Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rescue me [Closed]


  • This topic is locked This topic is locked

#1
Firehouse21

Firehouse21

    New Member

  • Member
  • Pip
  • 2 posts

I am a Firefighter and my Chief has assigned me to fix our computers at the station. I have gone through this website for my personal use before and had a good expierience. I attached my hijackthis log and any help would be great as I believe we are loaded with malware. Thanks in advance!

Attached Files


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Hi there, we no longer use Hijackthis as it gives insufficient data

 

Could you briefly explain the problems

 

Download OTL  to your Desktop
Secondary link

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    OTL_Main_Tutorial.gif

  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    /md5start
    rpcss.dll
    /md5stop
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Attach  both logs


  • 0

#3
Firehouse21

Firehouse21

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Hi,

     So it all started about two weeks ago. Suddenly we have all kinds of popups and extra tabs openning for advertisments or fake downloads for firefox etc... there was also several programs that seem to have installed themselves and run (or try to run) automatically. Lots of people use this computer at the fire station so I couldn't say what the exact cause may be, all I know is that my Chief is counting on me to fix it. Knowing him, he was probably the one that caused it. Anyway here are the attachments you asked for. I will be in and out of the station so it may take me some time to perform your instructions and respond. Thanks again.

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets have at it then :)

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    OTL_Fix.GIF
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKU\S-1-5-21-2225269791-2009093609-3263988465-1002\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=Z2hawUUy5qAhL5jhiHEXYOeDB5g?q={searchTerms}
[2014/04/16 14:51:36 | 000,000,000 | ---D | M] ("The weDownload Manager") -- C:\Users\fire\AppData\Roaming\mozilla\Firefox\Profiles\177mxbny.default\extensions\[email protected]e264651bb.com
[2014/04/24 09:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fire\AppData\Roaming\mozilla\Firefox\Profiles\177mxbny.default\extensions\[email protected]e264651bb.com\extensionData
[2014/04/24 09:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fire\AppData\Roaming\mozilla\Firefox\Profiles\177mxbny.default\extensions\[email protected]e264651bb.com\extensionData\plugins
[2014/04/24 09:10:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fire\AppData\Roaming\mozilla\Firefox\Profiles\177mxbny.default\extensions\[email protected]e264651bb.com\extensionData\userCode
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP