Jump to content


Help With ADS Spy/And Hijack Stuff

  • This topic is locked This topic is locked
3 replies to this topic

#1 Hijack Help

Hijack Help


  • Full Member
  • Pip
  • 2 posts

Posted 31 May 2007 - 11:29 AM

Well, I'm a huge program installer type of person, after awhile, on this less than like 3 month old computer, I could disable all non windows start up stuff, and it still would take a long time to start...

Some websites don't even load for me, ones I used to visit fine on this computer, even resetting IE and internet connections doesn't fix this....

I scanned with Ad-Aware, it found 172 spyware objects, and with Ad-Watch, it blocks regularly non stop tracking cookies, even when I havn't opened up IE, at the end of the day there can be over 300 of them...

I downloaded this in hopes to fix whatever problems there are, if the cause of it is this...

Logfile of HijackThis v1.99.1
Scan saved at 12:12:42 PM, on 5/31/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\IE Accelerator\IEAccelerator.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\System32\msconfig.exe" /auto
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{84AAF7EF-4F0A-44AD-A1F8-925CA39988C7}: NameServer =,
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{84AAF7EF-4F0A-44AD-A1F8-925CA39988C7}: NameServer =,
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer =
O17 - HKLM\System\CS2\Services\Tcpip\..\{84AAF7EF-4F0A-44AD-A1F8-925CA39988C7}: NameServer =,
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Secondary Logon (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

I scanned with ADS spy, I got this...

C:\ProgramData\TEMP : C4252FE0 (126 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\ProgramData\TEMP : C4252FE0 (126 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\All Users\TEMP : C4252FE0 (126 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\All Users\TEMP : C4252FE0 (126 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Mike\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\1D170F22-00000001.eml : OECustomProperty (820 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Mike\Favorites\Computers\IBuyPower Computer Intel Quad-Core Configurator.url : favicon (1406 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Mike\Favorites\Computers\Polywell Poly i680SLI.url : favicon (1078 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Mike\Favorites\Dynasty Warriors 3 Xtreme Legends - Fifth Weapons FAQ-Walkthrough.url : favicon (1406 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Mike\Favorites\iPOD Stuff\Dupe Eliminator For iTunes v3.6 Released iPod Hacks The Latest and Greatest News and Info for Your iPod.url : favicon (1150 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Mike\Favorites\iPOD Stuff\Hack Attack Play games on your iPod for FREE - Lifehacker.url : favicon (9062 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Mike\Favorites\iPOD Stuff\Ipodmame - wikiPodLinux.url : favicon (1086 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Mike\Favorites\iPOD Stuff\pinny71691 - iPod Game's Cracked .url : favicon (1150 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Mike\Favorites\Utilities\Ashampoo Burning Studio 7.01.url : favicon (29926 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Mike\Favorites\Utilities\Complete Toolbar.url : favicon (24190 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Mike\Favorites\Utilities\Kaspersky Lab Antivirus software.url : favicon (7078 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Mike\Favorites\Utilities\MicroSurfer Plus Edition 2.3.2..url : favicon (29926 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Mike\Favorites\Utilities\SafeGuard Easy.url : favicon (1406 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Mike\Favorites\Utilities\Secunia.url : favicon (1150 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Mike\Favorites\Utilities\Tracks Eraser Pro 5.7.url : favicon (29926 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)

My Proccesses

Process list saved on 12:28:44 PM, on 5/31/2007
Platform: Unknown Windows (WinNT 6.00.1904)

[pid] [full path to filename] [file version] [company name]
1768 C:\Windows\system32\taskeng.exe 6.0.6000.16386 Microsoft Corporation
1808 C:\Windows\system32\Dwm.exe 6.0.6000.16386 Microsoft Corporation
1940 C:\Windows\Explorer.EXE 6.0.6000.16386 Microsoft Corporation
2460 C:\WINDOWS\RtHDVCpl.exe Realtek Semiconductor
2468 C:\WINDOWS\System32\igfxtray.exe Intel Corporation
2476 C:\WINDOWS\System32\hkcmd.exe Intel Corporation
2484 C:\WINDOWS\System32\igfxpers.exe Intel Corporation
2568 C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe Lavasoft Sweden
2828 C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
3020 C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
696 C:\Program Files\IE Accelerator\IEAccelerator.exe Huntersoft
3704 C:\Program Files\Hijackthis\HijackThis.exe Soeperman Enterprises Ltd.

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,530 posts

Posted 03 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 jedi


    aequam memento rebus in arduis servare mentem

  • Retired Staff
  • PipPipPipPipPip
  • 15,830 posts

Posted 12 June 2007 - 08:58 AM


Sorry about the wait, we’re very busy. If you still need help please post a fresh HiJackThis log and I will review it.


My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#4 jedi


    aequam memento rebus in arduis servare mentem

  • Retired Staff
  • PipPipPipPipPip
  • 15,830 posts

Posted 20 June 2007 - 04:43 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!