1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

please hellppppp!!!

Discussion in 'General Security' started by lisalaw, Apr 28, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. lisalaw

    lisalaw Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    8
    Please help,

    i lent my laptop to my younger sister and havent got a clue what she has done to it but nothing seems to work seems like there is a problem with everything. My norton anti virus has gone, i cant get on to ebay as it comes up needing to download a program that costs adobe has gone. Cant upload images, and im not the best with computers. What do i do im not sure what to uninstall and what to install. Please help

    Thanks Lisa
     
  2. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,907
    First Name:
    Frank
    Since you don't what your sister did to your laptop, let's see what a HijackThis log shows.

    Go here and click the green icon to download and save HijackThis 2.0.2.

    After it's downloaded and saved, close all open windows first, then double-click the saved file to install it.

    After it's installed, start it and then click "Do a system scan and save a log file".

    The scan is quick and will be finished in 30 seconds or less.

    When the log file appears, save it.

    Return here, then copy-and-paste the entire log here.

    -----------------------------------------------------------------

    Can you advise what the brand name, model name, and model number of your laptop is?

    -----------------------------------------------------------------
     
  3. lisalaw

    lisalaw Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    8
    Hi the aptop is a ADVENT ROMA
     
  4. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,907
    First Name:
    Frank
    Stay completely away from registry cleaner/optimizer/booster/tuneup type programs, no matter what they tell you they can do. They do nothing to improve speed or performance or to fix problems. What they can do is break certain programs and damage the operating system.

    If you've installed Registry Cleaner 1.1.77 out of desperation and have allowed it to "fix" what it found, you've probably done even more damage to your laptop.

    I'd like to see a HijackThis log.

    ----------------------------------------------------------------
     
  5. lisalaw

    lisalaw Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    8
    How do i get the hijackthis log????
     
  6. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,907
    First Name:
    Frank
    I gave you a download link and full instructions in post #2 - just before I asked for a description of your laptop.

    ---------------------------------------------------------------
     
  7. lisalaw

    lisalaw Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    8
    and i did the scan and copy and pasted what i thought was the log can u please explain the log?? Sorry about this
     
  8. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,907
    First Name:
    Frank
    You apparently don't know how to copy-and-paste.

    Start HijackThis again, then click "Do a system scan and save a log file".

    When the scan is finished and the log file appears, do not close it!

    Return here to your thread and open a new reply window.

    On the log file, click Edit - Select All(which will highlight everything), then click Edit - Copy.

    Right-click within your reply window, then click Paste.

    The log file will appear in your reply window.

    Now you can close the HijackThis log file.

    ------------------------------------------------------------------
     
  9. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    If running Windows Vista,

    Right-click on the HijackThis icon, and choose "Run as Administrator".

    If still no luck, disable the UAC.
     
  10. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,907
    First Name:
    Frank
    You submitted another Registry Cleaner scan log. :rolleyes:

    I want a HijackThis scan log.

    ---------------------------------------------------------------
     
  11. lisalaw

    lisalaw Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    8
    i am so sorry lol blonde moment

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:24:58, on 28/04/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18904)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\trademanager\AliIM.exe
    C:\Program Files\The TechGuys\Launch\Launch.exe
    C:\Program Files\OEM\LIVE! OSD 1.08(AD)\osd.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Users\Lisa\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
    C:\Program Files\T-Mobile\T-Mobile Internet Manager\T-Mobile Internet Manager.exe
    C:\Program Files\T-Mobile\T-Mobile Internet Manager\bmctl.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\VersalSoft\InternetDownload\InternetDownload.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\1-Click PC Fix v4\1-Click PC Fix Scheduler.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\IELowutil.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shareware.pro/?lang=en
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dooxer.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shareware.pro/?lang=en
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dooxer.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
    O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [InternetDownload_upgrade] "C:\Program Files\VersalSoft\InternetDownload\InternetDownload.exe" /upgrade
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [Reminder_MUI] C:\Program Files\TTG\Reminder\Reminder_MUI.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe"
    O4 - HKCU\..\Run: [aliim] C:\Program Files\trademanager\aliim.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
    O4 - Global Startup: Launch.lnk = ?
    O4 - Global Startup: OSD.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe (file missing)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://*.alipay.com
    O15 - Trusted Zone: http://*.alisoft.com
    O15 - Trusted Zone: http://*.taobao.com
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8D9A3D93-CC5A-4439-A28A-3EC30C2720A7}: NameServer = 149.254.201.126 149.254.192.126
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    --
    End of file - 8947 bytes



    Thank you very much for your help
     
  12. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,907
    First Name:
    Frank
    Click the green icon at both sites to download and save

    Malwarebytes Anti-Malware 1.45

    SUPERAntiSpyware 4.35.0.1002

    After they've both been downloaded and saved, close all open windows.

    Install Malwarebytes Anti-Malware, then restart your computer.

    Install SUPERAntiSpyware, then restart your computer again.

    Advised me when that's done, then I'll give you instructions for using them.

    ------------------------------------------------------------------
     
  13. antimoth

    antimoth

    Joined:
    Aug 8, 2009
    Messages:
    361
    Maybe a moderator can delete those long long extraneous registry scan posts.

    Just a amateur observer here, but looks like someone installed online casino/poker software and the IE home page is hijacked to a siteadvisor red site. Yuck.
     
  14. lisalaw

    lisalaw Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    8
    hi they are both installed now

    thanks
     
  15. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,907
    First Name:
    Frank
    OK, good. Follow these instructions carefully.

    Don't use your computer during the scanning process.

    -----------------------------------------------------------------

    Start Malwarebytes Anti-Malware.

    Click "Updates(tab) - Check for Updates".

    When the definition files have updated, click "OK".

    Click "Scanner(tab) - Perform quick scan - Scan".

    If infections are found during the scan, the number of infections will be highlighted in red.

    When the scan is finished, click "Show Results".

    Make sure that everything is selected, then click "Remove Selected".

    If you're prompted to restart to finish the removal process, click "Yes".

    Start Malwarebytes Anti-Malware again.

    Click "Logs"(tab).

    Highlight the scan log entry, then click "Open".

    When the scan log appears in Notepad, copy-and-paste it here.

    Start SUPERAntiSpyware.

    Click "Check for Updates".

    When the definition files have updated, click "Close".

    Click "Scan your Computer - Perform Quick Scan - Next".

    If infections or problems are found during the scan, a list will appear.

    When the scan is finished and the scan summary window appears, click "OK".

    Make sure that everything in the list is selected, then click "Next".

    If you're prompted to restart to finish the removal process, click "Yes".

    Start SUPERAntiSpyware again.

    Click "Preferences - Statistics/Logs"(tab).

    Highlight the scan log entry, then click "View Log".

    When the scan log appears in Notepad, copy-and-paste it here.

    -----------------------------------------------------------------
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - please hellppppp
  1. Kferguson319
    Replies:
    1
    Views:
    12,066
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/919752

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice