We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide

What an idiot - please help

1235

Comments

  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Wheres the hijack log?
    :idea:
  • flossy_splodge
    flossy_splodge Posts: 2,544 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    :confused: Bump :confused:
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Should still be on your desktop flossy

    Go and copy and paste the notepad text
    :idea:
  • flossy_splodge
    flossy_splodge Posts: 2,544 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    aliEnRIK wrote: »
    Should still be on your desktop flossy

    Go and copy and paste the notepad text
    Hey rik. Sorry to make life confusing but I posted the log in a separate post as i wasn't sure the computer wouls stay running long enough for me to find this original thread1 It's about 2 posts further down the page?
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Here is Hijack log.
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:48, on 2009-03-25
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal
    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\savedump.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINNT\system32\IoctlSvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
    C:\WINNT\system32\HotfixQ0306270.exe
    C:\Program Files\btbb_wcm\McciTrayApp.exe
    C:\PROGRA~1\BTBROA~1\SMARTB~1\BTHelpNotifier.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
    C:\WINNT\system32\wuauclt.exe
    C:\PROGRA~1\BTBROA~1\SMARTB~1\SBHookSvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.moneysavingexpert.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.itsnlp.com/evening/index.htm
    O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ADATA_PLUtil] C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
    O4 - HKLM\..\Run: [PLFFAP] C:\WINNT\system32\HotfixQ0306270.exe
    O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~1\SMARTB~1\BTHelpNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
    O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: BT Yahoo! Services - !!5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINNT\system32\shdocvw.dll
    O16 - DPF: !!0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: !!17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: !!1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: !!30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: !!56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: !!6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1162850751092
    O16 - DPF: !!9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINNT\system32\IoctlSvc.exe
    O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\PROGRA~1\BTBROA~1\SMARTB~1\SBHookSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
    --
    :idea:
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    how do you KNOW its infected?
    :idea:
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    assuming it IS infected

    Your going to have to create a 'rescue disc'

    Download this image file to your desktop
    http://dl1.pro.antivir.de/package/rescue_system/common/en/rescue_system-common-en.iso

    It SHOULD be self explanatory but once its up and running then here are the instructions in case you want them at hand ~
    http://www.avira.com/documents/tools/pdf/en/man_avira_antivir-removaltool_en.pdf

    Download IMGBURN and install it
    Open it and goto BURN IMAGE FILE
    BROWSE for the ISO file on the desktop and burn to a cd

    Put the cd in your infected computer and boot from it (May need to go into BIOS to change the boot order) ~ usually the DELETE key at bootup

    If tou cant get anything else running then this is my only advice other than wipe it and start afresh
    :idea:
  • flossy_splodge
    flossy_splodge Posts: 2,544 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    aliEnRIK wrote: »
    how do you KNOW its infected?
    I don't. Assumed that was the problem when it all went pear shaped. Do you NOT think it's an infection?
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    I really dont know
    Youve said on the other thread youve just now installed Avira yes?
    If thats not picked anything up straight away then I suspect your not infected (only SUSPECT mind)

    Id suggest putting PCTOOLS firewall on your computer ready to install
    Download PC TOOLS FIREWALL (Make sure you click 'DOWNLOAD NOW')
    When installing you have the option of installing 'THREATFIRE' too (another antivirus program). Entirely upto you if you wish to or not.
    http://www.download.com/PC-Tools-Firewall-Plus-Free-Edition/3000-10435_4-10625321.html

    Disconnect from the net. Uninstall zonealarm and see how it is (WITHOUT connecting to the net)
    If its fine then install PCTOOLS firewall and carry on as normal
    :idea:
  • flossy_splodge
    flossy_splodge Posts: 2,544 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    You're not as green as you're cabbage looking are you Rik?! (Thats a compliment by the way!).
    I read somewhere on another thread to check the err shall we say 'dust status' of the inside of the case. Yep, you know whats coming dont you!
    It was dreadful.
    Have cleaned it out (carefully) and can now update most stuff.
    Have run a lot of the progs you normally recomend and no threats found so far.
    However, the drivers had gone walkabouts for the display (Nvidia) so I've sorted that - well nearly, desktop now ok but MSE too big :o but everything is PAINFULLY slow! Reminds me of my old dial up days!:eek:
    Zone Alarm kept disappearing although still in my programmes list and Avira would run but NOT update.
    Anyway, I've removed Avira for now and installed Avast which is currently scanning.
    I'm going to take your advice Rik and try PCTools for the Firewall and uninstall ZA.
    One last thing.
    I notice in the Hijack log that there seems to be some remnants of AVG even tho I've uninstalled and used the removal tool. Any thoughts?:o
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 353.5K Banking & Borrowing
  • 254.1K Reduce Debt & Boost Income
  • 455K Spending & Discounts
  • 246.6K Work, Benefits & Business
  • 602.9K Mortgages, Homes & Bills
  • 178.1K Life & Family
  • 260.6K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture