TechSpot

Please Check Hijackthis Log File

By hanaleia
Jan 31, 2005
  1. Not sure what each entry is, but I dont have spy bouncer and spyware doctor on my computer anymore. What can I allow hijackthis to remove? Thanks
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Please do not start a new post for the same subject, that is heavily frowned upon!

    Boot in Safe Mode.
    Try to UNinstall anything to do with this lot:
    C:\Program Files\Error Nuker 2004\bin\ErrorNuker.exe
    C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe

    Next, run HJT on its own and let it 'fix (if still there):
    C:\Program Files\Error Nuker 2004\bin\ErrorNuker.exe
    C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
    C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
    C:\WINNT\loadqm.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wachovia.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wachovia.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm
    O4 - HKLM\..\Run: [Error Nuker 2004] C:\Program Files\Error Nuker 2004\bin\ErrorNuker.exe autostart
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2267d3b7d842e0e0bc00/netzip/RdxIE601.cab
    O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://spybouncer.com/downloader.ocx
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

    When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...