Complete novice

Welcome to Majorgeeks!

Below is where you should have begun,

If you still have NoAdware and AdwareAway installed, uninstall them now. Also uninstall any other tools you install that do not work unless you buy them. The only things you should keep are what we recommend in the below READ & RUN ME steps.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis
​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
  • Bitdefender
  • Panda Scan
  • HijackThis

.

 

Do you use Optimum Online Toolbar ? I would think you do not need it. It is not malware but it is junk that typical ISP install that you have no need of. If you do not use it look in Add/Remove programs for it and uninstall it.

Also if SpywareBot is in Add/Remove programs, uninstall it. It is a rogue tool.

If fact, let's get an installed programs list from HijackThis too!

• Run HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Click Save List (generates uninstall_list.txt)
• Click Save, to save it to a file where you can find it.
• Attach the uninstall_list.txt file to your next message.

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.infospace.com/info.cablev.toolbar/dog/forms/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\lserver\server.vbs"
O4 - HKLM\..\Run: [SpywareBot] "C:\Program Files\SpywareBot\SpywareBot.exe" -boot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\SpywareBot <--- the whole folder if found.
C:\Documents and Settings\Owner\Application Data\Infospace <--- the whole folder if found.


Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Why is HijackThis now being run incorrectly???? You had it correct in your last log. Delete the below file and do not use it anymore like this:
C:\Documents and Settings\Owner\My Documents\HJT\HijackThis.exe

Only use the one in C:\Program Files\HJT\HijackThis.exe

However that being said, your log is clean. How is everything working now?

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

Spy Sweeper is mentioned in the How to protect thread! If you have it, why aren't you using it. Is it a paid version? If not, then you don't really have it.

You are not running MS Java. You more than likely have version of Sun Java already installed but you need to make sure you have the current version. You can see the installed versions of Java in Add/Remove programs. You can also goto Control Panel and double click on the Java icon. It will take awhile for it to show after double clicking on it. Just be patient. When it comes up, select the General tab and then click the About button. If you are not running Version 5.0 Update 7 (it will say something like Version 1.5.0 (build 1.5.0_07) ) then you need to download and install the update. Then uninstall all old versions of Sun Java.

More than likely it is already but to be sure, bring up Cotnrol Panel and double click on User Accounts. When the next window comes up, locate the Guest account and make sure it says Guest account is off. If it says Guest account is on, click on the Guest account and in the next window select the option that says Turn off the guest account.

 

Then install it per the link in the How to protect thread.

No! Move that backup folder to C:\Program Files\HJT\ This was where you were supposed to be running HijackThis from when you did the fixes that saved the backups.

Your log does not show any signs of Spy Sweeper being loaded. If it was loading there would be several lines where it shows up and it would also be in the process list. Thus, it is either not loading or it is not installed. And per your Installed programs list that you gave me in message number 6, Spy Sweeper is not installed.