Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hi , I hope Im in the right place cause I have a real problem here. Even though I know about hijackthis (which I learned thanks to all of you here)and its log which ill gladly share with anyone that could help me. Please keep in mind that I am a lay person here and know relatively very little about computers.
The other day I was doing some simple scrapbooking tasks and my PC was soooooo very slow. I also noticed my norton was disabled (its suppossed to start up with the PC. Well I scanned the PC with norton, housecall and other posted they all found nothing. I found this strange registry entry under HKEY LOCAL MACINE, Software-microsoft-windows-current version-run once.OOBEDDDemise reg sz cmd/x /c erase C:\WINDOWS\system32\ooboe\msoobe.exe(which you will see in the log), windows installer is acting up according to the errors I am getting. My printer is malfunctioing so I uninstalled it for the time being and also put in recovery disk which didnt help or repair anything. I have all these uninstall files ( about 45 of them} in windows all blue in color(like a link) and everything in dllcache is all blue too. Are they suppossed to be that way? Ive never seen anything look this way. Well Ive tried several different things and deleted the spyware. No change at all in pc behavior Also keep in mind I have 2 teenage girls (thats why we have stayed on AOL) that Ive asked not to dl anything but you know teenage girls. My husbands PC shares a connection with this one and its slower than mine with only minimal items on it just for him, it shouldnt be slow at all. he knows very very little about computers but is a genius on the piano, LOL. I dont know much so please explain what I should do in simple terms. Oh yeah in windows task manager I also noticed under CPU every process running says 0 except system idle process which stays between 90-99 at all times I dont know if that even means anythign but im trying to post what Ive seen. You guys are wonderful. Thanks so much in advance for any help you can give me. RNonLYNE
Heres the log jabuck. Thanks so much. Im trying to scan again but its not recording a log..Scaning started: 1/20/2006 20:02:14
Registry Backup created 1/20/2006 20:02:32Number of infections found: 23
Cookie:owner@2o7[2].txt |Tracking Cookie
Cookie:owner@advertising[1].txt |Tracking Cookie
Cookie:owner@atdmt[2].txt |Tracking Cookie
Cookie:owner@doubleclick[1].txt |Tracking Cookie
Cookie:owner@as-us.falkag[1].txt |Tracking Cookie
Cookie:owner@ehg-oreilly.hitbox[2].txt |Tracking Cookie
Cookie:owner@hitbox[2].txt |Tracking Cookie
Cookie:owner@mediaplex[1].txt |Tracking Cookie
Cookie:owner@questionmarket[1].txt |Tracking Cookie
Cookie:owner@tribalfusion[1].txt |Tracking Cookie
RegKey:HKEY_LOCAL_MACHINE\software\classes\interface\{cabbb49a-4d7b-415b-8250-15c3b854e9ff} |Adware
Cookie:owner@counter2.hitslink[2].txt |Tracking Cookie
RegKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} |Spyware
RegKey:HKEY_CLASSES_ROOT\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} |Spyware
RegKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4817E4B-04B6-11D3-8862-00C04F72F303} |Spyware
RegKey:HKEY_LOCAL_MACHINE\software\classes\interface\{F4817E4B-04B6-11D3-8862-00C04F72F303} |Spyware
RegKey:HKEY_CLASSES_ROOT\CLSID\{F4817E4B-04B6-11D3-8862-00C04F72F303} |Spyware
RegKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E6AB780-7743-11CF-A12B-00AA004AE837} |Spyware
RegKey:HKEY_CLASSES_ROOT\CLSID\{5E6AB780-7743-11CF-A12B-00AA004AE837} |Spyware
RegKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851} |Spyware
RegKey:HKEY_CLASSES_ROOT\interface\{F4817E4B-04B6-11D3-8862-00C04F72F303} |Spyware
RegKey:HKEY_CLASSES_ROOT\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851} |Spyware
RegVal:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,msci |Spyware
Items added to Quarantine:
Cookie:owner@2o7[2].txt |2o7
Cookie:owner@advertising[1].txt |Advertising
Cookie:owner@atdmt[2].txt |ATDMT
Cookie:owner@doubleclick[1].txt |doubleclick
Cookie:owner@as-us.falkag[1].txt |Falkag
Cookie:owner@ehg-oreilly.hitbox[2].txt |HitBox.com
Cookie:owner@hitbox[2].txt |HitBox.com
Cookie:owner@mediaplex[1].txt |Mediaplex
Cookie:owner@questionmarket[1].txt |QuestionMarket
Cookie:owner@tribalfusion[1].txt |TribalFusion
RegKey:HKEY_LOCAL_MACHINE\software\classes\interface\{cabbb49a-4d7b-415b-8250-15c3b854e9ff} |TOPicks
Cookie:owner@counter2.hitslink[2].txt |HitsLink.com
RegKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} |Unknown Spyware
RegKey:HKEY_CLASSES_ROOT\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} |Unknown Spyware
RegKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4817E4B-04B6-11D3-8862-00C04F72F303} |Unknown Spyware
RegKey:HKEY_LOCAL_MACHINE\software\classes\interface\{F4817E4B-04B6-11D3-8862-00C04F72F303} |Unknown Spyware
RegKey:HKEY_CLASSES_ROOT\CLSID\{F4817E4B-04B6-11D3-8862-00C04F72F303} |Unknown Spyware
RegKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E6AB780-7743-11CF-A12B-00AA004AE837} |Unknown Spyware
RegKey:HKEY_CLASSES_ROOT\CLSID\{5E6AB780-7743-11CF-A12B-00AA004AE837} |Unknown Spyware
RegKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851} |Unknown Spyware
RegKey:HKEY_CLASSES_ROOT\interface\{F4817E4B-04B6-11D3-8862-00C04F72F303} |Unknown Spyware
RegKey:HKEY_CLASSES_ROOT\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851} |Unknown Spyware
RegVal:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,msci |Unknown SpywareItems added to Quarantine:
Cookie:owner@2o7[2].txt |2o7
Cookie:owner@advertising[1].txt |Advertising
Cookie:owner@atdmt[2].txt |ATDMT
Cookie:owner@doubleclick[1].txt |doubleclick
Cookie:owner@as-us.falkag[1].txt |Falkag
Cookie:owner@ehg-oreilly.hitbox[2].txt |HitBox.com
Cookie:owner@hitbox[2].txt |HitBox.com
Cookie:owner@mediaplex[1].txt |Mediaplex
Cookie:owner@questionmarket[1].txt |QuestionMarket
Cookie:owner@tribalfusion[1].txt |TribalFusion
RegKey:HKEY_LOCAL_MACHINE\software\classes\interface\{cabbb49a-4d7b-415b-8250-15c3b854e9ff} |TOPicks
Cookie:owner@counter2.hitslink[2].txt |HitsLink.com
RegKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} |Unknown Spyware
RegKey:HKEY_CLASSES_ROOT\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} |Unknown Spyware
RegKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4817E4B-04B6-11D3-8862-00C04F72F303} |Unknown Spyware
RegKey:HKEY_LOCAL_MACHINE\software\classes\interface\{F4817E4B-04B6-11D3-8862-00C04F72F303} |Unknown Spyware
RegKey:HKEY_CLASSES_ROOT\CLSID\{F4817E4B-04B6-11D3-8862-00C04F72F303} |Unknown Spyware
RegKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E6AB780-7743-11CF-A12B-00AA004AE837} |Unknown Spyware
RegKey:HKEY_CLASSES_ROOT\CLSID\{5E6AB780-7743-11CF-A12B-00AA004AE837} |Unknown Spyware
RegKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851} |Unknown Spyware
RegKey:HKEY_CLASSES_ROOT\interface\{F4817E4B-04B6-11D3-8862-00C04F72F303} |Unknown Spyware
RegKey:HKEY_CLASSES_ROOT\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851} |Unknown Spyware
RegVal:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,msci |Unknown Spyware
Cookie deleted: owner@2o7[2].txt
Cookie deleted: owner@advertising[1].txt
Cookie deleted: owner@atdmt[2].txt
Cookie deleted: owner@doubleclick[1].txt
Cookie deleted: owner@as-us.falkag[1].txt
Cookie deleted: owner@ehg-oreilly.hitbox[2].txt
Cookie deleted: owner@hitbox[2].txt
Cookie deleted: owner@mediaplex[1].txt
Cookie deleted: owner@questionmarket[1].txt
Cookie deleted: owner@tribalfusion[1].txt
Registry key deleted: HKEY_LOCAL_MACHINE\software\classes\interface\{cabbb49a-4d7b-415b-8250-15c3b854e9ff}\TypeLib
Registry key deleted: HKEY_LOCAL_MACHINE\software\classes\interface\{cabbb49a-4d7b-415b-8250-15c3b854e9ff}\ProxyStubClsid32
Registry key deleted: HKEY_LOCAL_MACHINE\software\classes\interface\{cabbb49a-4d7b-415b-8250-15c3b854e9ff}\ProxyStubClsid
Registry key deleted: HKEY_LOCAL_MACHINE\software\classes\interface\{cabbb49a-4d7b-415b-8250-15c3b854e9ff}
Cookie deleted: owner@counter2.hitslink[2].txt
Registry key deleted: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InProcServer32
Registry key deleted: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
Registry key deleted: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4817E4B-04B6-11D3-8862-00C04F72F303}\InProcServer32
Registry key deleted: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4817E4B-04B6-11D3-8862-00C04F72F303}
Registry key deleted: HKEY_LOCAL_MACHINE\software\classes\interface\{F4817E4B-04B6-11D3-8862-00C04F72F303}\ProxyStubClsid32
Registry key deleted: HKEY_LOCAL_MACHINE\software\classes\interface\{F4817E4B-04B6-11D3-8862-00C04F72F303}\NumMethods
Registry key deleted: HKEY_LOCAL_MACHINE\software\classes\interface\{F4817E4B-04B6-11D3-8862-00C04F72F303}
Registry key deleted: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E6AB780-7743-11CF-A12B-00AA004AE837}\InProcServer32
Registry key deleted: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E6AB780-7743-11CF-A12B-00AA004AE837}
Registry key deleted: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32
Registry key deleted: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}
Registry value deleted: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,msciThanks, RNonLYNE
Thanks So Much, RNonLYNE
0 
What is the log you posted from(antivirus or spyware tool)?Can you post the any HT log,maybe and older one.
0
You can go to start>search>all files and folders> then type in "hijackthis.log" without the quotes and you should be able to find the older HT logs.Just double click the newest one and copy the contents and post it.
0
Hi Jabuck, Heres a log. I just gave up dl the new version and ran another scan. I dont think the other is working properly. It will not save or log anything today. So here it is.RNonLYNE
Logfile of HijackThis v1.99.1
Scan saved at 7:41:55 PM, on 1/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Spyware Cleaner\SpywareCleaner.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\America Online 9.0a\aolwbspd.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\AOL COMPANION\COMPANION.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.exe" /boot
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.pw.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.pw.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2B23650-77EB-432C-8E7C-2A39500511F0}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SpywareCleanerService - Secure Computer, LLC - C:\Program Files\Spyware Cleaner\SCService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeThanks So Much, RNonLYNE
0
First,while I review the log, go to start>control panel>add/remove programs and uninstall Spyware Cleaner, it is a rogue anti spyware progarm ans should not be used.
0
There is not much in the HT log to suggest that you have a problem. It does look like you had a virus.
The registry entry (O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe ) is not considered a problem entry.
Run Ht again, close all windows and browsers excspt HT, place a check to the left of the following items and press "fix checked":
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.exe" /boot
O23 - Service: SpywareCleanerService - Secure Computer, LLC - C:\Program Files\Spyware Cleaner\SCService.exe
Then download crap cleaner from this link ccleaner to clean out all your temp files. Make sure there is not anything in the recycle bin that you need as ccleaner will delete recycle bin items unless checked not to do so. Then run it in safe mode after running Ewido.
Download Ewido Security Suite then set it up this way Ewido Setup Instructions reboot into safe mode by following the directions here and run Ewido .When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop in case you need it later.
Please reboot into normal mode and post the ewido log and a new HT log.
0
Ok, Thanks will do all as requested. Just got home from an errand so may take a little time but I will post as soon as I can get it all done. What about all these $Unistall entries listed in windows? They do not show up in Add/Remove programs. Are they something I need to install? Why are they listed there? Can I get rid of them? They each have subfolders associated with them called (also blue btw)spuninst.exe, spuninst.inf and a text file. And the first file right under windows is black called $hf_mig$. One more thing (sorry),There is something still wrong with windows installer. Its not uninstalling correctly and giving me error messages. ok I will shut up now. Thanks agin. Get back to you soon I hope. RNonLYNE
Thanks So Much, RNonLYNE
0
Those are legit files. Go to start>control panel>folder options>view and tick the circle beside this:
Do not show hidden files and folders
And place a check in the box to the left of these:
Hide extensions of known file types and Hide protected system operating files
Then click apply>ok
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
