Results 1 to 6 of 6
  1. #1
    Silver Surfer blanco's Avatar
    Join Date
    Jan 2008
    Location
    Cardiff, South Wales, UK
    Posts
    509

    Default HJT Log. Any advice please

    I have been cleaning and updating programs on a laptop for a friend. XP Pro SP3.
    Loads of garbage accumulated over 2yrs has been removed but Ihave not managed
    to get rid of Mindspark (p.u.p.) which does not show up in the browser or Programs
    list. Various scanners have failed to completely eradicate this and it remains hidden
    somewhere, possibly under another name. The Avast program keeps throwing up a
    pestulent warning regarding Mindspark so I would like to kill it if I can find it's location.

    Perhaps this HJ log will give a clue to it and any other entries I should fix. Any advice please ?

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 08:43:42, on 24/11/2015
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)


    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\IObit\Smart Defrag 4\SmartDefrag.exe
    C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.e xe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Robert\My Documents\Malware Scanners\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1380124400531
    O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe

    --
    End of file - 5306 bytes

  2. #2
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: HJT Log. Any advice please

    I would tick this entry it can slow it down booting into windows. Or delete its entry in startup in ccleaner

    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR

    Looks like this is using a crack to activate windows

    Use adwcleaner to remove mindspark. Close browsers first.

    Run it then click on scan. Then tell it to delete whatever comes up. Reboot then run it again then click on uninstall

    Adwcleaner MAY find this crack as well

  3. #3
    Silver Surfer blanco's Avatar
    Join Date
    Jan 2008
    Location
    Cardiff, South Wales, UK
    Posts
    509

    Default Re: HJT Log. Any advice please

    Thanks, Speedy. Yes, I know that the O.S. is pirated and patched.
    Adaware removed the patch and I was forced to repatch it in Safemode.
    Also, I agree that Ccleaner Monitoring causes a slowdown and will be disabled.
    By the way, This forum F1 server is behaving badly today. I am unable to post
    or reply normally and expect other users to complain. Thanks.

  4. #4
    Senior Member 1101's Avatar
    Join Date
    Jan 2008
    Posts
    7,114

    Default Re: HJT Log. Any advice please

    Quote Originally Posted by blanco View Post
    The Avast program keeps throwing up a
    pestulent warning regarding Mindspark so I would like to kill it if I can find it's location..
    have a look in the avast logs for its location , it might be in recycle bin or system restore . Or even in a zip file (perhaps in the downloads folder, a download with bundled adware)
    also allways disable AV when doing a malware scan, and when doing a manual scan set to all files .
    try malwarebytes

    Also reset IE, chrome, FF etc.

    I would disable
    C:\Program Files\IObit\Smart Defrag 4\SmartDefrag.exe
    C:\Program Files\Secunia\PSI\PSIA.exe

  5. #5
    Senior Member Lawrence's Avatar
    Join Date
    Dec 2005
    Location
    Tauranga
    Posts
    2,036

    Default Re: HJT Log. Any advice please

    Is MyWebSearch in the installed programs? as Mindspark is also known as MyWebSearch

    https://malwaretips.com/blogs/remove-mywebsearch/

  6. #6
    Silver Surfer blanco's Avatar
    Join Date
    Jan 2008
    Location
    Cardiff, South Wales, UK
    Posts
    509

    Default Re: HJT Log. Any advice please

    Thanks for all replies and advice. Sorted.

Similar Threads

  1. PSU advice
    By Myth in forum PressF1
    Replies: 3
    Last Post: 05-09-2008, 05:43 AM
  2. Advice on USB HDD
    By davehartley in forum PressF1
    Replies: 2
    Last Post: 13-02-2007, 10:56 PM
  3. my new pc.. need advice
    By dconline in forum PressF1
    Replies: 11
    Last Post: 16-08-2006, 02:54 PM
  4. Advice please
    By Tukapa in forum PressF1
    Replies: 8
    Last Post: 30-06-2006, 05:51 PM
  5. [OT] Tax Advice
    By Lohsing in forum PressF1
    Replies: 38
    Last Post: 02-02-2004, 09:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •