By DMorgan8699 ยท 9 replies
Jun 25, 2005
  1. Hello I need Helpppppppppppppppppp!!!!!!!!!!!!!!!!!!!!!

    HI, My name is Deborah and I live in SC and I am having serious issues with spyware and Malware and I can't figure out where on here to post My HJT log. Can someone help me please???
  2. kol_indian

    kol_indian TS Rookie Posts: 316

  3. DMorgan8699

    DMorgan8699 TS Rookie Topic Starter

    Yes, I have run AdAware SE, AVG, spybot, spyware blaster and registry mechanic to no avail
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    First go HERE and follow the instructions exactly.

    Once you have done that, go HERE for instructions on how to post your Hijackthis log.

    Regards Howard :wave: :wave:
  5. DMorgan8699

    DMorgan8699 TS Rookie Topic Starter

    New Hjt log

    I followed the instructions, and deleted all the files on the list that I had on my computer, I even deleted all of my IE favorites hoping that would help. I am still getting the casino ad popups and several more. Here;s my last HJT Log..
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Let HJT fix this R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =;<local> Only if you don`t use a proxy overide, or you don`t recognise it.

    O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll This one requires special attention, and is the source of your popup problem. Go HERE for removal instructions.

    When you have finished, please post a fresh HJT log.

    Regards Howard :)
  7. DMorgan8699

    DMorgan8699 TS Rookie Topic Starter

    New Log

    I am attaching a copy of the new log and I have another question..everytime I reboot AVG is finding all these trojan viruses and I am moving them to the vault but it's the same ones over and over..I am also attaching a txt document of those files as well maybe you can explain how to get rid of them, they keep reappearing.. Thanks
  8. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Boot in Safe Mode.
    Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:

    buddy.exe <<==(might not be there)

    Next, run a HJT scan and place a tick-mark in the little square before (if still there):
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
    O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINNT\ceres.dll
    O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\cfgmgr52.dll
    O4 - HKLM\..\Run: [PSof1] C:\WINNT\system32\PSof1.exe
    O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire HomePortal Monitor\2portalmon.exe
    O4 - Global Startup: nipk.exe
    Now click on the Fix Checked button in HJT.

    When done, from between the dotted lines, delete ONLY the highlighted bold files.
    Also delete buddy.exe if you can find it.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].

    Check also on this path: C\DOCUME~\DEBORA1~\LOCALS\Temp (from your attached virusfault-list)
    LOCALS could be a typo (instead of LOCALS~) and mean the same as the previous Temp directory, OR it is not.
    If a new or different one, DELETE it with all its contents.

    Now go empty the Virus-vault of AVG.

    Boot normal.
  9. DMorgan8699

    DMorgan8699 TS Rookie Topic Starter

    Fixed I Hope

    I went ahead and did a clean install of Windows 2000 but reformatted my hard drive first. I put Norton back on and did the live updates, I also downloaded all the programs you instructed before and None of them are showing any problems so I have my fingers crossed this has fixed it. Thanks so much for your help.

  10. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    That was rather drastic, and probably not necessary.
    Anyway, a clean install is always the best.
    Make sure you install SP4 and then get the 35-40 Windows-updates from MS.
    Install Firefox as well and use that instead of IE.

    A shame you put Norton's bloatware on, instead of AVG!
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...