MALware - Please review scans (1)

krekerohan · Mar 14, 2007

All steps completed - scan logs attached. This is for a second computer I own. Thank you.

krekerohan · Mar 14, 2007

MALware - Please review scans (2)

All steps completed - scan logs attached. This is for a second computer I own. Thank you.

chaslang · Mar 14, 2007

Re: MALware - Please review scans (2)

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete
c:\windows\system32\INNERVBINSTALL.LOG
c:\windows\dhkw.bin
c:\windows\didduid.ini
c:\windows\smdat32a.sys
c:\windows\system32\fiz1 <--- the whole folder
C:\Documents and Settings\Brandy Connors\Application Data\Lycos <--- the whole folder

Now run Ccleaner

Now reboot in normal mode

Now attach the below new logs and tell me how the above steps went.

HJT

Are you having any malware problems now?

krekerohan · Mar 14, 2007

Re: MALware - Please review scans (2)

I ran HJT. Of the 3 you said to fix, this one was missing:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

I see from the original scan I attached that the line was there.

I ran HJT again - the line was still missing (I've attached both new logs).

So, I aborted the entire process and posted this message. Please advise. Is it ok to proceed with your original instructions without the missing line?

To answer your other question, I'm not sure if I had malware problems before or if I have them now. I don't know how to recognize it. My problem with both computers is extremely lengthy startup and frequent episodes of long, unexplained disk activity that essentially paralyzes the computer. I did uninstall McAfee from my other computer (and am using one of the free alternatives) and it seemed to help with startup somewhat, but I had another episode with unwanted disk activity today. I intend to uninstall Norton from my second computer once I conclude this current issue.

Thanks!

chaslang · Mar 14, 2007

Re: MALware - Please review scans (2)

Just continue with my steps anyway!

And yes Norton is just as bad if not worse than McAfee as far as being a resource hog that will slow your PC down.

You can also have HJT fix the below non-malware items to help with your performance issues:
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

krekerohan · Mar 14, 2007

Completed all steps. Wasn't sure if I was supposed to run HJT afterward. Did so and log attached. How does it look?

I'm on to removing Norton, installing free AV alternative, installing Mozilla, etc.

Thanks!

chaslang · Mar 14, 2007

You're welcome. All clean! I assume you mean you are working thru the How to protect thread already like with your other PC? If so, that's good.

Log in or Sign up

MALware - Please review scans (1)

krekerohan Private E-2

Attached Files:

Activescan.txt

bdscan.txt

CounterSpy.txt

krekerohan Private E-2

Attached Files:

hijackthis.log

newfiles.txt

runkeys.txt

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

krekerohan Private E-2

Attached Files:

hijackthis2.log

hijackthis3.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

krekerohan Private E-2

Attached Files:

hijackthis4.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member