1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Adwcleaner has removed all passwords

Discussion in 'Windows - Virus and spyware problems' started by bauld1, Feb 11, 2013.

  1. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    37,793
    Likes Received:
    7
    Trophy Points:
    118
    somebody is a "naughty" boy. Pornpop.
     
  2. AfterDawn

    AfterDawn Advertisement

  3. bauld1

    bauld1 Member

    Joined:
    Feb 10, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    must be the mrs dpp,I can't even spell pron
     
  4. 2oldGeek

    2oldGeek Regular member

    Joined:
    Jun 16, 2005
    Messages:
    3,135
    Likes Received:
    1
    Trophy Points:
    48
    I've learned to turn off java when browsing the porn sites LOL "Javascript virus JS/Pornpop"

    @ddp All I have is a Reply button....

    @bauld1 Run CHKDSK and let me know how it does.. You don't need a report it renamed the bad files and they won't hurt you anymore..

    Right-click the Windows “Start” menu and choose “Explorer” to open the Explorer file management system.

    Select the hard drive letter for which you want to run the Chkdsk utility. Right-click on the drive and select “Properties."

    Click the “Tools” tab. Under the Error-Checking section, click the “Check Now” button. If you have User Account Controls enabled, a window will pop up asking permission to continue. Click “Continue.”

    Check the boxes to “Automatically fix file system errors” and to “Scan for and attempt recovery of bad sectors,” and click “Start.”

    Chkdsk will not run if your computer is in use, therefore it will request you to schedule Chkdsk. If you click "Schedule Check Disk," it will run the next time you boot your computer before Windows is actually loaded. Turn off the computer and then turn it back on.


    let me know if CHKDSK finds a lot of errors.

    2oG
     
    Last edited: Feb 13, 2013
  5. 2oldGeek

    2oldGeek Regular member

    Joined:
    Jun 16, 2005
    Messages:
    3,135
    Likes Received:
    1
    Trophy Points:
    48
    @ddp: well, I have my preview button now. I went to another computer, logged in and had the button for preview when I logged back in on this puter, I got it now..
     
  6. bauld1

    bauld1 Member

    Joined:
    Feb 10, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    Hi 2oG,
    Ran CHKDSK on C .Is there a log? the first checks 264128 file records processed
    702 large files processed
    0 bad filesrecord processed
    0 EA records processed
    82 reparse records
    340038 index
    0 unindexed files processed
    264128 security descriptors processed
    37956 data files
    37484256 USN bytes
    missed the last process for info,but sure it was 0 near end.If there's no log should I run it again?Many thanks again
    Cheers
    bauld1
     
  7. 2oldGeek

    2oldGeek Regular member

    Joined:
    Jun 16, 2005
    Messages:
    3,135
    Likes Received:
    1
    Trophy Points:
    48
    You did good bauld1, there is no log needed.

    1.)
    I just know you still have HJT – run and post a HJT Log for me..

    2.)
    Download Combo fix from one of these locations.
    * IMPORTANT !!! Place combofix.exe on your Desktop

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    http://subs.geekstogo.com/ComboFix.exe

    Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    Go to -> Here for your reference.
    Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK.
    Code:
    "%userprofile%\desktop\combofix.exe" /killall 
    



    [​IMG]

    Combo will begin to run DO NOTHING while this is happening.

    Do not attempt to use the internet or anything else while it's running.
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    • It will kill a few processes and disconnect you from the internet.
    • If by chance it stops prematurely you can re-establish your internet connection by restarting your computer. It does set a restore point before running.
    • This needs to be done so the program can work most efficiently for you.


    **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.

    If when it's completed you can not get on the internet just reboot the computer

    Post the log from comboFix for me located in
    c:\comboFix.txt


    3.)
    Download Malwarebytes' Anti-Malware to your desktop.

    Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    Make sure that everything is checked, and click Remove Selected. <-- Don't forget this.
    • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt

    • Please post the MBAM, Combofix and HijackThis Logs
    G
    2oG
     
    Last edited: Feb 23, 2013
  8. bauld1

    bauld1 Member

    Joined:
    Feb 10, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    Hi 2oG,
    Double clicked Hijack this,message to run as administrator,says hijack this is running but nothing happening,will i un install then install again? apologies.Been running over an hour no logs or screens
    cheers
    bauld1
     
  9. 2oldGeek

    2oldGeek Regular member

    Joined:
    Jun 16, 2005
    Messages:
    3,135
    Likes Received:
    1
    Trophy Points:
    48
    Sounds like you picked up a ton of crap….

    Reboot tap f8 to go to Safe Mode – select Safemode with networking – then

    Download Combofix from one of these locations:

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    http://subs.geekstogo.com/ComboFix.exe

    Double click and run Combofix from the desktop, in Safe Mode..

    Grab a beer and don’t touch anything til it finishes completely

    It will reboot and complete a Log – wait for it to finish and then post the log from comboFix for me located in: c:\comboFix.txt


    20G
     
  10. bauld1

    bauld1 Member

    Joined:
    Feb 10, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    Hi 2oG,
    sorry to give you these headaches,f8 isn't going to safemode,any other way?
    when I started hijackthis a box did appear with a list (not a log)then dissappeared,when i click on it now it still says it is running.Apologies again,i never ran it correctly.
    Cheers
    bauld1
     
  11. bauld1

    bauld1 Member

    Joined:
    Feb 10, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    it's ok got safe mode,will post log once it's run,thanks
    bauld1
     
  12. 2oldGeek

    2oldGeek Regular member

    Joined:
    Jun 16, 2005
    Messages:
    3,135
    Likes Received:
    1
    Trophy Points:
    48
    OK, GO for it!





    Normally hitting F8 repeatedly when restarting will allow you to choose to go into safe mode. On rare occasions, I've run into a computer where this would not work. In that case, you can enter safe mode by doing the following:

    • Go into the Start Menu and choose Run.
    • In the Run dialog box, type msconfig and then click OK.
    • In the System Configuration Utility, click on the BOOT.INI tab
    • Check-mark "/SAFEBOOT"
    • Click OK
    • Another little box comes up. Click Restart.


    Once you are done doing whatever needed to be done in safe mode, you'll need to reverse what you did to get things back to normal.

    • Go into the Start Menu and choose Run.
    • In the Run dialog box, type msconfig and then click OK.
    • On the General tab here, make sure that "Normal Startup - load all device drivers and services" is selected. If not, select it.
    • Click on the BOOT.INI tab.
    • Un-check "/SAFEBOOT".
    • Click OK.
    • Another little box comes up. Click Restart.


    2oG
     
    Last edited: Feb 14, 2013
  13. bauld1

    bauld1 Member

    Joined:
    Feb 10, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    Hi 2oG,
    No box came up to paste,combofix just ran.I tried to get onto net in safe mode,message came up C:\programfiles\internet explorer\iexplore.ex
    illegal operation attemted on a registry key that has been marked for deletion.
    Another box appeared about removing from list of deletions I think I said yes instead of no.I gave combo admin rights but while it was running it came up acess denied a couple of times.Let me know if I need to run it again.Many thanks again for your time and patience.
    ComboFix 13-02-13.02 - carol 15/02/2013 0:09.2.2 - x86 NETWORK
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.353.1033.18.2037.1490 [GMT 0:00]
    Running from: c:\users\colin\Desktop\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\carol\%appda~1
    c:\users\carol\%appda~1\Microsoft\Windows\IETldCache\index.dat
    c:\users\colin\AppData\Roaming\inst.exe
    c:\users\colin\AppData\Roaming\vso_ts_preview.xml
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-15 to 2013-02-15 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-15 00:19 . 2013-02-15 00:20 -------- d-----w- c:\users\carol\AppData\Local\temp
    2013-02-15 00:19 . 2013-02-15 00:19 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-15 00:19 . 2013-02-15 00:19 -------- d-----w- c:\users\colin\AppData\Local\temp
    2013-02-15 00:19 . 2013-02-15 00:19 -------- d-----w- c:\users\ciara\AppData\Local\temp
    2013-02-13 16:19 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9E3EF22-CC72-4753-A68B-765069FCE89C}\mpengine.dll
    2013-02-02 13:20 . 2013-02-02 13:20 -------- d-----w- c:\users\colin\AppData\Roaming\SUPERAntiSpyware.com
    2013-02-02 13:19 . 2013-02-02 13:20 -------- d-----w- c:\program files\SUPERAntiSpyware
    2013-02-02 13:19 . 2013-02-02 13:19 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2013-02-02 12:38 . 2013-02-02 12:38 -------- d-----w- c:\program files\VideoLAN
    2013-02-02 12:14 . 2013-02-02 12:14 -------- d-----w- c:\users\colin\AppData\Local\Secunia PSI
    2013-02-02 12:14 . 2013-02-02 12:14 -------- d-----w- c:\program files\Secunia
    2013-01-25 19:41 . 2013-01-25 19:41 -------- d-----w- c:\users\colin\AppData\Roaming\RealNetworks
    2013-01-25 09:21 . 2013-01-25 09:21 -------- d-----w- c:\users\ciara\AppData\Roaming\RealNetworks
    2013-01-25 01:19 . 2013-01-25 01:19 -------- d-----w- c:\program files\Common Files\Skype
    2013-01-25 01:13 . 2013-01-25 01:13 -------- d-----w- c:\program files\RealNetworks
    2013-01-25 01:13 . 2013-01-25 01:13 -------- d-----w- c:\programdata\RealNetworks
    2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
    2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
    2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2013-01-25 01:07 . 2013-01-25 01:08 -------- d-----w- c:\program files\QuickTime
    2013-01-25 00:59 . 2013-01-25 00:58 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-01-25 00:58 . 2013-01-25 00:58 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-01-25 00:53 . 2013-01-25 00:53 -------- d-----w- c:\program files\iPod
    2013-01-25 00:53 . 2013-01-25 00:54 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-01-25 00:53 . 2013-01-25 00:54 -------- d-----w- c:\program files\iTunes
    2013-01-25 00:36 . 2013-01-25 00:36 388096 ----a-r- c:\users\colin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-01-25 00:26 . 2013-01-25 00:27 -------- d-----w- c:\program files\Common Files\Adobe
    2013-01-25 00:17 . 2013-01-25 00:17 -------- d-----w- c:\program files\FileHippo.com
    2013-01-24 20:39 . 2013-01-24 20:39 -------- d-----w- c:\program files\Trend Micro
    2013-01-24 19:42 . 2013-01-24 19:42 -------- d-----w- c:\windows\ERUNT
    2013-01-24 19:42 . 2013-01-24 19:43 -------- d-----w- C:\JRT
    2013-01-21 17:10 . 2013-01-21 17:10 -------- d-----w- c:\programdata\WindowsSearch
    2013-01-21 17:05 . 2013-01-21 17:05 -------- d-----w- c:\windows\system32\Adobe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-11 19:55 . 2012-07-24 12:44 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-11 19:55 . 2012-07-24 12:44 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-25 00:58 . 2010-06-27 10:36 780192 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-17 01:28 . 2009-10-02 17:26 232336 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-16 20:07 . 2011-04-20 11:35 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 2153472]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-26 39408]
    "FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-10 212992]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
    "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2013-01-25 295072]
    "QuiKProtect"="c:\program files\Iomega\QuikProtect\StartQuikProtect.exe" [2009-03-13 54504]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
    .
    c:\users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Iomega Product Registration.lnk - c:\program files\Iomega\Registration\Register.exe [2004-2-4 16175104]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-11-26 573024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ECACHE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-30 20:19 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-14 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 19:58]
    .
    2013-02-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2545014225-4040687697-4202415592-1002Core.job
    - c:\users\ciara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-11 15:23]
    .
    2013-02-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2545014225-4040687697-4202415592-1002UA.job
    - c:\users\ciara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-11 15:23]
    .
    2013-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 23:00]
    .
    2013-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 23:00]
    .
    2013-02-14 c:\windows\Tasks\User_Feed_Synchronization-{41A229B3-26F3-41BB-99AE-F97F3E9A2060}.job
    - c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 89.101.160.5 89.101.160.4
    DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://fubar.com/js/ImageUploader/ImageUploader6.cab
    FF - ProfilePath - c:\users\colin\AppData\Roaming\Mozilla\Firefox\Profiles\j5v1bv04.default\
    FF - prefs.js: browser.search.selectedEngine - MyStart Search
    FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb128?a=6PQUdDfV9l&i=26
    FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb128/?loc=IB_DS&a=6PQUdDfV9l&&i=26&search=
    FF - ExtSQL: 2012-12-29 21:19; torntv@torntv.com; c:\users\colin\AppData\Roaming\Mozilla\Firefox\Profiles\j5v1bv04.default\extensions\torntv@torntv.com.xpi
    FF - ExtSQL: 2013-02-13 13:03; testpilot@labs.mozilla.com; c:\users\colin\AppData\Roaming\Mozilla\Firefox\Profiles\j5v1bv04.default\extensions\testpilot@labs.mozilla.com.xpi
    FF - user.js: extentions.y2layers.installId - fbb1b449-08e1-49b1-aeee-1e011a17cd68
    FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQUdDfV9l&loc=IB_TB&i=26&search=
    FF - user.js: extensions.incredibar_i.id - 982fece0000000000000001fe15fada4
    FF - user.js: extensions.incredibar_i.instlDay - 15703
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1421:22
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6PQUdDfV9l
    FF - user.js: extensions.incredibar_i.upn2n - 92544181924925055
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10658
    FF - user.js: extensions.incredibar_i.ppd -
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-02-15 00:20
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2013-02-15 00:23:01
    ComboFix-quarantined-files.txt 2013-02-15 00:22
    ComboFix2.txt 2013-01-25 19:22
    .
    Pre-Run: 36,080,140,288 bytes free
    Post-Run: 36,143,443,968 bytes free
    .
    - - End Of File - - 2E9D669268E9F06FD304EE35F209BA48
     
  14. 2oldGeek

    2oldGeek Regular member

    Joined:
    Jun 16, 2005
    Messages:
    3,135
    Likes Received:
    1
    Trophy Points:
    48
    Well, I couldn't find anything that might be causing the problems you have. Please describe the problems you are having as best you can. try to list as many as possible.

    I can't see the programs you are currently running from those logs and you may have a software conflict so let's dig a little deeper...

    Please Download -> DDS and save it to your Desktop.

    Alternate Download

    • Double click dds.scr to run the tool.
    • If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    • DDS will now scan your computer.
    • When the scan is complete, DDS will open two (2) logs:
    o DDS.txt
    o Attach.txt

    • If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs.

    Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.

    I may be in bed before you get back to me, have to go to work very early but will get back to you as soon as I can..

    2oG
     
    Last edited: Feb 14, 2013
  15. bauld1

    bauld1 Member

    Joined:
    Feb 10, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    Hi 2oG,
    Problems started after running adwcleaner,lost google chrome,laptop running slow(has speeded up a little now)but seems to be working really hard and getting hot.IE keeps dropping then recovering tab,IE sometimes doesn't respond.
    Chrome not running properly is my fault now,I changed the passwords to see if that would help,but I have to log in to use,message- preferances can't be read some features may be unavailable and changes to preferences won't be saved.Most pages i'm on have Error on page at bottom left of screen and shows the privacy report sign.I also get alot of codes coming up when I go onto pages,admedia,facebook and others but they run very fast. Apologies for using up your time.Will post DDS logs shortly.
    Many thanks
    bauld1
     
    Last edited: Feb 15, 2013
  16. bauld1

    bauld1 Member

    Joined:
    Feb 10, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 19/05/2008 11:08:32
    System Uptime: 15/02/2013 14:55:34 (6 hours ago)
    .
    Motherboard: Hewlett-Packard | | 30ED
    Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz | CPU | 1733/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 138 GiB total, 29.69 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 2.066 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Download Manager
    Adobe Flash Player 11 ActiveX
    Adobe Reader XI (11.0.01)
    Adobe Shockwave Player
    Adobe Shockwave Player 11.6
    AIM 6
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    µTorrent
    Audacity 1.2.6
    avast! Free Antivirus
    Bonjour
    Compatibility Pack for the 2007 Office system
    Conexant HD Audio
    CyberLink YouCam
    DVD Suite
    ESU for Microsoft Vista
    Facebook Video Calling 1.2.0.287
    FileHippo.com Update Checker
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hewlett-Packard Active Check
    Hewlett-Packard Asset Agent for Health Check
    HiJackThis
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP DVD Play 3.6
    HP Easy Setup - Frontend
    HP Help and Support
    HP Quick Launch Buttons 6.30 E2
    HP Total Care Advisor
    HP Update
    HP User Guides 0092
    HP Wireless Assistant
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Matrix Storage Manager
    Intel(R) TV Wizard
    Iomega Product Registration
    Iomega QuikProtect
    Iomega ScreenPlay Discovery
    iTunes
    Java 7 Update 11
    Java Auto Updater
    LAME v3.99.3 (for Windows)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Home and Student 2010 - English
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Mozilla Firefox 19.0 (x86 en-US)
    Mozilla Maintenance Service
    MSCU for Microsoft Vista
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    NetWaiting
    QuickTime
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer
    Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
    Realtek USB 2.0 Card Reader
    RealUpgrade 1.1
    RecordMateLP
    Retrospect 7.5
    Secunia PSI (3.0.0.6001)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Skype Click to Call
    Skype™ 6.1
    SUPERAntiSpyware
    swMSM
    Touch Pad Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VAP11G
    VLC media player 2.0.5
    WinPcap 4.1.1
    WinRAR 4.20 (32-bit)
    .
    ==== End Of File ===========================
     
  17. bauld1

    bauld1 Member

    Joined:
    Feb 10, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 10.11.2
    Run by carol at 20:08:52 on 2013-02-15
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.353.1033.18.2037.1000 [GMT 0:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
    C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\igfxpers.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Hp\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\system32\conime.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Iomega\QuikProtect\QuikProtect.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.yahoo.com
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [QlbCtrl] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [QuiKProtect] c:\program files\iomega\quikprotect\StartQuikProtect.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    StartupFolder: c:\users\carol\appdata\roaming\micros~1\windows\startm~1\programs\startup\iomega~1.lnk - c:\program files\iomega\registration\Register.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
    DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://fubar.com/js/ImageUploader/ImageUploader6.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 89.101.160.5 89.101.160.4
    TCP: Interfaces\{E4AAD8E9-DAD4-4760-9B46-13E626570FC2} : DHCPNameServer = 89.101.160.5 89.101.160.4
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-16 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-16 361032]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-16 21256]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-16 58680]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-16 44808]
    R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
    R2 QSCopyEngine;QSCopyEngine;c:\program files\iomega\quikprotect\QpMonitor.exe [2009-4-22 122880]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-11-26 1225312]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-11-26 659040]
    R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
    R3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [2011-3-23 13824]
    R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
    R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
    R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
    R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1ca84ece659de30;Google Update Service (gupdate1ca84ece659de30);c:\program files\google\update\GoogleUpdate.exe [2009-12-24 133104]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2013-02-15 10:47:38 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ce795929-bec2-4714-b040-eb41a075a015}\mpengine.dll
    2013-02-15 10:41:32 6991832 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll
    2013-02-15 00:23:02 -------- d-----w- c:\users\colin\appdata\local\temp
    2013-02-15 00:22:06 -------- d-sh--w- C:\$RECYCLE.BIN
    2013-02-15 00:22:06 -------- d-sh--w- \$RECYCLE.BIN
    2013-02-02 13:19:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2013-02-02 13:19:10 -------- d-----w- c:\program files\SUPERAntiSpyware
    2013-02-02 12:38:06 -------- d-----w- c:\program files\VideoLAN
    2013-02-02 12:14:24 -------- d-----w- c:\users\colin\appdata\local\Secunia PSI
    2013-02-02 12:14:06 -------- d-----w- c:\program files\Secunia
    2013-01-25 18:24:25 98816 ----a-w- c:\windows\sed.exe
    2013-01-25 18:24:25 256000 ----a-w- c:\windows\PEV.exe
    2013-01-25 18:24:25 208896 ----a-w- c:\windows\MBR.exe
    2013-01-25 18:23:38 -------- d-----w- \Qoobox
    2013-01-25 01:13:41 -------- d-----w- c:\program files\RealNetworks
    2013-01-25 01:13:38 -------- d-----w- c:\programdata\RealNetworks
    2013-01-25 01:08:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2013-01-25 01:08:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2013-01-25 01:08:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2013-01-25 01:08:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2013-01-25 01:08:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2013-01-25 01:08:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2013-01-25 01:08:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2013-01-25 00:59:26 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-01-25 00:58:57 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-01-25 00:53:15 -------- d-----w- c:\program files\iPod
    2013-01-25 00:53:12 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-01-25 00:53:12 -------- d-----w- c:\program files\iTunes
    2013-01-25 00:17:54 -------- d-----w- c:\program files\FileHippo.com
    2013-01-24 20:39:23 -------- d-----w- c:\program files\Trend Micro
    2013-01-24 19:42:30 -------- d-----w- c:\windows\ERUNT
    2013-01-24 19:42:09 -------- d-----w- C:\JRT
    2013-01-24 19:42:09 -------- d-----w- \JRT
    .
    ==================== Find3M ====================
    .
    2013-02-11 19:55:47 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-11 19:55:47 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-25 00:58:10 780192 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-17 01:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 20:10:08.98 ===============
     
  18. 2oldGeek

    2oldGeek Regular member

    Joined:
    Jun 16, 2005
    Messages:
    3,135
    Likes Received:
    1
    Trophy Points:
    48
    Apologies not accepted. It’s MY time and I can use it as I see fit.

    First: from DDS I see that your 150gig drive is on the brink of being full, only about 20% left and that can cause problems. Also, I see that you have WAY too many processes running at Log On. You also have 11GB “D” partition that is probably a HP Recovery partition for Vista and we can always fall back on that if nothing else works…..

    I have not seen a HJT Log for this computer and I see that you have 2 outdated HJT programs installed. Hijackthis and Hijackthis 2.02
    Go to uninstall programs and uninstall both of these. Then:

    Download Hijackthis 2.04
    http://www.filehippo.com/download_hijackthis/download/977401f430f892662f302243ff61e113/

    Run a scan and post a log for me.

    We’ll work it out, just have patients.

    2oG
     
  19. bauld1

    bauld1 Member

    Joined:
    Feb 10, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    Hi 2oG,
    Having problems with Hijackthis.Uninstalled previous,installed update with the wizard,tried to run it with log and a box appeared with a list of things,not a log,tried to uninstall,install again and it says programme alredy running,laptop is racing and getting hot.I don't know what i'm doing wrong,but this happened when i tried to run the older version,must be the only person to break Hijackthis !!
    Cheers and thanks
    bauld1
     
  20. 2oldGeek

    2oldGeek Regular member

    Joined:
    Jun 16, 2005
    Messages:
    3,135
    Likes Received:
    1
    Trophy Points:
    48
    try running HJT from Safe Mode - it wont show me the running processes but I can get an idea of what is loading.

    2oG
     
  21. bauld1

    bauld1 Member

    Joined:
    Feb 10, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 02:09:38, on 16/02/2013
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.19088)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ie&c=81&bd=Presario&pf=laptop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/webhp?sourceid=navclient&ie=UTF-8
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuiKProtect] C:\Program Files\Iomega\QuikProtect\StartQuikProtect.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe -update activex
    O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
    O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://fubar.com/js/ImageUploader/ImageUploader6.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: Google Update Service (gupdate1ca84ece659de30) (gupdate1ca84ece659de30) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: QSCopyEngine - Unknown owner - C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 9230 bytes
     

Share This Page