Spyware Removed?

I had idesk MFC Application/idemlog/idesk/Wareout which caused a large desktop menu to appear everytime I started Windows -- had gambling,dating,pharmacy,spyware etc menus and extra stuff in my Startup. I came to Maj Geeks to get rid of it and did all the suggested preliminary things. I think one of the on-line scanners got rid of it. Your info has been very helpful. I then switched to BitDefender 9 antivirus software from Symmantec Antivirus and from Aluria Security Center to Webroot Spysweeper and think these are helping me alot more. I run them regularly and do what they say. I now also run Microsoft Antispyware, Spybot, AdAware, Register Mechanic and some other stuff occassionally. I want to know if I'm OK now. I think I have extraneous stuff in my HijackThis file and want to make sure I am malware free and operating efficiently.
Matt

 

If you have completed the steps in the READ ME, attach the requested logs. The Panda & Bit Defender logs with a current HJT log.

 

Bit Defender on line showed clean but couldn't save file. Instead attached a Bit Defender report from my Bit Defender 9. Panda scan attached.

A problem I didn't mention before is a box appearing on various internet pages with the i and The page cannot be displayed. The requested page displays but sometimes the i and message is in a small box somewhere on the page.

 

Please see the below thread on how to install and run Spy Sweeper.

Running Spy Sweeper...

 

New logs attached as requested for Spysweeper and Hijack.
Matt

 

Please see the below thread on how to install and run Ewido Security Suite.

• Running Ewido Security Suite ...

 

Ewido clean.
Matt

 

From normal mode please attach a fresh HJT log.

 

HiJack log attached.
Matt

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Ewido

Spy Sweeper

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: (no name) - {BD20DAFF-68E1-D683-6D28-FC8DD888964E} - browsebar.dll (file missing)

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O15 - Trusted Zone: http://*.windowsupdate.com

O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} - hcp://system/TechTools.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)

Again, make sure ALL browser windows are closed when you click FIX.

Next, run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

• Temporary Files
• Temporary Internet Files
• Recycle Bin

And Click OK.

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

Reboot, Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Did everything you suggested and all seems fine. I appreciate the help and all the techniques you taught me. Trying to attach Hijack log but keep getting error.

You said to delete Spy Sweeper. I like it because of its shields, updates and ease of use. I also use SpyBot, Aluria, Ad-Aware SE Personal and XoftSpy. Is there something about Spy Sweeper that is a problem?

Do you have a problem with me using HiJack to eliminate the following:
04 GWMDMMSG - it's a Gateway modem driver and I use high speed internet
09 Extra Button - file missing
09 Extra Tools - file missing
016 4 Symmantec items and I switched to Bit Defender 9
016 HouseCall and Windows Security - I think these are on-line scanners or
spyware programs I downloaded and no
longer need
023 4 Bit Defender - file missing

 

There, got the Hijack log attached.
Matt

 

No, it's one of the best programs out there, the reason I requested it be uninstalled is because unless you purchase it, it's no good. If you have purchased it you can leave it. When using XoftSpy, I would be careful, this has been known for fasle positives. Personally I would so without this one but that's up to you.

The O4 & O16 you can remove, the two O9 & O23 and legit entries. HJT has a bug that shows "file missing" when it really is not.

 

Your HJT log is clean, are you having any further problems?

 

No I'm not. Much appreciative of your help.
Matt

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!