Hijack log - can anyone check it please?

linni

As I think I have a virus because my computer is really playing up. Sometimes when I turn it on, I just get a black screen. I have to p ut it to sleep and then start it up again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:18:00, on 15/10/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\hp\kbd\kbd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talktalk.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mum\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxce_device - - C:\Windows\system32\lxcecoms.exe
O23 - Service: lxcy_device - - C:\Windows\system32\lxcycoms.exe
O23 - Service: lxda_device - - C:\Windows\system32\lxdacoms.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
--
End of file - 12448 bytes

linni

I tried to run Combofix but it asks me to disable Super-antispyware and I wasn't sure how to do it but I tried unticking home page protection and application protection but it still wouldn't run so I didn't wan't to risk doing anything in case I made things worse. My wireless mouse and keyboard are playing up too and it is very difficult to point at anything (i've tried putting in new batteries) or type in anything.

debitcardmayhem

linni wrote: »

I tried to run Combofix but it asks me to disable Super-antispyware and I wasn't sure how to do it but I tried unticking home page protection and application protection but it still wouldn't run so I didn't wan't to risk doing anything in case I made things worse. My wireless mouse and keyboard are playing up too and it is very difficult to point at anything (i've tried putting in new batteries) or type in anything.

Morning Linni,
I wouldn't run Combofix unless you have been advised to do so by one of the experts on combofxi to do so. Have you run Malwarebytes ?
If not I would do that first download it from here

Then First of all go to the Update Tab and select Update, then go to Scan Tab and post the log of the scan here. One of the experts will hopefully picj up the thread after that.

HoofeHearted

Fix these using hijackthis:-

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispat...=%s&tbid=60076

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

linni

Thank you both. Here is the Malwarebytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5023
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975
02/11/2010 20:34:47
mbam-log-2010-11-02 (20-34-47).txt
Scan type: Full scan (C:\|D:\|F:\|K:\|)
Objects scanned: 453935
Time elapsed: 1 hour(s), 43 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)


And I will 'fix' the Hijack this items now.

The_Grandmaster

How is the computer running now?

The things highlighted by the OP is worrying. Do you have a log from SUPERantispyware available?

If the computer still is having problems - which may be possible if no malware has been detected with malwarebytes (unless other programmes detected it first), it may be worth running combofix. AlienRIK is the person to find on this board for advise on how to run it and who will check the logs for you.

linni

Hi Grandmaster - I managed to get on it this morning without the black screen appearing but it is still sluggish and the mouse still won't to go where I want it to. Here is the last Superantisypware log if AlienRIK or one of the techie's could check it for me:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/02/2010 at 06:26 PM
Application Version : 4.45.1000
Core Rules Database Version : 5796
Trace Rules Database Version: 3608
Scan type : Complete Scan
Total Scan Time : 01:23:00
Memory items scanned : 891
Memory threats detected : 0
Registry items scanned : 9613
Registry threats detected : 0
File items scanned : 66636
File threats detected : 43
Adware.Tracking Cookie
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\mum@uk.at.atwola[1].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\mum@www.googleadservices[1].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\mum@interclick[2].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\mum@tacoda[2].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\mum@tracking.dc-storm[2].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\mum@invitemedia[1].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\mum@media6degrees[1].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\mum@track.adform[2].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\mum@chitika[1].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\mum@www.googleadservices[3].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\mum@ad.yieldmanager[1].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\mum@ads.pubmatic[1].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\mum@avgtechnologies.112.2o7[1].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\mum@stat.aldi[2].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\Low\dad@ad.yieldmanager[2].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\Low\dad@ru4[2].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\Low\dad@tacoda[1].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\Low\dad@track.adform[1].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\Low\dad@uk.at.atwola[1].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@adtech[1].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@ad.yieldmanager[2].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@adserver.adtechus[1].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@ads.pointroll[1].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@bs.serving-sys[2].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@clickfuse[2].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@content.yieldmanager[1].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@content.yieldmanager[3].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@interclick[1].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@liveperson[1].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@liveperson[2].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@lucidmedia[2].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@media.adfrontiers[1].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@media6degrees[2].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@microsoftuk.122.2o7[1].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@pointroll[2].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@revsci[1].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@ru4[2].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@server.iad.liveperson[2].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@serving-sys[1].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@tacoda[2].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@track.adform[1].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@trafficmp[2].txt
C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Cookies\Low\mum@uk.at.atwola[1].txt

nottseagull

linni wrote: »

keyboard are playing up .

If your mouse is working then a good tip is to go to start-all programs-system tools( I think; it has been disabled on this library PC) and use Windows Virtual Keyboard. A little tedious, but better than nothing!

I don't want to HijackThis thread ,so if any of you techie types would care to take a look at the log I have just posted on # 24 here, I'd be very grateful.
https://forums.moneysavingexpert.com/discussion/comment/38162236#Comment_38162236
Also, I cannot run Combofix until I have (reinstalled?) Recovery Console from the XP CD (see screenprint on #25).

The_Grandmaster

The superantispyware log is unremarkable (only shows cookies).

I would try and contact alienRIK if I were you - send him the link to this page and ask if you should run combofix.

linni

Just to update, as I didn't have a lot of time yesterday. I logged on this morning and it seems to be working ok. I didn't get the black screen and the mouse and keyboard are definately better. I ran some of the online virus scanners and used an AVG removal tool (from other threads) and nothing showed up. Thanks to everyone who replied, for your help, as I'm a complete numpty as far as these things are concerned.

aliEnRIK

Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out

If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
(If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive)