Hello robcampbell,
Please post all reports properly from now and on, and not as attachments.
---------------------------------------------------please can someone kindly assist our home pc has been hijacked
I can't see any evidence in your report. Can you prescribe the symptoms you have?
---------------------------------------------------P2P PROGRAMSIMPORTANT I notice there are signs of one or more
P2P (Person to Person) File Sharing Programs on your computer.
LimeWire I'd like you to read the
Guidelines for P2P Programs where we explain why it's not a good idea to have them.
Also available
here.
My recommendation is you go to
Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
If you choose not to remove them, please do not use them until this computer is clean.---------------------------------------------------Update
Java Runtime:
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is:
Java Runtime Environment Version 6 Update 4.
- Go to http://java.sun.com/javase/downloads/index.jsp
- Go to Java Runtime Environment (JRE) 6 Update 4 and click on Download button.
- In Platform box choose Windows.
- Check the box to Accept License Agreement and click Continue.
- Click on Windows Offline Installation, click on the link under it which says "jre-6u4-windows-i586-p.exe" and save the downloaded file to your desktop.
- Go to Start => Control Panel => Add or Remove Programs
- Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE)
- Reboot your computer
- Delete the folder C:\Program Files\Java if present
- Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
- Reboot your computer
---------------------------------------------------Please
download the
OTMoveIt2 by OldTimer and
Save it to your
Desktop.
Don't use it yet.---------------------------------------------------Go to Start-Settings-Control Panel, click on Add remove
Programs.
If any of the following programs are listed there, click on the program
to highlight it, and click on
remove. Then close the Control Panel.
AskSBar
ContextTool
GoogleToolbarNotifier << Optional see information here
---------------------------------------------------FIX HIJACKTHIS ENTRIES Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll << Optional
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe << Optional
O8 - Extra context menu item: &Search - ?p=ZJxdm088YYGB
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/ins ... _v01_6.cab
Then close all windows except Hijackthis and click
Fix CheckedClose HijackThis.
---------------------------------------------------OTMoveIt2- Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
- Code: Select all
C:\Program Files\AskSBar
C:\Program Files\ContextTool
Copy this also if you decide to remove it.
- Code: Select all
C:\Program Files\Google\GoogleToolbarNotifier
<< Optional
- Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose
Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter
*.log and press the Enter key, navigate to the
C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
---------------------------------------------------Please download
ATF cleanerMake sure that
all browser windows are closed.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click
Exit on the Main menu to close the program.
---------------------------------------------------Malwarebytes' Anti-MalwarePlease download
Malwarebytes' Anti-Malware to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform full scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. Please save it to a convenient location.
- The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt - Post that log back here.
---------------------------------------------------Post back:
OTMoveIt2 report.
Malwarebytes' Anti-Malware Report.
A new HijackThis log.
If still any symptoms, please describe.