We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

I think I've got some sort of virus

2»

Comments

  • closed
    closed Posts: 10,886 Forumite
    edited 14 April 2011 at 8:58PM
    Lot of bloat on there, some general tips if you want to speed it up

    This is a general guide on cleaning up infections and speeding up pc's https://forums.moneysavingexpert.com/discussion/2436849 . The best way of cleaning up a slow or badly infected machine is to backup data, and do a factory restore using the factory restore partition or Windows disc.

    If you haven't all ready done it, Install Malwarebytes and do a FULL (not quick) scan (after updating it), fix anything found before closing, otherwise you'll have to do it all over again. If anything was found reboot the machine before continuing. http://www.filehippo.com/download_malwarebytes_anti_malware/

    If you know you have just been infected, with a fake antivirus for example, running system restore to a previous restore point is often the fastest way of getting your machine working again

    Making any changes to a PC setup always comes with a slight risk of something going wrong, the worse case scenario is an unbootable PC - ideally you should have got a backup of important data on dvd or external disk, and a disk image backup (http://www.macrium.com/reflectfree.asp) or windows disc/factory restore partition available before you start. In the unlikely event that anything does go wrong, post on another pc for advice.

    Install and run ccleaner (untick the google toolbar during the install). Untick the "windows log files" box, under the system heading before cleaning. http://www.piriform.com/ccleaner/download/slim

    If you suspect an infection, here are some other virus scanners to try, let them fix anything found

    http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
    http://www.surfright.nl/en/hitmanpro
    http://support.kaspersky.com/downloads/utils/tdsskiller.exe


    Scanning with all the scanners above along with your resident scanner should remove most or all infections if there are any present on your machine, below is some specific (optional) advice based on your log which may help to improve speed and tidy things up.



    Using Hijackthis, tick and fix all the lines beginnning with O16

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    Using Hijackthis, tick and fix all the (no file)'s

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)


    Click the java icon in control panel, advanced, misc - untick java quick starter, and untick place icon in task bar

    Disable ctfmon - control panel, regional and language options,languages, details, advanced, tick the Turn off advanced text services, ok

    Uninstall any IE toolbars (browser helper objects or BHO's) or Firefox plugins that you don't need, this is a list of the IE BHO's evident in the log

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\s wg.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll


    Unless you use media sharing across the network, disable it in media player, library, media sharing, or options media sharing, untick find and share media

    If you want a speedy machine, Use windows firewall and replace your antivirus and security software with avast 6 free - (a fast and lightweight virus scanner with good detection rates) http://www.avast.com/free-antivirus-download :


    Install and run startuplite, accept suggested changes - http://www.malwarebytes.org/StartUpLite.exe

    Uninstall mcafee in Control Panel (add/remove programs or programs/features)

    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe


    Uninstall googletoolbar in Control Panel (add/remove programs or programs/features)

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\s wg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183 CA64F05FDD98.dll/cmsidewiki.html


    If you want to try avast, Uninstall avira in Control Panel first (add/remove programs or programs/features)

    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe




    Download and install cleanmem http://www.pcwintech.com/cleanmem (download direct download). In windows explorer, go to c:\windows\tasks, click on the clean system memory task, schedule, advanced, and change it from every 30 minutes to every 5 minutes, then ok, ok. Find c:\program files\cleanmem\mini_monitor, run it and right click the icon (near the clock) to set it to automatically run at startup, show percentage to keep an eye on your ram use.

    In internet explorer, click on tools, internet options, advanced, disable script debugging

    start, run, services.msc, disable these services unless you use them. (make a note of any services you disable,if you have any problems related to these services subsequently, simply re-enable them)

    SSDP Discovery Service
    Remote Registry
    WebClient
    Distributed Link Tracking Client


    Disable this service GoogleUpdate by running services.msc

    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


    Disable this service JavaQuickStarterService by running services.msc

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe


    Disable this service NBService.exe by running services.msc

    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe


    Disable this service McCHSvc.exe by running services.msc

    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe


    Unless you use it, use msconfig to disable qttask.exe from running at startup

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime


    Unless you use it, use msconfig to disable jusched.exe from running at startup

    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe


    Unless you use it, use msconfig to disable ISUSPM.exe from running at startup

    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup


    Unless you use it, use msconfig to disable oaui.exe from running at startup

    C:\Program Files\Tall Emu\Online Armor\oaui.exe
    O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"


    Unless you use it, use msconfig to disable NMBgMonitor.exe from running at startup

    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"


    Unless you use it, use msconfig to disable ManifestEngine.exe from running at startup

    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot


    Unless you use it, use msconfig to disable AdobeUpdateManager.exe from running at startup

    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1


    Unless you use it, use msconfig to disable NeroCheck.exe from running at startup

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe


    Unless you use it, use msconfig to disable issch.exe from running at startup

    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    ditto these

    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName


    When you've done all that, post a fresh hijackthis log and any logs of infections found
    !!
    > . !!!! ----> .
  • Tibbie's_mum
    Tibbie's_mum Posts: 998 Forumite
    Part of the Furniture Combo Breaker
    Wow, thanks closed, that's my homework for tomorrow!
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.1K Banking & Borrowing
  • 253.6K Reduce Debt & Boost Income
  • 454.2K Spending & Discounts
  • 245.1K Work, Benefits & Business
  • 600.8K Mortgages, Homes & Bills
  • 177.5K Life & Family
  • 258.9K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture