Go Back   Cyber Tech Help Support Forums > Software > Malware Removal


Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Topic Tools
Old November 3rd, 2007, 03:29 AM
n0b0dy n0b0dy is offline
New Member
Join Date: Nov 2007
Posts: 5
A little help please.... {moved by PL}

I have a windows xp machine and I just recently reinstalled the os. Someone has been on it, and now I have SpyShredder. How does one get rid of this? I have tried the add/ remove programs, norton symantec, and other spyware/addware programs. I really need to stop this thing from happening. I have also tried the spyshredder removal tool..... could someone please help
Reply With Quote
Old November 3rd, 2007, 04:21 AM
renegade600's Avatar
renegade600 renegade600 is offline
CTH Subscriber
Join Date: Sep 2003
O/S: Linux
Location: Osceola, Ar
Posts: 26,654
post a hijackthis log in the cyber safety forum. Since there are few helpers and alot of posts for help, please be patient and one of them will get to your log as soon as possible.
Reply With Quote
Old November 3rd, 2007, 07:58 AM
n0b0dy n0b0dy is offline
New Member
Join Date: Nov 2007
Posts: 5
Thanks Renegade

i will post a hijackthis log as soon as i'm able. thanks for your prompt response.
Reply With Quote
Old November 5th, 2007, 09:51 PM
n0b0dy n0b0dy is offline
New Member
Join Date: Nov 2007
Posts: 5
Logfile of HijackThis v1.99.1
Scan saved at 12:17:50 PM, on 11/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1192413824490
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1192421585812
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F13BE68-332E-43B3-B93C-A961193C154F}: NameServer =,
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

Last edited by n0b0dy; November 5th, 2007 at 09:52 PM. Reason: This is the hijackthis log. Any help would be appreciated.
Reply With Quote
Old November 5th, 2007, 09:52 PM
n0b0dy n0b0dy is offline
New Member
Join Date: Nov 2007
Posts: 5
This is the hijackthis log. Any help would be appreciated.
Reply With Quote
Old November 5th, 2007, 11:08 PM
1069 1069 is offline
Senior Member
Join Date: Jun 2007
O/S: Windows Vista 32-bit
Location: Wirral U.K.
Posts: 311
Can't help with your log - but there is a fix for this here:
Spyshredder Removal
You may be advised to wait for advice from a log expert.
Reply With Quote
Old November 5th, 2007, 11:59 PM
n0b0dy n0b0dy is offline
New Member
Join Date: Nov 2007
Posts: 5
Thanks for the response. I forgot to mention in the original plea for help that I have tried the spyshredder removal tool. It didn't do the trick. I appologize for omitting that before...
Reply With Quote
Old November 11th, 2007, 04:03 AM
Morfeasss Morfeasss is offline
CTH Subscriber
Join Date: Feb 2006
O/S: Windows XP Home
Location: Greece
Posts: 5,140
Hello n0b0dy,

If you still need assistance please post back a fresh HijackThis log.

I would also like to see another kind of scan, download Silent Runners to your desktop. Run it, and post back here the log it creates. If your AV queries the script, allow it to run. It's not malicious. It will create a file named Startup Programs, and will notify when the scan is complete. Copy the log from the Startup Programs file back here.
Reply With Quote


Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Help Please! - moved from XP DDHarris Malware Removal 1 January 25th, 2009 06:35 AM
I just moved SeijinAlmasy The Anything Else Board 0 August 13th, 2007 12:02 PM
pop ups - moved by Tom bol1 Internet / Browsers 3 July 5th, 2007 10:34 PM
Something is just not right - moved by Tom Dr J Windows XP 13 March 24th, 2007 06:04 PM

All times are GMT +1. The time now is 03:20 AM.