I am a Firefighter and my Chief has assigned me to fix our computers at the station. I have gone through this website for my personal use before and had a good expierience. I attached my hijackthis log and any help would be great as I believe we are loaded with malware. Thanks in advance!
Rescue me [Closed]
#1
Posted 29 April 2014 - 08:10 AM
#2
Posted 29 April 2014 - 08:24 AM
Hi there, we no longer use Hijackthis as it gives insufficient data
Could you briefly explain the problems
Download OTL to your Desktop
Secondary link
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Select LOP and Purity
- Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT - Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Attach both logs
#3
Posted 29 April 2014 - 09:21 AM
Hi,
So it all started about two weeks ago. Suddenly we have all kinds of popups and extra tabs openning for advertisments or fake downloads for firefox etc... there was also several programs that seem to have installed themselves and run (or try to run) automatically. Lots of people use this computer at the fire station so I couldn't say what the exact cause may be, all I know is that my Chief is counting on me to fix it. Knowing him, he was probably the one that caused it. Anyway here are the attachments you asked for. I will be in and out of the station so it may take me some time to perform your instructions and respond. Thanks again.
Attached Files
#4
Posted 29 April 2014 - 09:27 AM
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands [CREATERESTOREPOINT] :OTL IE - HKU\S-1-5-21-2225269791-2009093609-3263988465-1002\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=Z2hawUUy5qAhL5jhiHEXYOeDB5g?q={searchTerms} [2014/04/16 14:51:36 | 000,000,000 | ---D | M] ("The weDownload Manager") -- C:\Users\fire\AppData\Roaming\mozilla\Firefox\Profiles\177mxbny.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com [2014/04/24 09:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fire\AppData\Roaming\mozilla\Firefox\Profiles\177mxbny.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData [2014/04/24 09:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fire\AppData\Roaming\mozilla\Firefox\Profiles\177mxbny.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins [2014/04/24 09:10:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fire\AppData\Roaming\mozilla\Firefox\Profiles\177mxbny.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\userCode O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. :Commands [resethosts] [emptytemp] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
#5
Posted 05 May 2014 - 07:06 AM
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users