Well combofix removed some of what we wanted out of there, but not all of it.
First of all let's get rid of some of these things manually;
You will have to navigate to these folders manually and remove the items noted in RED. Don't remove the entire folder, just those single entries I note in RED;
C:\Documents and Settings\All Users\Application Data\WildTangent
C:\Documents and Settings\All Users\Application Data\kgvsrrma
C:\Documents and Settings\All Users\Application Data\uzkiodzh
C:\Documents and Settings\All Users\Application Data\odavibsv
I also noted that you did install Spy Hunter, sorry cauzomb, this isn't a program I can recommend. It USED to be listed on the Spyware Warrior Rogue/Suspect-Anti-spyware list and while it is no longer listed on THAT list it is still a program that they do not recommend for the reasons quoted below, and I have to say I agree;
All that taken into consideration I would recommend that you now UNINSTALL that program via Add/Remove. I am sorry I didn't mention this sooner as SpyHunter isn't free - if it were to actually detect something, users then have to pay $30 for removal. Tests of the product indicate its spyware detection is extremely limited, capable of detecting only a tiny percent of spyware.Note on Enigma SpyHunter: Enigma's SpyHunter anti-spyware application was listed on this page primarily because of the company's history of employing aggressive, deceptive advertising. The company was also known for exploiting the name "spybot" in its domain names and online advertising. These objectionable business practices were employed primarily from late-2002 to mid-2004.
Sometime during summer of 2004 the company halted the most obnoxious and objectionable aspects of its online advertising. It also unloaded all the "spybot" domains (which were promptly picked up by Paretologic for its XoftSpy anti-spyware application).
While there are still unresolved allegations that SpyHunter transmits the Windows Product ID from users' PCs (1), we can no longer classify this application as "rogue/suspect." Nonetheless, SpyHunter -- at least in its current state -- cannot be recommended because of its mediocre performance as an anti-spyware scanner. Testing indicates that it does not recognize some well-known spyware installations and has difficulty removing critical spyware/adware files even from those it does recognize (1). Given the many excellent competing anti-spyware applications that are available (some for free), users would do better looking elsewhere for trustworthy anti-spyware protection.
Once you have done all of the above then next let's clean up the HJT log and then we will try again to get rid of the remaining entries in the registry after that
.
Run HJT again and place checkmarks in the following entries if they still remain;
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll (file missing)
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll (file missing)
O4 - HKLM\..\Run: [ece3c94e] rundll32.exe "C:\WINDOWS\system32\imtdamet.dll",b
O4 - HKCU\..\Run: [sqrjigmy] C:\WINDOWS\system32\alabqbkn.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O20 - Winlogon Notify: ddcBSIbb - ddcBSIbb.dll (file missing)
Once you have placed the checkmarks then click the Fix Checked button.
Exit HJT.
Reboot the computer.
Then run combofix again the following my original instructions, and also run HJT again. Post back here with both new logs.
Judy
Reply With Quote
Originally Posted by jholland1964
I'll check out the malwarebytes proggy for future stuff.
