Please Read me this log.
- Thread starter Jase123
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
OneStepSearch<This is of dubious repute.
Close control panel.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\OneStepSearch<Delete the entire folder.
Reboot your system.
Other than the above, your HJT log is clean.
Regards Howard
This thread is for the use of Jase123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
OneStepSearch<This is of dubious repute.
Close control panel.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\OneStepSearch<Delete the entire folder.
Reboot your system.
Other than the above, your HJT log is clean.
Regards Howard
This thread is for the use of Jase123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Bobbye
Posts: 16,313 +36
Thank you. I haven't gotten in the habit of reviewing profiles because so many are blank. I see there is no operating system listed. You might want to type that in. Since Vista has come out, there has been an entire 'other' list of problems to deal with.
If you are learning to interpret the hijackthis logs, you need to know some basic information is required. For instance, there may be something running that is specific to your system, model, OS or other that might be considered not desirable otherwise.
I will leave the actual log review to Howard or others, but I did look at your running processes:
1. Teleca: makes software and services to the mobile devices industry. I would question whether this needs to start up when you boot.
2. GoogleUpdaterService.exe: I urge you to stop this! It is giving permission to Google to continually contact the internet 'looking for updates'! Stop it through msconfig. Do Regedit and stop there. How much updating does a Toolbar need?!
3. tiwlnsvc.exe is a file without information from the maker. The program is not visible. The file is not a Windows core file. Therefore the technical security rating is 55% dangerous. It is questionable as to whether it is a necessary startup.
4. mantispm.exe is the executable for the MailFrontier Desktop application. MailFrontier Desktop is an advanced spam filter for Outlook and Outlook Express. IF you use either of these programs, then it may need to run. If you do not, it does not need to run.
5. epmworker.exe is obviously a part of the Sony Ericsson PC Suite along with Teleca. Whether you need it to start up and run in the background is questionable.It is known to be a large CPU consumer.
6, SSVHelper Class BHO is a java plug-in.- a component of A Squared Anti-malware. While it is a decent program for checking your system for spyware and other threats, it apparently adds a Browser Helper Object (BHO) to IExplorer. This BHO can slow down browsing. To disable it, in your browser go to Tool/Manage Add-ons. Select SSVHelper Class and disable it. Close IE and reopen. You can re-enable it anytime you want.
I see entries in you log for Kapersky, Pandaonlinescan and BitDefender- are you running all these programs> Rule is 1 anti-virus, 1 firewall and 2 or more spyware/adware programs.
I don't see any malware in your log, but I am not in charge of reviewing it. Consider what I did point out though. Startup should only contain those processes necessary such as AV, firewall, possible network processes and 1 for touchpad on laptop. Usually, all others can be started when needed. Everything running the background will effect your computer performance.
If you are learning to interpret the hijackthis logs, you need to know some basic information is required. For instance, there may be something running that is specific to your system, model, OS or other that might be considered not desirable otherwise.
I will leave the actual log review to Howard or others, but I did look at your running processes:
1. Teleca: makes software and services to the mobile devices industry. I would question whether this needs to start up when you boot.
2. GoogleUpdaterService.exe: I urge you to stop this! It is giving permission to Google to continually contact the internet 'looking for updates'! Stop it through msconfig. Do Regedit and stop there. How much updating does a Toolbar need?!
3. tiwlnsvc.exe is a file without information from the maker. The program is not visible. The file is not a Windows core file. Therefore the technical security rating is 55% dangerous. It is questionable as to whether it is a necessary startup.
4. mantispm.exe is the executable for the MailFrontier Desktop application. MailFrontier Desktop is an advanced spam filter for Outlook and Outlook Express. IF you use either of these programs, then it may need to run. If you do not, it does not need to run.
5. epmworker.exe is obviously a part of the Sony Ericsson PC Suite along with Teleca. Whether you need it to start up and run in the background is questionable.It is known to be a large CPU consumer.
6, SSVHelper Class BHO is a java plug-in.- a component of A Squared Anti-malware. While it is a decent program for checking your system for spyware and other threats, it apparently adds a Browser Helper Object (BHO) to IExplorer. This BHO can slow down browsing. To disable it, in your browser go to Tool/Manage Add-ons. Select SSVHelper Class and disable it. Close IE and reopen. You can re-enable it anytime you want.
I see entries in you log for Kapersky, Pandaonlinescan and BitDefender- are you running all these programs> Rule is 1 anti-virus, 1 firewall and 2 or more spyware/adware programs.
I don't see any malware in your log, but I am not in charge of reviewing it. Consider what I did point out though. Startup should only contain those processes necessary such as AV, firewall, possible network processes and 1 for touchpad on laptop. Usually, all others can be started when needed. Everything running the background will effect your computer performance.
Thanks aslot Howard mate.
And Thank you Bobbye and Kaspersky and that are all online scanners i only use the one and thats Zone alarm internet security suite.
Regards Jase :wave:
Ive also noticed c:/windows/system32/objsafe.tlb
This has got Adware.Roings in it. This connects to it's controlling server to retrive and display pop-up advertisements. Very anoying lol.
Oh sorry i forgot to edit..
Regards Jase :wave:
And Thank you Bobbye and Kaspersky and that are all online scanners i only use the one and thats Zone alarm internet security suite.
Regards Jase :wave:
Ive also noticed c:/windows/system32/objsafe.tlb
This has got Adware.Roings in it. This connects to it's controlling server to retrive and display pop-up advertisements. Very anoying lol.
Oh sorry i forgot to edit..
Regards Jase :wave:
howard_hopkinso
Posts: 21,238 +17
That`s not good. Your system is infected with the Medload adware trojan.
You need to follow all the instructions and post the three requested log files.
Regards Howard
This thread is for the use of Jase123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
You need to follow all the instructions and post the three requested log files.
Regards Howard
This thread is for the use of Jase123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Unless you`re sure you`ve got rid of the infection, posting the requested log files is advisable.
Regards Howard
This thread is for the use of Jase123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of Jase123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.
2. Download the attached avengerscript.txt and save it to your desktop
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by double clicking on its icon on your desktop.
Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh Combofix and AVG Antispyware log.
Also, run AVG Antirootkit and let me know the results.
Regards Howard
This thread is for the use of Jase123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
2. Download the attached avengerscript.txt and save it to your desktop
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by double clicking on its icon on your desktop.
Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh Combofix and AVG Antispyware log.
Also, run AVG Antirootkit and let me know the results.
Regards Howard
This thread is for the use of Jase123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
AVG Antispyware is as it`s name suggests an antispyware programme. I strongly adivse you to install and run it as per the instructions. Then, post the log file. Once we`ve finished with it, you can always uninstall it.
Also, please let me know if you`re still having any problems.
Regards Howard
This thread is for the use of Jase123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Also, please let me know if you`re still having any problems.
Regards Howard
This thread is for the use of Jase123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Did the avg scan and all it foundt was tracking cookies.
Im having no problems just wanted to be on the safe side. but i do get 2 beeps on start up this only started about two days ago... I think this could indicate something to do with memory. ALso im not on my desktop computer this is my Laptop.
Regards Jase
Im having no problems just wanted to be on the safe side. but i do get 2 beeps on start up this only started about two days ago... I think this could indicate something to do with memory. ALso im not on my desktop computer this is my Laptop.
Regards Jase
howard_hopkinso
Posts: 21,238 +17
That`s good news.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
As for your beeping problem, take a look at this thread HERE and determine what your particular beep code is referring to.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of Jase123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
As for your beeping problem, take a look at this thread HERE and determine what your particular beep code is referring to.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of Jase123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
