HijackThis Log

purplecrocus · 26 May 2011 at 4:39PM

I wondered if someone could have a look at my HijackThis Log, and recommend anything I should do to improve the performance of my laptop.

Thank you

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:30:26, on 26/05/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE
C:\Users\Bevski\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Bevski\Downloads\HijackThis(1).exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Bevski\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [EPSON SX510W Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE /FU "C:\Windows\TEMP\E_S5A50.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Epson Stylus SX510W(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE /FU "C:\Windows\TEMP\E_SACE2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Bevski\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?!!!!!Toshibaukbholink-21&site=home (file missing)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Update Service (gupdate1ca84f2252a2700) (gupdate1ca84f2252a2700) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8000 bytes

debitcardmayhem · 26 May 2011 at 5:02PM

Did malwarebytes find anything

debitcardmayhem · 26 May 2011 at 5:45PM

Apparently not, then follow closed's thread on speeding up a tired poster who can't be bothered to search for it again, it should be a sticky

purplecrocus · 26 May 2011 at 5:59PM

Yes, I had run Malwarebyte and it found 29 items of adware.

debitcardmayhem · 26 May 2011 at 6:07PM

purplecrocus wrote: »

Yes, I had run Malwarebyte and it found 29 items of adware.

Then first post the malwarebytes log, no offence to you but so many people say look at this HJT , so the good guys(not me today) on here say run MBAM , it makes it a little easier for the experts (not me) , so please go to malwarebytes then post the log that finds the malware .

Edit: No offence purplecross , really was not directed at you, and I am sorry if I offended.

GunJack · 26 May 2011 at 6:24PM

agree with DCM, post the mbam log with the infections.

Uninstall AVG then use the removal tool here

http://www.avg.com/gb-en/utilities top one on list, run it twice

get rid of rapport you prob need revo uninstaller for this, from

http://www.revouninstaller.com/revo_uninstaller_free_download.html

run ccleaner (from filehippo.com) both cleaner and registry scans, delete all it finds

re-run hjt and post a fresh log

p.s. looks like there's still some signs of infection in there.......

closed · 26 May 2011 at 6:29PM

The best way of cleaning up a slow or badly infected machine is to backup all your data to an external drive, and do a factory restore using the factory restore partition (see manual or manufacturers website) or Windows disc. The alternative is to do it manually as follows (the list may look daunting, but should take less than an hour of effort (apart from virus scans)) :-

If you are posting because the machine is slow and haven't done so already, post your physical ram total, commit charge total, commit charge peak by doing CTRL ALT DEL, Task manager, performance - after virus infections this is the principle reason a machine goes slow so this information is important to help you

This is a general guide on cleaning up infections and speeding up pc's https://forums.moneysavingexpert.com/discussion/2436849

If you haven't all ready done it, Install Malwarebytes and do a FULL (not quick) scan (after updating it), fix anything found before closing, otherwise you'll have to do it all over again. If anything was found reboot the machine before continuing. http://www.filehippo.com/download_malwarebytes_anti_malware/

If you know you have just been infected, with a fake antivirus for example, running system restore to a previous restore point is often the fastest way of getting your machine working again

Making any changes to a PC setup always comes with a slight risk of something going wrong, the worse case scenario is an unbootable PC - ideally you should have got a backup of important data on dvd or external disk, and a disk image backup (http://www.macrium.com/reflectfree.asp) or windows disc/factory restore partition available before you start. In the unlikely event that anything does go wrong, post on another pc for advice.
__________________________________________________

If you suspect an infection, here are some other virus scanners to try, let them fix anything found

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
http://www.surfright.nl/en/hitmanpro
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

************************************************

Scanning with all the scanners above along with your resident scanner should remove most or all infections if there are any present on your machine, below is some specific (optional) advice based on your log which may help to improve speed and tidy things up.
__________________________________________________

Install and run ccleaner (untick the google toolbar during the install). Untick the "windows log files" box, under the system heading before cleaning. Also Tick the java cache tick box under CCleaner, applications, internet to wipe the java cache which sometimes hides infections. http://www.piriform.com/ccleaner/download/slim

Install and run startuplite, accept suggested changes - http://www.malwarebytes.org/StartUpLite.exe

Click the java icon in control panel, updates, untick check for updates

__________________________________________________

__________________________________________________

In the firefox address bar, type about:config then right click, new boolean, create a key called config.trim_on_minimize set to true

Using Hijackthis, tick and fix these entries

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?!!!!!Toshibaukbholink-21&site=home (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

__________________________________________________

Uninstall any IE toolbars (browser helper objects or BHO's) in Control panel, or Firefox plugins that you don't need. This is a list of the IE BHO's evident in the log

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?!!!!!Toshibaukbholink-21&site=home (file missing)

Disable (vista/W7) or uninstall (XP) Windows Defender. To disable windows defender on vista or windows 7 - from the start menu, windows defender, tools, options, untick use real-time protection, under administrator options, untick use windows defender and untick allow everyone to use windows defender, click save to save settings. XP users can either do this or preferably uninstall it in control panel instead.

__________________________________________________

Unless you need them running all the time, use the startup tab in msconfig to disable these items from running at startup (they can always be run manually if needed)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

Unless you use media sharing across the network, disable it in media player, library, media sharing, or options media sharing, untick find and share media

__________________________________________________

If you want a speedy machine, Use windows firewall and replace your antivirus and security software with avast 6 free - (a fast and lightweight virus scanner with good detection rates) http://www.avast.com/free-antivirus-download :

This is a list of (or remnants of) security software evident in your log, you may wish to uninstall these in Control Panel (add/remove programs or programs/features) to keep your PC running smoothly, too much overlapping or bloated security or useless tuning software can have a drastic effect on performance - always leave one resident scanner running (eg avast/avira etc)

---- rapport

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

---- avg

C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

__________________________________________________

__________________________________________________

Run Windows update, Vista service pack is out of date

__________________________________________________

start, run, msconfig, select services tab, disable these services UNLESS you use them. (make a note of any services you disable,if you have any problems related to these services subsequently, simply re-enable them)

SSDP Discovery Service
Remote Registry
WebClient
Distributed Link Tracking Client

Also disable these services if you don't use them by running msconfig, services tab

O23 - Service: Google Update Service (gupdate1ca84f2252a2700) (gupdate1ca84f2252a2700) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

AVG10 Is out of date, you may wish to update or preferably uninstall it and replace with avast 6 free

C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

__________________________________________________

When you've done all that, post a fresh hijackthis log and any logs of infections

purplecrocus · 26 May 2011 at 11:28PM

Thanks for all the responses. I will take time to work through the suggestions. In the meantime, here's my malwarebyte log

Malwarebytes' Anti-Malware 1.50.1.1100
https://www.malwarebytes.org

Database version: 6682

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

26/05/2011 14:34:05
mbam-log-2011-05-26 (14-34-05).txt

Scan type: Full scan (C:\|E:\|F:\|)
Objects scanned: 329001
Time elapsed: 5 hour(s), 48 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 29
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 25
Files Infected: 31

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C28A0312-C403-417b-A425-A915BC0519CD} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877F3EAB-4462-44DF-8475-6064EAFD7FBF} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerBar.FunExplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerBar.FunExplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46B0-BA64-05B3804E4E86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{35B8D58C-B0CB-46B0-BA64-05B3804E4E86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35B8D58C-B0CB-46B0-BA64-05B3804E4E86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25B8D58C-B0CB-46b0-BA64-05B3804E4E86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{AC5AB953-ED25-4f9c-87F0-B086B0178FFA} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160F76A-1992-4B17-A32D-0C706D159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25B8D58C-B0CB-46B0-BA64-05B3804E4E86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25B8D58C-B0CB-46B0-BA64-05B3804E4E86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CDBFB47B-58A8-4111-BF95-06178DCE326D} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{883DFC00-8A21-411d-956C-73A4E4B7D16F} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerBar.FunRedirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerBar.FunRedirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CDBFB47B-58A8-4111-BF95-06178DCE326D} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CDBFB47B-58A8-4111-BF95-06178DCE326D} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.pox (Rogue.FixTool) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pofile (Rogue.FixTool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C5096216-7703-409E-B85A-8A6EE7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Value: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Value: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224E955-00E9-4613-A844-CE69FCCAAE91} (Adware.DoubleD) -> Value: {2224E955-00E9-4613-A844-CE69FCCAAE91} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224E955-00E9-4613-A844-CE69FCCAAE91} (Adware.DoubleD) -> Value: {2224E955-00E9-4613-A844-CE69FCCAAE91} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} (Adware.DoubleD) -> Value: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} (Adware.DoubleD) -> Value: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\internet saving optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.7.1.4630 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.7.1.4630\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.7.1.4630\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.7.1.4630\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.7.1.4630\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.7.1.4630\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Registry (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Registry\firstbackup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Registry\fullbackup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Service (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.4.1.1010 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.4.1.1010\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\internet saving optimizer\3.7.1.4630\npieaddon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.7.1.4630\NPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\Users\Bevski\downloads\perfectoptimizer.exe (PUP.PerfectOptimizer) -> Not selected for removal.
c:\program files\internet saving optimizer\3.7.1.4630\adwpx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.7.1.4630\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.7.1.4630\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.7.1.4630\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.7.1.4630\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.7.1.4630\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.7.1.4630\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.7.1.4630\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.7.1.4630\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.7.1.4630\FF\components\npffaddon.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.7.1.4630\FF\components\npffhelpercomponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\HPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\FF\components\hpffaddon.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\FF\components\hpffhelpercomponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\perfectoptimizer.ini (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.4.1.1010\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.4.1.1010\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.4.1.1010\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.4.1.1010\Data\urldynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.4.1.1010\Data\urlstatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

HijackThis Log

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free