spyware

hello,
i did all the steps in "read me first"

i ran the bitdefender 2 times. i ran it first in normal mode because i wasnt sure if it would run in safe mode, but it did so i ran it in safe mode too and it found the same thing so i guess it wasnt deleted.

the panda found 30 spyware infections.

spybot was clean

adaware had 14 (they were deleted)

microsoft removal tool didnt find anything.

i enabled everthing in my startup folder before i ran hijack this and now aol spyware found 6 items and blocked them. (but didnt delete them) since i did this the computer is down to a crawl!

microsoft antispyware found claria.precisiontime

 

Well one thing I notice is that you didnt follow the thread below...

Uninstall Malware via Add/Remove Programs

After you follow the thread above, reboot and attach a fresh HJT log.

 

the first thing i did before running the steps was to check the add/remove programs. nothing on the list was there and i check again now and nothing is there.



i think a lot showed up when i enabled everything in my startup folder. (but they are hidden maybe?) could they have been dormant until i did that. i will reboot now and post a new log.
thankyou

 

here is the log

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Microsoft AntiSpyware
(Uninstall this so it will not block anything we try to fix.)

Viewpoint


Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Tray Temperature] C:\DOCUME~1\chris\LOCALS~1\Temp\MiniBug.exe 1
O4 - HKLM\..\Run: [BORYF] C:\WINDOWS\BORYF.exe
O4 - Global Startup: AlfyAccelerator.lnk = C:\Alfy\Clever Island\AlfyAccelerator.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://instan tgreetings.aol.com/prod/install.html
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.104/app/view22RTE.cab

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\Viewpoint ← Delete this whole folder if it exist!

C:\Program Files\ClockSync ← Delete this whole folder if it exist!

C:\Program Files\ezula ← Delete this whole folder if it exist!

C:\Program Files\WeatherCast ← Delete this whole folder if it exist!

C:\Program Files\BargainBuddy ← Delete this whole folder if it exist!

C:\Program Files\ClearSearch ← Delete this whole folder if it exist!

C:\WINDOWS\BORYF.exe

C:\WINDOWS\System32\msbb.exe

Next, run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

• Temporary Files
• Temporary Internet Files
• Recycle Bin

And Click OK.


Reboot to Normal Windows, and procede with the below.

Please see the below thread on how to run WinPfind and attach the log.

• Running WinPfind by OldTimer

 

i only found viewpoint folder , i didnt see any of the others.
in hijack this in 016 there is pogo, do i have to have that?

 

The pogo in the O16 entries are ActiveX controls, you can fix them if you like but if you play those games you will have to reinstall the ActiveX to play them.

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

After you complete the above, reboot and let me know how things are running.

 

things are ok but it takes a long time to start up. also i forgot to mention that i got an error message:

error could not execute main: the system cannot find the file specified

(this isnt the first time it came up)

 

here is the log if you needed it

 

Are you familiar with Limeshop, I've been curious about this one?? Also, If you want a faster boot, getting rid of the AOL Spyware mess with the other stuff and Ewido (if you didnt purchase it) will help your boot speed. McAfee I dont like but thats up to you, this will cause a slow boot as well.

Let's run another scan, see the below thread on how to install and run Spy Sweeper.

Running Spy Sweeper...

 

i think limeshop is part of limewire (something my kids put on)

what part of aol should i remove? i think their spyware protection is not much help (obliviously)

macafree come with aol for free. if i take that off should i put avg on instead? i have avg on another computer.

 

It's up to you but I would recommend removing this as it's a number one cause for malware related problems these days.

Personally, anything that belongs to AOL, but thats my opinion.

Yes, I would recommend AVG AntiVirus for many reasons, mainly it uses less resources and does a better job IMO.

 

Your log looks good, are you having any current problems?

 

i got rid of macafee and installed avg and zone alarm. could you check my log?

 

Looks good, have HJT fix this one entry and you will be set.

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

You should see this article on How to Protect yourself from malware!

Surf Safely!

 

zone arlarm said that mcafee is still trying to acess the web...i blocked it but should it still be trying when i uninstalled it?

 

What file was it referring to? Have you checked for any leftover for McAfee, like in C:\Program Files ?