Can someone look at my HJT log please?

My internet explorer is running very slow lately, so I thought I could be infected with spyware. I have run the cleaning programs as per the spyware cleaning thread. Just wanted one of you pros to take a look at my hijack this log to see if you see any problems. Your help is very much appreciated. Thanks!

 

Your HJT version is out dated, please update to Hijack This 1.99.1 and attach a new log using the new version.

 

I have updated HJT and attached a new log. Thanks

 

That log is using the old version of HJT.

 

Internet running slow

My internet recently has been running very slowly, especially when web browswing with internet explorer. Often the pages cannot be loaded. Often, i am notified that "a network cable is unplugged", although my internet cable is still plugged in. So maybe this is a problem with my cable or my wall jack. I ran all the spyware removal tools listed in the tutorial page, and I also ran panda active scan and bit defender. I have attached those logs, as well as a HJT log. I was hoping someone could look at them and see what can be fixed, and if this is related to a malware problem or an internet problem with my connection. Thanks!

 

Thanks. The new HJT log has been posted, along with bitdefender and active scan logs. Please view when you have a chance.

 

First, look in Add/Remove Programs and uninstall Logitech Desktop Messenger.

Please see the below thread on how to install and run Ewido Security Suite.

• Running Ewido Security Suite ...

 

I uninstalled the logitech desktop manager and ran ewido. Attached are the ewido log and the HJT log that I ran after ewido.

 

Before we start the fix, run HJT and fix all of the O18 enties and then follow the below.

Copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file iefix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.)

Double-click on the iefix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to merge, click YES!

After you complete the above, reboot and attach a fresh HJT log.

 

I fixed all of the 018 entries. When i double clicked the iefix.reg file, it asked if i wanted to add the information to the registry file, and I clicked yes. It did not ever prompt me to "merge." I rebooted and ran HJT and attached the log. Thanks!

 

Please see the below thread on how to install and run Spy Sweeper.

Running Spy Sweeper...

 

I am having some problems after installing spy sweeper. My internet browser is frequently freezing up, especially when I click a link, such as the "manage attachments" button to attach my logfiles for this post. I closed spy sweeper and it seemed to stop these problems, but when I try to attach my logs, it says upload failed and attachment in progress. What should I do? I can't attach my logs

 

If you have ran Spy Sweeper as requested go ahead and uninstall it and attach the logs.

 

I uninstalled but still am unable to attach the logs. Upload Errors
hijackthis.log:
Attachment in Progress. Can be deleted here.
spysweeper.txt:
Attachment in Progress. Can be deleted here.

any suggestions?

 

Weird, paste the logs inline and I will convert them for you.

 

Inline logs attached!

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Ewido

Spy Sweeper

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {DE910060-8EFB-44B9-B492-75180696643F} - http://www.hotsearchbar.com/toolbar30/hsrb.cab

Again, make sure ALL browser windows are closed when you click FIX.

Next, run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

• Temporary Files
• Temporary Internet Files
• Recycle Bin

And Click OK.


Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

Reboot, Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Ok, I fixed those items in HJT. Ran CCleaner and Ad-aware. Ad-aware didn't find any entries to delete, everything was fine. I tried to update spybot S&D, but the download was taking forever. I closed it and tried it again, but again it just wasn't making any progress when i tried to download the updates. this has been a problem in the past. So i ran it anyways and 3 entries came up. goldenpalacecasino, windows security center antivirus disable notify and windows security center firewall disable notify. These same 3 entries come up every time I run spybot search and destroy, going back months. i ran the cleanmgr and disabled and re-enabled system restore. the computer is running quickly, and the internet runs decent also, but occasionally seems to freeze up and i need to refresh to get it going again. but the initial reason i posted was because my internet was basically dead, and that has been fixed. ive attached my fresh HJT log.

 

Attach a scan log from Spybot so I can see what's being detected.

 

ive run the scan again, how do i save a log?

 

Right click in the scan area and you will see the list of options.

 

thanks

 

The "Windows Security Center" entries, are these the only 2 entries that come back everytime?

 

the past 3-4 times there has also a goldenpalacecasino entry, but it did not come up this time

 

Okay, its ok for those 2 entries to be there. They are just showing you have it manually configured, no threat.

Are you having any further problems?

 

I think everything is running smoothly. The initial problem has been resolved! Thanks very much for all of your help.

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!