We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

HELP!! My PC is broken!!

Options
24567

Comments

  • stressedoutmumof1
    stressedoutmumof1 Posts: 1,483 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    Pitty_Fool wrote:
    Do you use mIRC?

    What is that? (sorry complete computer novice!)
    Squares knitted for my throw ~ 90 (yes!!! I have finally finished it :rotfl: )
    Squares made for my patchwork quilt ~ 80 (only the "actual" quilting to do now :rotfl:)
  • Browntoa
    Browntoa Posts: 49,602 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    ignore that :)....
    Ex forum ambassador

    Long term forum member
  • stressedoutmumof1
    stressedoutmumof1 Posts: 1,483 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    Here we go.........

    Logfile of HijackThis v1.99.1
    Scan saved at 15:26:13, on 18/07/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\TALKTA~1\backweb\81720\Program\SERVIC~1.EXE
    C:\Program Files\TalkTalk Online Security\Anti-Virus\fsgk32st.exe
    C:\Program Files\TalkTalk Online Security\Anti-Virus\FSGK32.EXE
    C:\Program Files\TalkTalk Online Security\backweb\81720\program\fsbwsys.exe
    C:\Program Files\TalkTalk Online Security\Common\FSMA32.EXE
    C:\Program Files\TalkTalk Online Security\Anti-Virus\fssm32.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\Program Files\TalkTalk Online Security\Common\FSMB32.EXE
    C:\WINDOWS\update\updmangr.exe
    C:\WINDOWS\system32\winws.exe
    C:\Program Files\TalkTalk Online Security\Common\FCH32.EXE
    C:\WINDOWS\services.exe
    C:\Program Files\TalkTalk Online Security\Common\FAMEH32.EXE
    C:\Program Files\TalkTalk Online Security\Anti-Virus\fsrw.exe
    C:\Program Files\TalkTalk Online Security\FSPC\fspc.exe
    C:\Program Files\TalkTalk Online Security\Anti-Virus\fsav32.exe
    C:\Program Files\TalkTalk Online Security\FWES\Program\fsdfwd.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\TalkTalk Online Security\FSGUI\ispnews.exe
    C:\Program Files\TalkTalk Online Security\Common\FSM32.EXE
    C:\PROGRA~1\TALKTA~1\ANTI-S~1\fsaw.exe
    C:\WINDOWS\System32\vcshost.exe
    C:\Program Files\TalkTalk Online Security\FSGUI\fsguidll.exe
    C:\dfndrad_5.exe
    C:\Program Files\Common Files\!!040839FD-0A28-2057-0225-04012420002c}\Update.exe
    A:\hijackthis2\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    O2 - BHO: Malicious Scripts Scanner - !!55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\pxbho.dll
    O2 - BHO: (no name) - !!6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\urqrqrr.dll
    O3 - Toolbar: &Radio - !!8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\TalkTalk Online Security\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\TalkTalk Online Security\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\TalkTalk Online Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\TalkTalk Online Security\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe
    O4 - HKLM\..\Run: [VCS Host] vcshost.exe
    O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
    O4 - HKLM\..\Run: [newname] C:\\nwnmad_5.exe
    O4 - HKLM\..\Run: [keyboard] C:\\kybrdad_5.exe
    O4 - HKLM\..\Run: [defender] C:\\dfndrad_5.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
    O4 - HKLM\..\RunServices: [VCS Host] vcshost.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
    O4 - HKCU\..\Run: [VCS Host] vcshost.exe
    O4 - Global Startup: TalkTalk Online Security.lnk = C:\Program Files\TalkTalk Online Security\backweb\81720\Program\fspex.exe
    O8 - Extra context menu item: &Block this popup - C:\Program Files\TalkTalk Online Security\Anti-Spyware\blockpopups.htm
    O9 - Extra button: Web Filter - !!200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\TalkTalk Online Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - !!200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\TalkTalk Online Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Web Filter - !!200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\TalkTalk Online Security\FSPC\fspcmsie.dll
    O9 - Extra button: IE Shield - !!300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\TalkTalk Online Security\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE Shield... - !!300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\TalkTalk Online Security\Anti-Spyware\ieshield.dll
    O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = 62.24.128.17
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = 62.24.128.17
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = 62.24.128.17
    O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\ktnml7511.dll
    O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\jtj8071ue.dll (file missing)
    O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\hp0023dmg.dll (file missing)
    O20 - Winlogon Notify: URL - C:\WINDOWS\system32\fp6q03j5e.dll (file missing)
    O20 - Winlogon Notify: urqrqrr - C:\WINDOWS\SYSTEM32\urqrqrr.dll
    O23 - Service: TalkTalk Online Security (BackWeb Plug-in - 81720) - BackWeb Technologies Inc. - C:\PROGRA~1\TALKTA~1\backweb\81720\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\TalkTalk Online Security\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\TalkTalk Online Security\backweb\81720\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\TalkTalk Online Security\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\TalkTalk Online Security\FSPC\fshttps\fshttps.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\TalkTalk Online Security\Common\FSMA32.EXE
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: SNMP Service (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe (file missing)
    O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: Windows Update Manager Tool (UpdateManagerTool) - Unknown owner - C:\WINDOWS\update\updmangr.exe
    O23 - Service: Windows DLL Manager - Unknown owner - C:\WINDOWS\system32\winws.exe
    O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\services.exe

    Thanks guys
    Squares knitted for my throw ~ 90 (yes!!! I have finally finished it :rotfl: )
    Squares made for my patchwork quilt ~ 80 (only the "actual" quilting to do now :rotfl:)
  • Pitty_Fool
    Pitty_Fool Posts: 25 Forumite
    stressedoutmumof1 wrote:
    What is that? (sorry complete computer novice!)

    Its Internet Relay Chat i was just curious to if you used it because if you did there is a chance it could of come from there. That website said it was a Worm.Ircbot. When you download things from IRC you can get dodgey worms and spyware.
  • Browntoa
    Browntoa Posts: 49,602 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    these need to be ticked

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com

    O2 - BHO: (no name) - !!6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\urqrqrr.dll

    O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll

    O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\ktnml7511.dll

    O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\jtj8071ue.dll (file missing

    O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\hp0023dmg.dll (file missing)

    O20 - Winlogon Notify: URL - C:\WINDOWS\system32\fp6q03j5e.dll (file missing)

    O20 - Winlogon Notify: urqrqrr - C:\WINDOWS\SYSTEM32\urqrqrr.dll

    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

    O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)

    O23 - Service: Windows Update Manager Tool (UpdateManagerTool) - Unknown owner - C:\WINDOWS\update\updmangr.exe

    O23 - Service: Windows DLL Manager - Unknown owner - C:\WINDOWS\system32\winws.exe

    then click on the "fix" button


    then download Killbox

    http://www.bleepingcomputer.com/files/killbox.php

    Download this file, extract it, and run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted

    and delete these (enter the full path as shown)

    C:\Program Files\Network Monitor\netmon.exe

    C:\WINDOWS\services.exe

    C:\dfndrad_5.exe

    C:\WINDOWS\update\updmangr.exe

    C:\WINDOWS\System32\vcshost.exe

    C:\dfndrad_5.exe

    C:\WINDOWS\v1201.exe

    and do the same with these two, but you will need to find the full location

    O4 - HKLM\..\Run: [newname] C:\\nwnmad_5.exe

    O4 - HKLM\..\Run: [keyboard] C:\\kybrdad_5.exe
    Ex forum ambassador

    Long term forum member
  • Browntoa
    Browntoa Posts: 49,602 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    afterwards, reboot and see if you can connect, if not then download and run this

    http://www.cexx.org/lspfix.htm

    LSP-Fix (.zip) v1.1 - includes the program, documentation and source code
    Ex forum ambassador

    Long term forum member
  • Browntoa
    Browntoa Posts: 49,602 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    if you can connect to then internet then follow this

    http://forums.moneysavingexpert.com/showthread.html?t=133269

    posts 1 to 4

    then post a new hijackthis log + the report log from ewido
    Ex forum ambassador

    Long term forum member
  • stressedoutmumof1
    stressedoutmumof1 Posts: 1,483 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    Thanks Browntoa - will try all when I get home from work :D
    Squares knitted for my throw ~ 90 (yes!!! I have finally finished it :rotfl: )
    Squares made for my patchwork quilt ~ 80 (only the "actual" quilting to do now :rotfl:)
  • Browntoa
    Browntoa Posts: 49,602 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    ignore any "advice " from anyone apart from me or Pchelpman :) from this point
    Ex forum ambassador

    Long term forum member
  • Toxteth_OGrady
    Toxteth_OGrady Posts: 3,958 Forumite
    1,000 Posts Combo Breaker
    @stressedout

    Give this a try.

    Sorry Browntoa, couldn't resist :D

    :rotfl:

    :cool:

    TOG
    604!
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.9K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.9K Work, Benefits & Business
  • 598.7K Mortgages, Homes & Bills
  • 176.9K Life & Family
  • 257.2K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture