Please could some check this Hijackthislog

2

Comments

  • DaveG247
    DaveG247 Posts: 399 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    Cheers waddler_8 done and done


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 10.25.2
    Run by Dave at 20:15:24 on 2013-09-13
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3036.2095 [GMT 1:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\SYSTEM32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Program Files\IDT\WDM\STacSV.exe
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\IDT\WDM\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
    C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\SYSTEM32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SYSTEM32\taskeng.exe
    C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\MyTomTom 3\MyTomTomSA.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uWindow Title = Internet Explorer provided by Dell
    mSearchAssistant = hxxp://www.google.com
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    uRun: [MyTomTomSA.exe] "c:\program files\mytomtom 3\MyTomTomSA.exe"
    uRun: [hsscp.EXE] c:\users\dave\appdata\roaming\hotspot shield\bin\hsscp.EXE -nonadmin
    mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Download with PodWorks Platinum - c:\program files\imtoo\podworks platinum\upod_link.HTM
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: En&queue current page with BID - c:\program files\bulk image downloader\iemenu\iebidqueue.htm
    IE: Enqueue link tar&get with BID - c:\program files\bulk image downloader\iemenu\iebidlinkqueue.htm
    IE: Open &link target with BID - c:\program files\bulk image downloader\iemenu\iebidlink.htm
    IE: Open current page with BI&D - c:\program files\bulk image downloader\iemenu\iebid.htm
    IE: Open current page with BID Link Explorer - c:\program files\bulk image downloader\iemenu\iebidlinkexplorer.htm
    IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://nldomsvr02.northlincs.gov.uk:81/dwa7W.cab
    TCP: NameServer = 172.16.0.1
    TCP: Interfaces\{85737F2D-5F9C-406C-AFAA-EE88B4B65824} : DHCPNameServer = 172.16.0.1
    TCP: Interfaces\{CC92D34B-E4F8-4AF1-9765-97FA0339D909} : DHCPNameServer = 192.168.42.129
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.66\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\dave\appdata\roaming\mozilla\firefox\profiles\06ln670a.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - component: c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
    FF - component: c:\users\dave\appdata\roaming\mozilla\firefox\profiles\06ln670a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\users\dave\appdata\roaming\mozilla\firefox\profiles\06ln670a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\dave\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - ExtSQL: 2013-08-03 14:03; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\dave\appdata\roaming\mozilla\firefox\profiles\06ln670a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF - ExtSQL: 2013-08-22 18:33; 2.0@disconnect.me; c:\users\dave\appdata\roaming\mozilla\firefox\profiles\06ln670a.default\extensions\2.0@disconnect.me.xpi
    FF - ExtSQL: 2013-09-03 17:56; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\dave\appdata\roaming\mozilla\firefox\profiles\06ln670a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - ExtSQL: 2013-09-03 18:03; fmconverter@gmail.com; c:\program files\freemake\freemake video converter\browserplugin\Firefox
    FF - ExtSQL: 2013-09-08 18:45; ffext_basicvideoext@startpage24; c:\users\dave\appdata\roaming\mozilla\firefox\profiles\06ln670a.default\extensions\ffext_basicvideoext@startpage24.xpi
    .
    ============= SERVICES / DRIVERS ===============
    .
    R?2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-21 49376]
    R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-21 175176]
    R0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys [2012-11-11 532536]
    R0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys [2012-11-11 25656]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-29 770344]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-5-27 369584]
    R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2012-11-11 81920]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-11-11 176128]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-27 29816]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-5-27 66336]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-12 46808]
    R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2011-11-30 131072]
    R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
    R2 Freemake Improver;Freemake Improver;c:\programdata\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2013-9-3 101888]
    R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\garmin\core update service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-8-22 220504]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576]
    R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2012-2-9 375336]
    R3 NETwNv32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwNv32.sys [2011-11-17 7346176]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-6-22 27632]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2012-11-11 14904]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-12-17 36640]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-6-22 13224]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
    S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-4-23 3662848]
    S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2012-11-11 133632]
    S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2012-11-11 280096]
    S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-5 22904]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-11-11 13464]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
    .
    =============== Created Last 30 ================
    .
    2013-09-05 20:12:24
    d
    w- c:\program files\Garmin GPS Plugin
    2013-09-05 20:00:07
    d
    w- C:\AdwCleaner
    2013-09-05 16:51:30
    d
    w- c:\users\dave\appdata\roaming\Garmin
    2013-09-05 16:50:25
    d
    w- c:\users\dave\appdata\local\Garmin
    2013-09-05 16:43:59
    d
    w- c:\programdata\Garmin
    2013-09-05 16:43:50
    d
    w- c:\program files\Garmin
    2013-09-05 16:40:26
    d
    w- c:\programdata\Package Cache
    2013-09-03 17:33:24
    d
    w- c:\users\dave\appdata\local\TNT2
    2013-09-03 17:05:03
    d
    w- c:\users\dave\appdata\local\avgchrome
    2013-09-03 17:04:06
    d
    w- c:\windows\system32\searchplugins
    2013-09-03 17:04:06
    d
    w- c:\windows\system32\Extensions
    2013-08-25 17:33:40
    d
    w- c:\windows\system32\Data
    .
    ==================== Find3M ====================
    .
    2013-09-11 18:16:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-09-11 18:16:13 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-07-10 17:46:21 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-07-10 17:46:05 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-07-10 17:46:04 789416 ----a-w- c:\windows\system32\deployJava1.dll
    2013-06-29 09:36:58 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-06-29 09:36:58 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    .
    ============= FINISH: 20:16:47.16 ===============
  • NiftyDigits
    NiftyDigits Posts: 10,459 Forumite
    What's the Service Tag? Details underneath the machine.
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Delete these 4 folders.

    c:\users\dave\appdata\local\TNT2
    c:\users\dave\appdata\local\avgchrome
    c:\windows\system32\searchplugins
    c:\windows\system32\Extensions



    hotspot shield <- free version ad supported.

    Freemake <- OpenCandy

    Can you locate this file? 
    c:\users\dave\appdata\roaming\mozilla\firefox\profiles\06ln670a.default\extensions\[B]ffext_basicvideoext&#64;startpage24.xpi[/B]
  • DaveG247
    DaveG247 Posts: 399 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    4 folders deleted

    Uninstalled hotspot shield last week, still got Freemake does that needs uninstalling as well?

    Found ffext_basicvideoext@startpage24.xpi delete it?
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    DaveG247 wrote: »
    Uninstalled hotspot shield last week,

    Delete this folder then. c:\users\dave\appdata\roaming\hotspot shield
    still got Freemake
    It's up to you. Only eset & mbam detects it.
    It's more of a PUP than outright malware.

    https://www.virustotal.com/en/file/d7174d25183ccc9b5c13205297259c81d5efd6cd2fa75e559982fea1e8ea6a6e/analysis/

    http://kb.eset.com/esetkb/index?page=content&id=SOLN2677&locale=en_US

    http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Adware%3AWin32%2FOpenCandy#tab=2

    Found ffext_basicvideoext@startpage24.xpi delete it?

    Can you zip it and email me it?

    I'll PM you my email address.
  • DaveG247
    DaveG247 Posts: 399 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    Ok ta, e-mail sent. Will keep Freemake for now then, had a check and don't see the hotspot shield folder under that path
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Got the file thanks, it looks ok.
    don't see the hotspot shield folder under that path
    Delete the run entry then.
    • Run HijackThis
    • Click Main Menu
    • Click Do a system scan only
    • Put a check beside the item listed below:

      O4 - HKCU\..\Run: [hsscp.EXE] C:\Users\Dave\AppData\Roaming\Hotspot Shield\bin\hsscp.EXE -nonadmin


    • Close all open windows
    • Click on the Fix Checked button
    • Close HijackThis & REBOOT
  • DaveG247
    DaveG247 Posts: 399 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    Ok done that.

    Is this a bad time to say that start.search.us.com and delta search tabs are still coming up in chrome? :o
  • NiftyDigits
    NiftyDigits Posts: 10,459 Forumite
    What was the point of thanking me, but not actually replying to the question? :)
  • DaveG247
    DaveG247 Posts: 399 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    NiftyDigits wrote: »
    What was the point of thanking me, but not actually replying to the question? :)

    Got a bit over clicky with the thanks button as I went down the thread. Its DHJN84J out of interest what does that mean/do?
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.3K Banking & Borrowing
  • 252.9K Reduce Debt & Boost Income
  • 453.2K Spending & Discounts
  • 243.3K Work, Benefits & Business
  • 597.8K Mortgages, Homes & Bills
  • 176.6K Life & Family
  • 256.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture