We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Help needed.Firefox and Itunes wont load.

2»

Comments

  • sunshine54
    sunshine54 Posts: 400 Forumite
    thats a hell of a log, no wonder my isp gives macafee away free
  • sunshine54
    sunshine54 Posts: 400 Forumite
    for a start i'd uninstall MyWebSearch and funwebproducts add ons. full of adware
  • gaming_guy
    gaming_guy Posts: 6,128 Forumite
    1,000 Posts Combo Breaker
    edited 6 May 2009 at 6:15PM
    sunshine54 wrote: »
    thats a hell of a log, no wonder my isp gives macafee away free
    mcafee is more than useless. you would be better off with something like kaspersky (paid) or antivir & pctools firewall (free)

    anyway, the backdoor trojan doesnt look very good. i guess that may have been where the worms & other trojans came from.


    as for the HJT log, the following can be removed.

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)


    i guess all the mywebsearch ones with file missing can removed
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Please update Malwarebytes and run a FULL scan this time (You ran a QUICK scan)
    :idea:
  • josha007
    josha007 Posts: 224 Forumite
    Oh theyre add ons!!I thought they were programs.How do I remove them from firefox?

    Is there anything else I can do?
  • Money_Grabber13579
    Money_Grabber13579 Posts: 4,465 Forumite
    Part of the Furniture 1,000 Posts Newshound! Name Dropper
    Run a full scan! It'll probably take well over an hour, and find loads more stuff! You probably haven't even found half the trojans on the quick scan! Oh and as was said before, make sure you update again as it's now on database version 2084.
    Northern Ireland club member No 382 :j
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    TICK these with hijack and FIX them ~
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL (file missing)
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL (file missing)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (file missing)
    O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL,UPF
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=0
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [A00F56691.exe] C:\DOCUME~1\Mike\LOCALS~1\Temp\_A00F56691.exe
    O4 - HKCU\..\Run: [nvd32_r] rundll32.exe "C:\Documents and Settings\Mike\Application Data\unobi.dll" s
    O4 - HKCU\..\Run: [A00FB08B5.exe] C:\DOCUME~1\Mike\LOCALS~1\Temp\_A00FB08B5.exe
    O4 - HKCU\..\Run: [A00FD159C.exe] C:\DOCUME~1\Mike\LOCALS~1\Temp\_A00FD159C.exe
    O4 - HKCU\..\Run: [A00F143E21.exe] C:\DOCUME~1\Mike\LOCALS~1\Temp\_A00F143E21.exe
    O4 - HKCU\..\Run: [A00F7D3F7.exe] C:\DOCUME~1\Mike\LOCALS~1\Temp\_A00F7D3F7.exe
    O4 - HKCU\..\Run: [DiskChk help] rundll32.exe "C:\Documents and Settings\All Users\proto.dll" run
    O4 - HKCU\..\Run: [A00F2A642C.exe] C:\DOCUME~1\Mike\LOCALS~1\Temp\_A00F2A642C.exe
    O4 - HKCU\..\Run: [A00F3B7149.exe] C:\DOCUME~1\Mike\LOCALS~1\Temp\_A00F3B7149.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZJxdm088YYGB
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,C:\WINDOW S\System32\dxtrans32.dll
    O20 - Winlogon Notify: c0542e0c583 - C:\WINDOWS\System32\dxtrans32.dll
    O20 - Winlogon Notify: __c00354E0 - C:\WINDOWS\system32\__c00354E0.dat
    O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe (file missing)

    (You can do this whilst malwarebytes is running its FULL scan ;))
    :idea:
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Download CCLEANER (Make sure you click 'DOWNLOAD LATEST VERSION' ~ make sure YAHOO TOOLBAR is unticked on installation)
    http://www.filehippo.com/download_ccleaner/
    Run the CLEANER scan
    Then run the REGISTRY scan (Backup the registry when it asks)
    :idea:
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.2K Banking & Borrowing
  • 253.6K Reduce Debt & Boost Income
  • 454.3K Spending & Discounts
  • 245.3K Work, Benefits & Business
  • 601K Mortgages, Homes & Bills
  • 177.5K Life & Family
  • 259.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture