you can delete the "old" System Restore points except the latest one.