Need Help With Spysheriff

It would have been useful if you posted some of the logs from the online scanners. If you still have them, please post them.

Make sure you follow the steps below for installing, running, and posting a HijackThis log.

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

You must exit all browsers ( C:\Program Files\Internet Explorer\iexplore.exe ) before running HijackThis.

It is not a good idea to put HJT in a temp folder:
C:\temp\Spy Ware Tools\HijackThis.exe

It is too easy to loose backups that way. File cleaning programs typcially delete stuff from temp folders.

Is the below your expected start page?
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm


If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)


After clicking Fix, exit HJT.

Boot into safe mode and use Windows Explorer to delete:
C:\winstall.exe
C:\Program Files\SpySheriff

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now reboot in normal mode and continue with the below.

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixadt.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixadt.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Now post a new HJT log. And tell us how things are working.

 

Your Mouse not working in safe mode is probably more of an issue to discuss in the Hardware Forum. It could be driver related. But make sure you indicate what kind of mouse by name/brand. Also is it a standard PS2 mouse, is it wireless, etc.

You still have HJT install improperly:

C:\Documents and Settings\Owner\My Documents\Spyware Tools\Spy Ware Tools\HijackThis.exe

See my original instructions.

But you appear to be clean anyway.

As far as you inabiity to run Ccleaner, your first message said you ran ALL steps in the READ ME FIRST (although not in safe mode). You made no mention of this.

Try deleting that file and downloading it again from us. Now try to install it. Also try installing while your are in safe mode boot.