| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 140673 | 2015-11-24 20:30:00 | HJT Log. Any advice please | blanco (11336) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1411856 | 2015-11-24 20:30:00 | I have been cleaning and updating programs on a laptop for a friend. XP Pro SP3. Loads of garbage accumulated over 2yrs has been removed but Ihave not managed to get rid of Mindspark (p.u.p.) which does not show up in the browser or Programs list. Various scanners have failed to completely eradicate this and it remains hidden somewhere, possibly under another name. The Avast program keeps throwing up a pestulent warning regarding Mindspark so I would like to kill it if I can find it's location. Perhaps this HJ log will give a clue to it and any other entries I should fix. Any advice please ? Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 08:43:42, on 24/11/2015 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IObit\Smart Defrag 4\SmartDefrag.exe C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.e xe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\CCleaner\CCleaner.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Secunia\PSI\PSIA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Robert\My Documents\Malware Scanners\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe -- End of file - 5306 bytes |
blanco (11336) | ||
| 1411857 | 2015-11-24 20:44:00 | I would tick this entry it can slow it down booting into windows. Or delete its entry in startup in ccleaner O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR Looks like this is using a crack to activate windows Use adwcleaner (toolslib.net)to remove mindspark. Close browsers first. Run it then click on scan. Then tell it to delete whatever comes up. Reboot then run it again then click on uninstall Adwcleaner MAY find this crack as well |
Speedy Gonzales (78) | ||
| 1411858 | 2015-11-24 21:21:00 | Thanks, Speedy. Yes, I know that the O.S. is pirated and patched. Adaware removed the patch and I was forced to repatch it in Safemode. Also, I agree that Ccleaner Monitoring causes a slowdown and will be disabled. By the way, This forum F1 server is behaving badly today. I am unable to post or reply normally and expect other users to complain. Thanks. |
blanco (11336) | ||
| 1411859 | 2015-11-24 22:13:00 | The Avast program keeps throwing up a pestulent warning regarding Mindspark so I would like to kill it if I can find it's location.. have a look in the avast logs for its location , it might be in recycle bin or system restore . Or even in a zip file (perhaps in the downloads folder, a download with bundled adware) also allways disable AV when doing a malware scan, and when doing a manual scan set to all files . try malwarebytes Also reset IE, chrome, FF etc. I would disable C:\Program Files\IObit\Smart Defrag 4\SmartDefrag.exe C:\Program Files\Secunia\PSI\PSIA.exe |
1101 (13337) | ||
| 1411860 | 2015-11-25 00:19:00 | Is MyWebSearch in the installed programs? as Mindspark is also known as MyWebSearch malwaretips.com |
Lawrence (2987) | ||
| 1411861 | 2015-11-25 08:04:00 | Thanks for all replies and advice. Sorted. | blanco (11336) | ||
| 1 | |||||