Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Definitely almost finished taking back my PC


  • This topic is locked This topic is locked
2 replies to this topic

#1 waldoman

waldoman

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 08 October 2011 - 02:02 AM

Ok, a cup of coffee and 10 hours later it seems that I can FINALLY surf the web at a reasonable speed again.
I have run antivirus, Anti-Malware, SpyBot, next is Ad-Aware but first now that I finally resurected my parents computer is Hijack This. Not too farmiliar with the program but I have analyzed and made many changes thus far. Last but not least... Whatever has hijacked my browser is hurtin at this point. It certianly did a number but I just need to be sure its gone so here goes.
After using some analyzer v2 I found...
I am curious if I should remove these. The first two dissapeared after I updated HJT to 1.99.1
1:O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\System32\browseui.dllSharedTaskScheduler Registry key autorun
Only a CWS variant has been known to use this. Consult a HJT expert before cleaning anything.
2:O22 - SharedTaskScheduler: Component Categories cache daemon -

{8C7461EF-2B13-11d2-BE35-3078302C2030} -

C:\WINDOWS\System32\browseui.dllSharedTaskScheduler Registry key autorun
Only a CWS variant has been known to use this. Consult a HJT expert before cleaning anything.

Not sure what a CWS variant is but these are gone now anyways. Maybe automatically in the new version?

3:O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeCtfmon.exe
"CoolWebSearch Ctfmon32 parasite variant"

Pretty sure I should remove this one but dont want to make any mistakes here.

4:O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5}

-ShellServiceObjectDelayLoad Registry key autorun
HJT automatically weeds out the good ones here so we'll flag this as bad. Consult a HJT expert before

cleaning anything.

Not quite sure here either.

And thats it for now lol wait a week lmao. I will gladly scan again and post the full log file upon request.
Now I am off to check my log on more automated sites to compare.
Any help would be greatly appreciated thank you very much in advance!

Attached Files



BC AdBot (Login to Remove)

 


#2 waldoman

waldoman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 08 October 2011 - 10:23 AM

Please disregard I have worked out a solution on my own. Again, thank you for your time.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:50 AM

Posted 08 October 2011 - 11:27 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users