begin2search

Ran adaware and spybot (as I have done religiously for a long time) and found problems I didn't have a few days ago. spybot removed some but adaware found others and couldn't remove all without a reboot. SInce I'm using Firefox I was surprised but WTH. I have a hijack this logifle if someone has time to look at it. Most of it looks OK to me but I'm no expert which is why I'm here.
Also wondered if I should toss the restore points on my external HD and perform a complete new backup after this is all checked out. Actually, I guess it would be stupid not to.


Bob

 

Hi zakysdad1,
You should start by going thru this tutorial. Come back annd post you results and BJ or Chas will assist you from there.
Good Luck,
T.Blue

http://forums.majorgeeks.com/showthread.php?t=35407

 

OK

ran trend micro, ad aware, spybot but AOL spyware tool says that I have Saveathome but frankly, I don't see it.
I ran a Hijackthis report just to confirm everything is OK. If you have time, please review.

Bob

 

Zakysdad1,

You have not completed the online scans listed in the READ ME, is there a reason why?

Please run these online scans:

TrendMicro Online Scan
Bitdefender online scan
RavAntivirus online scan <-- select Auto Clean then click Scan My PC
TrojanScan online scan


After you completed these online scans, reboot and post a fresh HJT log.

 

OK,
ran all. here is the hijackthis log

 

Scan with HijackThis and Check the Boxes for the following:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
(These O6 entries are most likely added from Spybot S&D, you will need to remove those from the program)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/05555e5ba08b8cd25a20/netzip/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://pcmcam.cityofpanamacity.com/wg_webeye.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab

O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: MacFormatService - Unknown owner - C:\Program Files\Conversions Plus\FORMATM.EXE" /SERVICE (file missing)

Make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


After doing ALL of the above REBOOT, Scan with HijackThis and attach the new log.

 

Everything seems to be working great and aol no longer says I have the Saveathome bug. Here is the HJT log. I really learned a lot here.

Bob

 

Your HJT log is clean!

Are you having any further problems?