Hijack this

waddler_8

Don't run it again if you're having problems with it - Post the logfile as it is now.

credit_crunch

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-09 10:38:53

---

10:38:53.649 OS Version: Windows x64 6.1.7600
10:38:53.649 Number of processors: 2 586 0x2505
10:38:53.649 ComputerName: DEIRDREPC2 UserName:
10:38:56.707 Initialize success
10:39:10.232 AVAST engine defs: 12120800
10:39:13.524 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:39:13.539 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
10:39:13.555 Disk 0 MBR read successfully
10:39:13.555 Disk 0 MBR scan
10:39:13.586 Disk 0 Windows 7 default MBR code
10:39:13.586 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
10:39:13.633 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
10:39:13.695 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 224037 MB offset 29566976
10:39:13.758 Disk 0 scanning C:\Windows\system32\drivers
10:39:37.253 Service scanning
10:40:26.830 Modules scanning
10:40:26.846 Disk 0 trace - called modules:
10:40:26.877 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:40:26.893 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80030d3060]
10:40:26.893 3 CLASSPNP.SYS[fffff88001b3b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002f71050]
10:40:28.125 AVAST engine scan C:\Windows
10:40:32.103 AVAST engine scan C:\Windows\system32
10:44:46.648 Disk 0 MBR has been saved successfully to "C:\Users\Deirdre&Stephen\Desktop\MBR.dat"
10:44:46.648 The log file has been saved successfully to "C:\Users\Deirdre&Stephen\Desktop\aswMBR.txt"

credit_crunch

i hope thats enough info for you.

waddler_8

We'll remove what we can see so far and see how we go from there.


Download AdwCleaner from the link below & save it to your desktop.

LINK

• Right click AdwCleaner.exe & chosse "Run as Administrator" to run it.
• Close all open programs and internet browsers.
• Click Delete.
• Click ok to the prompt.
• Your computer will be rebooted automatically. A logfile will open after the restart.
• Post the contents of the logfile with your next reply.
• You can also find the logfile at C:\AdwCleaner[s1].txt.

credit_crunch

below is the info. I should also let you know that all the icons & tabs on this mse page are now visible.


# AdwCleaner v2.011 - Logfile created 12/09/2012 at 11:11:44
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Deirdre&Stephen - DEIRDREPC2
# Boot Mode : Normal
# Running from : C:\Users\Deirdre&Stephen\Desktop\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Deirdre&Stephen\AppData\Local\Ilivid
Folder Deleted : C:\Users\Deirdre&Stephen\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.17115

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Deirdre&Stephen\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.16] : homepage = "hxxp://www.searchnu.com/406",
Deleted [l.20] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]
Deleted [l.1556] : homepage = "hxxp://www.searchnu.com/406",
Deleted [l.1853] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]

*************************

AdwCleaner[S1].txt - [4433 octets] - [09/12/2012 11:11:44]

########## EOF - C:\AdwCleaner[S1].txt - [4493 octets] ##########

waddler_8

Are you still getting the popups in IE?

credit_crunch

no sign of any so far.
should i encourage my mum to use chrome? or is there an update for IE?

waddler_8

Yes, there is an update for IE.

http://windows.microsoft.com/en-GB/internet-explorer/download-ie

credit_crunch

hi Waddler
Sorry for the delay, but just wanted to say a quick thanks for all your help.
Mum said it seems to be running much better now.
Thanks again :-) :beer:

waddler_8

credit_crunch wrote: »

hi Waddler
Sorry for the delay, but just wanted to say a quick thanks for all your help.
Mum said it seems to be running much better now.
Thanks again :-) :beer:

No problem - Good to hear.

You can delete DDS and the logfiles, aswMBR etc if you haven't already. Just right click and delete.