Here is the finding. I couldn't find anything in your start-up files.
HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"SsiEfr.e" [file not found]
I was told to check your forum on this.
The original Hijack entry has disappeared from my log without my fixing it.
Also, I have tried to uninstall my HP all-in-one as it caused me many problems after I got a new printer. It won't uninstall and still appears in the startup menu.
Thanks
Full Version: New Startup Entry
BleepingComputer.com > Bleeping Computer Applications and Guides > Windows Startup Programs Database
You should ask about your hp printer in the hardware section. I try to stay away from the questions so I do not give the wrong answer 
As for the SsiEfr.e entry; it is related to SpySweeper and though legitimate is not necessary to have. Are you still using SpySweeper?
As for the SsiEfr.e entry; it is related to SpySweeper and though legitimate is not necessary to have. Are you still using SpySweeper?
I just started using Spy Sweeper again. I did find, on my own, Windir32.exe....command under Hkey_local_machine\SOFTWARE\microsoft....
It's in the startup....
I continued a search and found limewire there and maybe some other stuff I supposedly eliminated.
I also saw two ad addresses and about:blank fly by on the bottom address as my home page was loading when I signed on.
Bad?
It's in the startup....
I continued a search and found limewire there and maybe some other stuff I supposedly eliminated.
I also saw two ad addresses and about:blank fly by on the bottom address as my home page was loading when I signed on.
Bad?
If you are using spysweeper then there is no harm keeping that entry in the Boot Execute key. As for the other malware, I suggest you either post a HijackThis log in the HJT forum or you can try the Am I infected forum which may give a quicker answer (but not logs are allowed there).
Windir32.exe is definitely not something you want on your system.
http://www.bleepingcomputer.com/startups/w....exe-11732.html
Windir32.exe is definitely not something you want on your system.
http://www.bleepingcomputer.com/startups/w....exe-11732.html
Many thanks for your kind attention.
Windir32.exe doesn't show up in the HJT, nor does the limewire I keep trying to remove. It is a command line item--
HKEY_LOCAL_MACHINE_SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Windows DLL Services Configuration command Windir32.exe item windir32.exe
There is also messenger in the background, realplayer hideat boot time, quicktime hide at boot time. Somehow these don't seem like ok startup items. Am I paranoid?
Thanks. I have been trying to get help elsewhere also but items like these are not showing up on regular scans of most kinds.
Thanks for your help.
Windir32.exe doesn't show up in the HJT, nor does the limewire I keep trying to remove. It is a command line item--
HKEY_LOCAL_MACHINE_SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Windows DLL Services Configuration command Windir32.exe item windir32.exe
There is also messenger in the background, realplayer hideat boot time, quicktime hide at boot time. Somehow these don't seem like ok startup items. Am I paranoid?
Thanks. I have been trying to get help elsewhere also but items like these are not showing up on regular scans of most kinds.
Thanks for your help.
No they wouldn't. Those are showing up there because at some point they were disabled using the Msconfig.exe utility.
Well, I finished with the original tech support group that was helping me and it seems as if all my antispyware, antivirus has been disabled, even though they look as though they might be working. I evidently have something new, involving a keylogger, and probably need to reinstall. I jest checked a list of my startup entries against your lists and hit a run of unknowns. Thoughts?
At this point I would post a Hijackthis log using the instructions here:
http://www.bleepingcomputer.com/forums/topic34773.html
One of our HJT team members will then help determine what is going on with your computer.
http://www.bleepingcomputer.com/forums/topic34773.html
One of our HJT team members will then help determine what is going on with your computer.
The Hijack Log doesn't show much although the combo scan is a bit more revealing in that it shows some suspicious files. There are some telltale created files, although the folders often are most oftem but not always empty.
I used IceSword and it showed a lot more in the startup, registry, and processes (?) than anything else I have used. I just don't know what to get rid of and how. I want to keep whatever it is from reinstalling. And actually, I would love to find out what it is. It seems to be changing most of my modified dates to June 5, 2005. Also, I fear I will reinstall my problems, even from disk. I need the best detective you have! : )
I have backed up files to CD but this thing is so bad I fear I will not be able to use any of it for fear of recontaminating my machine.
Thanks
I used IceSword and it showed a lot more in the startup, registry, and processes (?) than anything else I have used. I just don't know what to get rid of and how. I want to keep whatever it is from reinstalling. And actually, I would love to find out what it is. It seems to be changing most of my modified dates to June 5, 2005. Also, I fear I will reinstall my problems, even from disk. I need the best detective you have! : )
I have backed up files to CD but this thing is so bad I fear I will not be able to use any of it for fear of recontaminating my machine.
Thanks
This forum is really not the place for your problem. I see that you posted a log here:
http://www.techsupportforum.com/security-c...installing.html
I did not read through the whole log, but was it not cleaned to your satisfaction? I would continue with cleaning your infections as suggested in that log. If you are still having a problem please post a new log here with a link to this topic so people know your history.
http://www.techsupportforum.com/security-c...installing.html
I did not read through the whole log, but was it not cleaned to your satisfaction? I would continue with cleaning your infections as suggested in that log. If you are still having a problem please post a new log here with a link to this topic so people know your history.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.