-
June 15th, 2004, 08:12 PM
#21
32,000+ scanned files so far....not too much
WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!
-
June 16th, 2004, 12:16 AM
#22
Ran the AV scan (left it on while I went to work) and deleted all the trojans (none of which were subseven?) and my HJT logfile is attached, saved it as txt so you won't have to download it.
WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!
-
June 17th, 2004, 10:42 AM
#23
Angelic Knight..
I had the same problem with S&D with the download. After meddling with it I realised that either there was a problem with the update file from that location or somehow it wasn't installing properly. I managed to solve it but choosing another update server instead. My update was then downloaded and installed without the same problem.
Hope this helps you.
-
June 17th, 2004, 03:28 PM
#24
Your log looks really good, except for a few bho's:
You porbably should put HJT in it's own folder, or you are going to have backups littering your desktop.
Put a checkmark next to the following in HijackThis. Make sure all other windows and browsers are closed before clicking on “Fix Checked”
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
O2 - BHO: (no name) - {72557F9F-13AE-44C9-B3D7-5091B599027C} - C:\WINDOWS\system32\smail11.dll
O2 - BHO: (no name) - {BF55256A-3B3B-11D2-B05B-000001145917} - (no file)
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialer...ecomendada.cab
Go to your add/remove programs and remove Wild Tangent, and also check to make sure there are no dialers installed.
Reboot and submit a new log.
-
June 17th, 2004, 03:46 PM
#25
Thanks groovicous, this is the new log. Going to run S&D again now.
WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!
-
June 17th, 2004, 04:01 PM
#26
ops:
Did I look at the wrong log before? Everyone names their log hjt and I must have gotten it confused..let's try this again (either that, or you have hijackers fighting with each other):
Boot into safe mode before doing the following....
Put a checkmark next to the following in HijackThis. Make sure all other windows and browsers are closed before clicking on “Fix Checked”
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
Reboot. If I might make a recommendation, many people consider Messenger Plus as Spyware, and most of us that deal with these logs recommend that it be uninstalled. I'll let you Google for it and draw your own conclusions though.
Also, next time you post your log, do it as a hidden post, or name your log to your user name, and number it, so I can keep it straight.
-
June 17th, 2004, 04:23 PM
#27
heh, I didn't install MSN Plus, my brother did and if I un-install it i get questioned, if i get questioned I get annoyed (as i don't like answering stupid questions) and if i get annoyned--well you get the picture. Will boot into safe mode and post my log..hidden
EDIT: Just realized something...I get different results each time I run HJT why? Going to boot into safe mode in a minute and post a log from there. (Altough I honestly hate restarting so it might take a while)
WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!
-
June 17th, 2004, 05:00 PM
#28
Ususally when you get different results, it is because all the hijackers and spyware are fighting for control. As you get rid of one, another one pops up, so sometimes it takes a while to get rid of all of it.
-
June 18th, 2004, 04:08 AM
#29
found a good new cleaner out there that evan cleans about:blank try http://www.adwareaway.com
-
June 18th, 2004, 04:40 AM
#30
Simple fact is that no tool removes all malware. Even after running the tools, there is always manual removal. It's just the way it is. I personally think one should be more responsible than just suggesting one tool will fix everything...I mIght check it out just for giggles though. I don't see where it is doing anything new, but then again, I'm a little biased.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|