We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Help un-Hijack my browser
Options
highrisklowreturn
Posts: 848 Forumite
in Techie Stuff
Hi, my browser has been hijacked for the better part of 3 months - I've downloaded and tried most programmes - ccleaner, sbot s/destroy, windows defender, windows essentials, today, but still I keep getting redirected, after any search I do, to two or three different sites before it lets me view the site I want. It is also I believe the cause of my browser going pitifully slowly. Can anyone help - is there any way I can complete reinstall my browser software?
0
Comments
-
Yes...........0
-
https://forums.moneysavingexpert.com/discussion/4119581
uninstall any toolbars, reset IE reset to defaults under tools/internet options/advanced, post a hijackthis log!!
> . !!!! ----> .0 -
If generic scans aren't detecting anything it's possible you're infected with a rootkit - and that could mean you're also part of a botnet meaning you're computer can be controlled by someone else. The search redirects are just one symptom. It's in your best interests to get this fixed ASAP.highrisklowreturn wrote: »
Hi, my browser has been hijacked for the better part of 3 months. I've downloaded and tried most programmes - ccleaner, sbot s/destroy, windows defender, windows essentials, today, but still I keep getting redirected
Download DDS from the link below and save it to your desktop:
Link
After you've downloaded it and saved it to your desktop:- Double click DDS to run it.
- Expand Options for dds.txt
- Check Extend search period
- Click Start
- When it's finished, DDS will open two logs:
- DDS.txt
- Attach.txt
Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)0 -
Is this the log off hijack - and what do I do with it?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:22:12, on 26/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Civ4\Beyond the Sword\Civ4BeyondSword.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7F54XHY8\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,C:\Program Files (x86)\cpbcugbj\kvsofjka.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxee_device - Unknown owner - C:\Windows\system32\lxeecoms.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)0 -
Try malwarebytes, more tools, fileassasin on this
C:\Program Files (x86)\cpbcugbj\kvsofjka.exe
There will also be an entry in the registry but you don't want to delete the userinit bit, otherwise your machine won't boot properly
Did you scan with tdsskiller?
Are you backed up?
http://www.macrium.com/reflectfree.aspx!!
> . !!!! ----> .0 -
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16446
Run by Adam at 21:27:39 on 2012-11-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2282 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\lxeecoms.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Civ4\Beyond the Sword\Civ4BeyondSword.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7F54XHY8\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.co.uk/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,C:\Program Files (x86)\cpbcugbj\kvsofjka.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [BJCFD] C:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{0EA83F44-0C7B-44D0-AF23-4432AA1C1FA6} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{6364CE52-127D-4E4C-B4DD-915C9C1E18AC} : DHCPNameServer = 194.168.4.100 194.168.8.100
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R2 lxee_device;lxee_device;C:\Windows\System32\lxeecoms.exe -service --> C:\Windows\System32\lxeecoms.exe -service [?]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-18 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-15 1255736]
.
=============== Created Last 30 ================
.
2012-11-26 18:03:50 972192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{606E78CA-6B36-4C4A-B6D6-EE7F3F00E81F}\gapaengine.dll
2012-11-26 18:03:47 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C2C5E35E-9129-46FA-B7BC-8D99DE03D382}\mpengine.dll
2012-11-26 17:59:14
d
w- C:\Program Files (x86)\Microsoft Security Client
2012-11-26 17:59:12
d
w- C:\Program Files\Microsoft Security Client
2012-11-26 08:45:07
d
w- C:\Users\Adam\AppData\Local\{9FB6B384-45F9-4F3C-A1D3-A36283CA75EB}
2012-11-25 11:03:14 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FE408C29-DA7E-4A0A-A932-DD1FF7654AEB}\offreg.dll
2012-11-25 11:00:09
d
w- C:\Users\Adam\AppData\Local\{5DCBA8D4-47E6-48AB-9F98-5E5209D17A62}
2012-11-24 21:11:48
d
w- C:\Users\Adam\AppData\Local\{E87D062F-FAD3-4BF9-8EAB-1E6CDB129A2B}
2012-11-24 08:18:37
d
w- C:\Users\Adam\AppData\Local\{5551D24C-5016-4464-8389-E09B93A413D6}
2012-11-23 19:22:18
d
w- C:\Users\Adam\AppData\Local\{F21039FF-99C1-4AE4-BB7F-58E378F4D1DA}
2012-11-23 06:48:07
d
w- C:\Users\Adam\AppData\Local\{C8DE7B4F-51F9-446D-8010-27EEABBAE843}
2012-11-22 18:39:17
d
w- C:\Users\Adam\AppData\Local\{AD673D28-39D5-4AD8-AE88-D43988372FCF}
2012-11-22 06:26:15
d
w- C:\Users\Adam\AppData\Local\{3ED1E1FC-7898-4362-87FE-9C575FADFE6B}
2012-11-21 16:48:55
d
w- C:\Users\Adam\AppData\Local\{7482BF31-E989-44E7-BC0C-8AF89E06BF20}
2012-11-20 20:20:25
d
w- C:\Users\Adam\AppData\Local\{B88BA317-38B2-418E-AE15-B4F6BBED5539}
2012-11-20 07:07:04
d
w- C:\Users\Adam\AppData\Local\{DE2E719A-8E5E-4661-9665-C0B7472E9E6C}
2012-11-19 22:28:25
d
w- C:\Users\Adam\AppData\Local\{33F4E9C9-4FB6-4630-932D-6C051DB7A153}
2012-11-19 06:35:42
d
w- C:\Users\Adam\AppData\Local\{AB613D84-8806-49D4-850B-7B897A7E5E45}
2012-11-18 11:48:31
d
w- C:\Users\Adam\AppData\Local\{2F6AED87-0EEC-4A10-94FD-F90614B76348}
2012-11-17 21:53:11
d
w- C:\Users\Adam\AppData\Local\{F48F85CD-88F7-4F7C-9018-73410DC79619}
2012-11-16 20:19:41
d
w- C:\Users\Adam\AppData\Local\{421444CE-4C6D-4920-8C19-617D6C52002F}
2012-11-16 08:19:08
d
w- C:\Users\Adam\AppData\Local\{ACB2EAC2-995A-4253-917E-B4FD3C8A06FF}
2012-11-15 19:55:38
d
w- C:\Users\Adam\AppData\Local\{131702CB-0D40-449B-80D2-1326299F9525}
2012-11-15 07:15:22
d
w- C:\Users\Adam\AppData\Local\{922E7F10-52DF-440E-B8DB-ACF5614168CA}
2012-11-14 12:22:55
d
w- C:\Users\Adam\AppData\Local\{928ECF7A-EE68-4BCA-922D-F2385AE42658}
2012-11-14 09:53:04
d
w- C:\Users\Adam\AppData\Local\{C9CF652B-629E-4E59-8D41-F692C43C3D67}
2012-11-13 21:05:34
d
w- C:\Users\Adam\AppData\Local\{34F81473-6B4C-4F26-AB13-7391D4E90D6F}
2012-11-13 07:21:03
d
w- C:\Users\Adam\AppData\Local\{E4FADB53-8A39-4BD2-AF26-B172A6E1DBF1}
2012-11-12 07:42:13
d
w- C:\Users\Adam\AppData\Local\{E3A13F90-D187-4BCD-896D-14FEBD703ACB}
2012-11-11 09:28:49
d
w- C:\Users\Adam\AppData\Local\{3F38FA72-85DB-493D-ACE9-D4226B327DA4}
2012-11-10 07:50:41
d
w- C:\Users\Adam\AppData\Local\{9185132D-378A-4F27-8F90-1287187D09AD}
2012-11-09 19:50:25
d
w- C:\Users\Adam\AppData\Local\{09C4B57B-542F-4ED5-90F9-A1939FBB7E69}
2012-11-08 21:08:41
d
w- C:\Program Files\Bonjour
2012-11-08 21:08:41
d
w- C:\Program Files (x86)\Bonjour
2012-11-08 20:28:10
d
w- C:\Users\Adam\AppData\Local\{BA80ABBC-C3E3-42EA-B1CE-2D731AB3D28D}
2012-11-08 17:40:44
d
w- C:\Users\Adam\AppData\Local\{4EA0DE76-0318-4BAA-A57B-E3A48F6A8B33}
2012-11-08 08:04:24
d
w- C:\Users\Adam\AppData\Local\{B8ED1BF8-47BD-47CB-A104-4B0F20AAB36F}
2012-11-07 20:04:08
d
w- C:\Users\Adam\AppData\Local\{84BF5DE1-B847-4AA2-9742-9CB80D7F3046}
2012-11-07 19:59:29
d
w- C:\Users\Adam\AppData\Local\{611DEF64-3C73-44E0-A040-5875C26F2AD9}
2012-11-07 07:33:38
d
w- C:\Users\Adam\AppData\Local\{5D6F9269-DA5E-4E50-A050-D65FC0F1CBF6}
2012-11-06 08:02:07
d
w- C:\Users\Adam\AppData\Local\{C29DA968-DCAE-46BE-ABCD-B0194943F68B}
2012-11-05 18:41:53
d
w- C:\Users\Adam\AppData\Local\{B6561E76-9B23-4B9B-8F66-A25EDBE3AC82}
2012-11-05 06:39:06
d
w- C:\Users\Adam\AppData\Local\{792D6DD6-3350-4F55-8E5C-A62255E7C870}
2012-11-04 18:33:36
d
w- C:\Users\Adam\AppData\Local\{E7AD7359-5E42-472D-B460-E1F02B5B15EF}
2012-11-03 19:56:16
d
w- C:\Users\Adam\AppData\Local\{E137CBFC-5C6D-49A4-804D-689766E606CE}
2012-11-03 06:26:08
d
w- C:\Users\Adam\AppData\Local\{AD953923-8CE0-4CF1-8271-2CE39FD70BFA}
2012-11-02 09:36:06
d
w- C:\Users\Adam\AppData\Local\{6CC88BBC-7EF5-4BA7-9D8A-78E12D5F5947}
2012-11-02 06:53:48
d
w- C:\Users\Adam\AppData\Local\{A52BE574-4523-4F91-BC2C-5E2CDA86EAD0}
2012-11-01 06:14:36
d
w- C:\Users\Adam\AppData\Local\{749ED0CB-E180-45D2-AD9B-54C394D7B1D7}
2012-10-31 12:03:03
d
w- C:\Users\Adam\AppData\Local\{D1341DD6-B061-46B3-8562-43B9DB667495}
2012-10-31 11:13:24
d
w- C:\Users\Adam\AppData\Local\{1443FBB9-E9BE-45CA-94CB-3EF22C5E35C7}
2012-10-30 22:11:36
d
w- C:\Users\Adam\AppData\Local\{73607DD5-DC33-42D4-9BA6-95DCB16BC046}
2012-10-30 07:45:15
d
w- C:\Users\Adam\AppData\Local\{6D5A04C3-54BE-4789-97C7-95F88AABD8D4}
2012-10-29 12:07:39
d
w- C:\Users\Adam\AppData\Local\{6854EBCB-48A9-4937-AEA7-49B3A09EA0C5}
2012-10-29 05:49:24
d
w- C:\Users\Adam\AppData\Local\{3EEFB8E3-0A53-4C35-8C61-232E23AB4DB9}
2012-10-28 06:01:26
d
w- C:\Users\Adam\AppData\Local\{0A8A754C-53FF-4785-93AE-B6753B218EB9}
.
==================== Find3M ====================
.
2012-11-24 21:03:05 281152 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-11-24 21:03:05 281152 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-11-24 21:02:16 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-10-28 18:29:41 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-28 18:29:41 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-08 06:57:03 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex1
2012-08-30 22:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-30 22:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2011-12-18 12:19:48 488536 ----a-w- C:\Program Files (x86)\ppadsetup.exe
2010-02-03 05:02:48 453024 ----a-w- C:\Program Files\setup.exe
2010-02-03 05:01:10 10175488 ----a-w- C:\Program Files\openofficeorg32.msi
.
============= FINISH: 21:31:19.58 ===============0 -
No, no back up. I clicked fix selected item - on hijack this - on that particular thing, and it said problem fixed. But browser is still hijacking.0
-
You didn't extend the search period.=============== Created Last 30 ================
Download and install Malwarebytes free.
http://helpdesk.malwarebytes.org/entries/20839693-where-can-i-download-the-latest-version-of-malwarebytes-anti-malware
http://helpdesk.malwarebytes.org/entries/20839693-where-can-i-download-the-latest-version-of-malwarebytes-anti-malware
When you install it, uncheck the box at the end where it says: Enable free trial of Malwarebytes Anti-malware PRO
Do however ensure the boxes Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware are checked
Run a quick scan.
http://helpdesk.malwarebytes.org/entries/20863072-how-to-run-a-quick-scan
Post the resulting log file.0 -
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
should point to userinit.exe
make sure it does before attempting a reboot!!
> . !!!! ----> .0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards