[Firehouse21]

I am a Firefighter and my Chief has assigned me to fix our computers at the station. I have gone through this website for my personal use before and had a good expierience. I attached my hijackthis log and any help would be great as I believe we are loaded with malware. Thanks in advance!

Attached Files

•  hijackthis.log   10.23KB   134 downloads

[Advertisements]

Hi there, we no longer use Hijackthis as it gives insufficient data

 

Could you briefly explain the problems

 

Download OTL  to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

  

• Select All Users
• Select LOP and Purity
• Under the Custom Scan box paste this in

  netsvcs
  BASESERVICES
  %SYSTEMDRIVE%\*.exe
  c:\program files (x86)\Google\Desktop
  c:\program files\Google\Desktop
  dir "%systemdrive%\*" /S /A:L /C
  /md5start
  rpcss.dll
  /md5stop
  CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Attach  both logs

[Essexboy]

Hi there, we no longer use Hijackthis as it gives insufficient data

 

Could you briefly explain the problems

 

Download OTL  to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

  

• Select All Users
• Select LOP and Purity
• Under the Custom Scan box paste this in

  netsvcs
  BASESERVICES
  %SYSTEMDRIVE%\*.exe
  c:\program files (x86)\Google\Desktop
  c:\program files\Google\Desktop
  dir "%systemdrive%\*" /S /A:L /C
  /md5start
  rpcss.dll
  /md5stop
  CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Attach  both logs

[Firehouse21]

Hi,

     So it all started about two weeks ago. Suddenly we have all kinds of popups and extra tabs openning for advertisments or fake downloads for firefox etc... there was also several programs that seem to have installed themselves and run (or try to run) automatically. Lots of people use this computer at the fire station so I couldn't say what the exact cause may be, all I know is that my Chief is counting on me to fix it. Knowing him, he was probably the one that caused it. Anyway here are the attachments you asked for. I will be in and out of the station so it may take me some time to perform your instructions and respond. Thanks again.

Attached Files

•  OTL.Txt   144.98KB   118 downloads
•  Extras.Txt   44.7KB   144 downloads

[Essexboy]

OK lets have at it then

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKU\S-1-5-21-2225269791-2009093609-3263988465-1002\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=Z2hawUUy5qAhL5jhiHEXYOeDB5g?q={searchTerms}
[2014/04/16 14:51:36 | 000,000,000 | ---D | M] ("The weDownload Manager") -- C:\Users\fire\AppData\Roaming\mozilla\Firefox\Profiles\177mxbny.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com
[2014/04/24 09:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fire\AppData\Roaming\mozilla\Firefox\Profiles\177mxbny.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData
[2014/04/24 09:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fire\AppData\Roaming\mozilla\Firefox\Profiles\177mxbny.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins
[2014/04/24 09:10:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fire\AppData\Roaming\mozilla\Firefox\Profiles\177mxbny.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\userCode
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.