We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
virus help please - poorly pc
HalfPint
Posts: 646 Forumite
hiya,
my desktop pc appears to have caught a nasty cold!...I have a redirecting virus thingy and have been following through the advice on your sticky (very helpful
and has got rid of some stuff I didn't even know was there:o)
I'm now at the stage of running superantispyware...and then onto hijackthis from there but I'm no techy and would appreciate some help.
I have saved the logs from adaware and malwarebytes and will post the sas one when finished, which might be tmrw morning.
advice on where to go from there and if I need to do the hijackthis thingy would be appreciated.
Please be kind - I very rarely understand geekspeak
Many thanks.
HP x
Just realised I didn't really explain the problem very well..oops...I open firefox to my homepage, all is well, I type into google looking for something like my own website and I end up on ebay or ask jeeves etc. I've had problems booting the pc too, but after booting in safe mode and running scans as directed it seems to be booting ok but still have the redirect problem...at least it's not to !!!!!! sites..yet!!
my desktop pc appears to have caught a nasty cold!...I have a redirecting virus thingy and have been following through the advice on your sticky (very helpful
and has got rid of some stuff I didn't even know was there:o)I'm now at the stage of running superantispyware...and then onto hijackthis from there but I'm no techy and would appreciate some help.
I have saved the logs from adaware and malwarebytes and will post the sas one when finished, which might be tmrw morning.
advice on where to go from there and if I need to do the hijackthis thingy would be appreciated.
Please be kind - I very rarely understand geekspeak
Many thanks.
HP x
Just realised I didn't really explain the problem very well..oops...I open firefox to my homepage, all is well, I type into google looking for something like my own website and I end up on ebay or ask jeeves etc. I've had problems booting the pc too, but after booting in safe mode and running scans as directed it seems to be booting ok but still have the redirect problem...at least it's not to !!!!!! sites..yet!!
DEBT FREE DATE: 05/02/2015!
Those things in life that we find the hardest to do, are the things we are the most thankful we did.
0
Comments
-
Yeah just post the logs from Malwarebytes and Adaware. Copy/paste anything that found malware into this thread.
Do a Hijackthis log even with SAS running. It'll take only a minute or so. Right click on this and save to desktop:
http://www.trendmicro.com/ftp/products/hijackthis/beta/HijackThis.exe
Then hold LEFT SHIFT and RIGHT CLICK, Run as Administrator. Do Scan and Save log, don't Fix anything, then copy/paste here.
Having a Deja Vu moment here... did you have similar issues a few months back?0 -
ogfile created: 03/06/2011 17:40:54
Ad-Aware version: 9.0.6
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan:
*********************** Definitions database information ***********************
Lavasoft definition file: 150.433
Genotype definition file version: 2011/05/26 07:08:45
Extended engine definition file: 9455.0
******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 366324
Objects detected: 27
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 4
Folders.........: 0
LSPs............: 0
Cookies.........: 23
Browser hijacks.: 0
MRU objects.....: 0
Removed items:
Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0
Description: *real* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408817 Family ID: 0
Description: *247realmedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408945 Family ID: 0
Description: *realmedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409139 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Description: *adultfriendfinder* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409164 Family ID: 0
Description: *advertis* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408918 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0
Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0
Description: *weborama* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408955 Family ID: 0
Description: *kontera* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409363 Family ID: 0
Description: *overture* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408834 Family ID: 0
Description: *bravenet* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409013 Family ID: 0
Description: *questionmarket* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408819 Family ID: 0
Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0
Description: *tribalfusion* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408785 Family ID: 0
Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0
Description: *uk.sitestat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409118 Family ID: 0
Quarantined items:
Description: c:\documents and settings\laura\local settings\application data\{cff06fe8-0fbf-480f-a6cd-c357bca9af6a}\chrome\content\overlay.xul Family Name: Trojan.JS.Redirector.cd (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 96e636c9d2021f0f2dd45db86932b5fd
Description: c:\documents and settings\laura\my documents\downloads\hunchback(2).rar::hunchback\hunchback.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5:
Description: c:\documents and settings\laura\my documents\downloads\hunchback.rar::hunchback\hunchback.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5:
Description: c:\system volume information\_restore{f16c8f30-1b3e-4907-b56e-e1ec161313c7}\rp1188\a0138531.dll Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5: 5e58968f209a4e038d42905699e145d5
Scan and cleaning complete: Finished correctly after 14295 seconds
*********************************** Settings ***********************************
Scan profile:
ID: full, enabled:1, value: Full Scan
ID: folderstoscan, enabled:1, value: C:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Wed Jun 01 19:06:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Wed Jun 01 01:06:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Wed Jun 01 07:06:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Wed Jun 01 13:06:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Wed Jun 01 19:06:00 2011
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: true
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: false
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: maintainbackup, enabled:1, value: true
ID: modules, enabled:1
ID: processprotection, enabled:0, value: true
ID: onaccessprotection, enabled:0, value: true
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true
****************************** System information ******************************
Computer name: Lauras
Processor name: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+
Processor identifier: x86 Family 15 Model 75 Stepping 2
Processor speed: ~2411MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 19202, number of processors 2, processor features: [MMX,SSE,SSE2,3DNow]
Physical memory available: 2632593408 bytes
Physical memory total: 3153571840 bytes
Virtual memory available: 1927380992 bytes
Virtual memory total: 2147352576 bytes
Memory load: 16%
Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Windows startup mode:
Running processes:
PID: 128 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 188 name: C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 212 name: C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 260 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 272 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 432 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 480 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 552 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 620 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 736 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 820 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1084 name: C:\WINDOWS\Explorer.EXE owner: Laura domain: surname
PID: 2020 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Laura domain: surname
Startup items:
Name: SoundMan
imagepath: SOUNDMAN.EXE
Name: TalkTalk
imagepath: "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
Name: iKeyWorks
imagepath: C:\PROGRA~1\Keyboard\Ikeymain.exe
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Name: nwiz
imagepath: nwiz.exe /install
Name: NvMediaCenter
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Name: BluetoothAuthenticationAgent
imagepath: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Name: OM2_Monitor
imagepath: "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
Name: ISUSPM Startup
imagepath: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
Name: ISUSScheduler
imagepath: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
Name: SearchSettings
imagepath: C:\Program Files\Search Settings\SearchSettings.exe
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Name: SGPUpdater
imagepath: C:\Program Files\Search Guard PlusU\sgpUpdaters.exeDEBT FREE DATE: 05/02/2015!Those things in life that we find the hardest to do, are the things we are the most thankful we did.0 -
Hi
Thanks
currently running sas. followed instructions re hijack this and I have 2 options, run as current user (me) or as another user (me again?) but that option asks for username and password which I don't have/never set up. Under the 1st option there is a tick box "protect my computer" should this be ticked? and is this the "run as administrator"?
Many thanks.
HP xDEBT FREE DATE: 05/02/2015!Those things in life that we find the hardest to do, are the things we are the most thankful we did.0 -
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/03/2011 at 11:16 PM
Application Version : 4.53.1000
Core Rules Database Version : 7192
Trace Rules Database Version: 5004
Scan type : Complete Scan
Total Scan Time : 00:43:55
Memory items scanned : 565
Memory threats detected : 0
Registry items scanned : 8696
Registry threats detected : 3
File items scanned : 28070
File threats detected : 128
System.BrokenFileAssociation
HKCR\.exe
Rootkit.TDSServ
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSSserv.sys
Adware.Tracking Cookie
https://www.googleadservices.com [ C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\ddzih899.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\ddzih899.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\ddzih899.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\ddzih899.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\ddzih899.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\ddzih899.default\cookies.sqlite ]
bridge2.admarketplace.net [ C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\ddzih899.default\cookies.sqlite ]
.admarketplace.net [ C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\ddzih899.default\cookies.sqlite ]
.clickcompare.info [ C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\ddzih899.default\cookies.sqlite ]
https://www.cpcadnet.com [ C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\ddzih899.default\cookies.sqlite ]
https://www.cpcadnet.com [ C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\ddzih899.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\ddzih899.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\ddzih899.default\cookies.sqlite ]
C:\Documents and Settings\LocalService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@adxpose[1].txt
C:\Documents and Settings\LocalService\Cookies\system@eas.apm.emediate[1].txt
gw.callingbanners.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\UGFNN9FD ]
media.kyte.tv [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\UGFNN9FD ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\UGFNN9FD ]
msnbcmedia.msn.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\UGFNN9FD ]
s0.2mdn.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\UGFNN9FD ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\UGFNN9FD ]
serving-sys.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\UGFNN9FD ]
spe.atdmt.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\UGFNN9FD ]
C:\Documents and Settings\NetworkService\Cookies\system@discount-supplements.co[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@seth.avazutracking[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.audience2media[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.trafficengine[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@optimize.indieclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@track.webgains[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@aim4media[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.mediatraffic[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clicksor[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@azjmp[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.bighealthtree[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@uk.at.atwola[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.discount-supplements.co[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@dmtracker[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@avazutracking[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@indieclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ox-d.w00tmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.popuptraffic[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@find.10topsearches[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertnation[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.toseeking[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@click.blue-square-media[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@wwi.sssstats[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.findallofittoday[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@62230.t10-click[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@sublimemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@23755.t10-click[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@click.fastpartner[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.financialcontent[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@click.xmlmonetize[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@eyewonder[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@clicks.myfastseek[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@hotels-and-discounts[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficengine[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@audience2media[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.mediaquantics[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@2084.t10-click[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ar.atwola[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@entrepreneur[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.zanox[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pubmatic[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.findallofit[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.adk2[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@in.getclicky[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tacoda.at.atwola[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.boltfind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@legolas-media[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.findsmy[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mm.chitika[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.321findit[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@myroitracking[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@servedby.adxpower[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clicksare[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@liveperson[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.find-quick-results[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@eclickz[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.360yield[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@liveperson[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediatraffic[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.inteletrack[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.sublimemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@clicks.thespecialsearch[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@tracking.quisma[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.bestdatafind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adjuggler[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.prioritymedianet[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@cx.sxtracking[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@nextag[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.happytofind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@eas.apm.emediate[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficking.nabbr[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@track.profitistic[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@server.lon.liveperson[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn.jemamedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.trafficjunky[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@find.seekgreen.co[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@theclickcheck[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickthrough.kanoodle[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@fidelity.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.videobash[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@apmebf[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@mediaplex[1].txt
Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F16C8F30-1B3E-4907-B56E-E1EC161313C7}\RP1183\A0136310.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F16C8F30-1B3E-4907-B56E-E1EC161313C7}\RP1183\A0136311.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F16C8F30-1B3E-4907-B56E-E1EC161313C7}\RP1183\A0136320.DLLDEBT FREE DATE: 05/02/2015!Those things in life that we find the hardest to do, are the things we are the most thankful we did.0 -
should I let this fix/quarantine items detected?
sorry..I did say I'm not a techy
Adaware..edited...meant malwarebytes... on it's way...somehow it's saved as an image and im working on how to post that lol
ta.
hpDEBT FREE DATE: 05/02/2015!Those things in life that we find the hardest to do, are the things we are the most thankful we did.0 -
Yes remove/clean anything that SAS finds.
You've already posted the adaware logs, just need Hijackthis and Malwarebytes log. Don't Fix anything in Hijackthis, as it's not the same as the other scans.
Looks like you've had a rootkit, not good. I wouldn't trust it to be completely gone. I'll let you post the hijackthis log, then I'll give a list of things to do one by one if that works for you.0 -
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:26:23, on 03/06/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17096)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\PROGRA~1\Keyboard\Ikeymain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\DOCUME~1\Laura\LOCALS~1\Temp\SAS_SelfExtract\program.com
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Laura\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/talktalk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S9E.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Search Image on TinEye - file://C:\Documents and Settings\Laura\My Documents\TinEye 1.0\TinEye.js
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Elf%20Bowling%20Holiday%20Pack/Images/stg_drm.ocx
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136075337015
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Elf%20Bowling%20Holiday%20Pack/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} (LoaderOnline Class) - https://www.remotecontrol26.co.uk/dms%20website/kiosk/Bootstrap2610/2.6.10.180/BootstrapXP.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
--
End of file - 13068 bytesDEBT FREE DATE: 05/02/2015!Those things in life that we find the hardest to do, are the things we are the most thankful we did.0 -
sas finished..fixed all or quarantined...now asking me to reboot? hijack this still up but i'm not touching it yet..honest! lol
should i just close hijackthis and then reboot?
still to remove the programmes suggested earlier..should I do this first then reboot?
thanks for your help, appreciated DEBT FREE DATE: 05/02/2015!Those things in life that we find the hardest to do, are the things we are the most thankful we did.0 -
This is a general guide on cleaning up infections and speeding up pc's https://forums.moneysavingexpert.com/discussion/2436849
If you haven't all ready done it, Install Malwarebytes and do a FULL (not quick) scan (after updating it), fix anything found before closing, otherwise you'll have to do it all over again. If anything was found reboot the machine before continuing. http://www.filehippo.com/download_malwarebytes_anti_malware/
__________________________________________________
If you suspect an infection, here are some other virus scanners to try, let them fix anything found
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
http://www.surfright.nl/en/hitmanpro
http://support.kaspersky.com/downloads/utils/tdsskiller.exe
************************************************
These are possible signs of a rootkit or trojan/adware/undesirable software infection or it's remnants, try scanning with tdsskiller/kaspersky/malwarebytes to fix
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
************************************************
************************************************
Scanning with all the scanners above along with your resident scanner should remove most or all infections if there are any present on your machine, below is some specific (optional) advice based on your log which may help to improve speed and tidy things up.
__________________________________________________
Install and run ccleaner (untick the google toolbar during the install). Untick the "windows log files" box, under the system heading before cleaning. Also Tick the java cache tick box under CCleaner, applications, internet to wipe the java cache which sometimes hides infections. http://www.piriform.com/ccleaner/download/slim
Install and run startuplite, accept suggested changes - http://www.malwarebytes.org/StartUpLite.exe
Disable ctfmon - control panel, regional and language options,languages, details, advanced, tick the Turn off advanced text services, ok
Click the java icon in control panel, advanced, misc - untick java quick starter, and untick place icon in task bar
Click the java icon in control panel, updates, untick check for updates
__________________________________________________
__________________________________________________
In the firefox address bar, type about:config then right click, new boolean, create a key called config.trim_on_minimize set to true
Using Hijackthis, tick and fix these entries
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Elf%20Bowling%20Holiday%20Pack/Images/stg_drm.ocx
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1136075337015
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Elf%20Bowling%20Holiday%20Pack/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} (LoaderOnline Class) - https://www.remotecontrol26.co.uk/dm...ootstrapXP.cab
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
__________________________________________________
Uninstall any IE toolbars (browser helper objects or BHO's) in Control panel, or Firefox plugins that you don't need. This is a list of the IE BHO's evident in the log
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
__________________________________________________
Unless you need them running all the time, use the startup tab in msconfig to disable these items from running at startup (they can always be run manually if needed)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
__________________________________________________
This is a list of (or remnants of) security software evident in your log, you may wish to uninstall these in Control Panel (add/remove programs or programs/features) to keep your PC running smoothly, too much overlapping or bloated security or useless tuning software can have a drastic effect on performance - always leave one resident scanner running (eg avast/avira etc)
---- ad-aware
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
---- spybot
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
---- PCTools
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
---- SearchSettings
C:\Program Files\Search Settings\SearchSettings.exe
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
__________________________________________________
__________________________________________________
Run Windows update, Internet explorer is out of date
Download and install cleanmem http://www.pcwintech.com/cleanmem (download direct download). In windows explorer, go to c:\windows\tasks, click on the clean system memory task, schedule, advanced, and change it from every 30 minutes to every 5 minutes, then ok, ok. Find c:\program files\cleanmem\mini_monitor, run it and right click the icon (near the clock) to set it to automatically run at startup, show percentage to keep an eye on your ram use. If your machine is still slow after doing everything listed, post your commit charge and installed physical ram details from task manager performance
__________________________________________________
start, run, msconfig, select services tab, disable these services UNLESS you use them. (make a note of any services you disable,if you have any problems related to these services subsequently, simply re-enable them)
SSDP Discovery Service
Remote Registry
WebClient
Distributed Link Tracking Client
Also disable these services if you don't use them by running msconfig, services tab
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
__________________________________________________
unless you have put it on for a reason, you don't really need network magic installed
When you've done all that, post a fresh hijackthis log and any logs of infections!!
> . !!!! ----> .0 -
I cant seem to open any programmes now:eek: eek!
should I shutdown and boot in safe mode?
it's not opening or running anything...but I can access my docs and control panel..but it wont run add/remove programmes...i get an error saying it doesn't recognise the file....very worried nowDEBT FREE DATE: 05/02/2015!Those things in life that we find the hardest to do, are the things we are the most thankful we did.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.8K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 453K Spending & Discounts
- 242.7K Work, Benefits & Business
- 619.5K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards