HELP!! My PC is broken!!

pchelpman

Gadge ... I will PM you re. HJT training.

Mum .... update Ewido to the latest definitions then rescan your computer wih it. Post the Ewido log report to this thread.

HJT ... yes please. A fresh log with description of pop ups you see. Are they all coming from the same place? All have the same name?

Generally speaking it's not a good idea to try and load updates like SP2 on to an infected machine. Infections will probably interfere with updates loading properly. You could end up worse than before.

Anyway, let's look at the 2 logs and hear your descriptions before going further.

Browntoa

wonder if its just those "messenger" pop ups

stressedoutmumof1

The pop ups are gambling, texting, dating and vodafone websites

pchelpman

:eek: In that case do as I suggest in post 52 above. We'll go from there.

Gadge_2

pchelpman, thanks for the PM, will have a look at the site,

I am intrigued to the root of this mum's problems, especially is after she reported having a reinstall on the 25th.

The last sp1 machine that would not behave itself ,that I had to work on, still needed over 40 updates after sp2 was installed, Now it is sweet

However, I learn something new everyday

stressedoutmumof1

Hi guys

HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 08:08:23, on 28/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TALKTA~1\backweb\81720\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\TalkTalk Online Security\Anti-Virus\fsgk32st.exe
C:\Program Files\TalkTalk Online Security\backweb\81720\program\fsbwsys.exe
C:\Program Files\TalkTalk Online Security\Anti-Virus\FSGK32.EXE
C:\Program Files\TalkTalk Online Security\Common\FSMA32.EXE
C:\Program Files\TalkTalk Online Security\Anti-Virus\fssm32.exe
C:\Program Files\TalkTalk Online Security\Common\FSMB32.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\TalkTalk Online Security\Common\FCH32.EXE
C:\Program Files\TalkTalk Online Security\Common\FAMEH32.EXE
C:\Program Files\TalkTalk Online Security\Anti-Virus\fsrw.exe
C:\Program Files\TalkTalk Online Security\FSPC\fspc.exe
C:\Program Files\TalkTalk Online Security\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\TalkTalk Online Security\FSGUI\ispnews.exe
C:\Program Files\TalkTalk Online Security\Common\FSM32.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
A:\hijackthis2\HijackThis.exe

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [News Service] "C:\Program Files\TalkTalk Online Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\TalkTalk Online Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\TalkTalk Online Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\TalkTalk Online Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: TalkTalk Online Security.lnk = C:\Program Files\TalkTalk Online Security\backweb\81720\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\TalkTalk Online Security\Anti-Spyware\blockpopups.htm
O9 - Extra button: Web Filter - !!200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\TalkTalk Online Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - !!200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\TalkTalk Online Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - !!200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\TalkTalk Online Security\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - !!300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\TalkTalk Online Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - !!300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\TalkTalk Online Security\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: !!6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153895403265
O16 - DPF: !!6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153895385437
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = 62.24.128.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = 62.24.128.17
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\fp4203hoe.dll (file missing)
O23 - Service: TalkTalk Online Security (BackWeb Plug-in - 81720) - BackWeb Technologies Inc. - C:\PROGRA~1\TALKTA~1\backweb\81720\Program\SERVIC~1.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\TalkTalk Online Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\TalkTalk Online Security\backweb\81720\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\TalkTalk Online Security\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\TalkTalk Online Security\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\TalkTalk Online Security\Common\FSMA32.EXE
O23 - Service: Windows Update Manager Tool (UpdateManagerTool) - Unknown owner - C:\WINDOWS\update\updmangr.exe (file missing)
O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)

Ewido Log

+ Created at: 12:56:09 27/07/2006

+ Scan result:



C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned.
C:\WINDOWS\system32\__delete_on_reboot__g_u_a_r_d_._t_m_p_ -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\eqntagnt(2).dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\fp4203hoe.dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\fp8u03l9e.dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\irl0l53m1.dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\k6pm0g71e6.dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\mv0sl9d71.dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\o6lulg3916.dll -> Adware.Look2Me : Cleaned.
[2960] C:\WINDOWS\system32\mrctf.dll -> Adware.Look2Me : Cleaned.
[4080] C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Error during cleaning.
C:\!KillBox\updmangr.exe -> Backdoor.Agent.abc : Cleaned.
C:\!KillBox\services.exe -> Backdoor.SdBot.atf : Cleaned.
C:\!KillBox\services.exe( 1) -> Backdoor.SdBot.atf : Cleaned.
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\EW40SIV8\lie[1].exe -> Backdoor.SdBot.atf : Cleaned.
C:\!KillBox\nwnmad_5.exe -> Downloader.Adload.ca : Cleaned.
: Cleaned.


::Report end


Also when I log onto the pc it is now giving me a runner error - Runner File Name (fspex.exe) lack a '-' (the app id separater)

and it won't let me update talk talk or ewido anti spyware

Thanks

Browntoa

Remove these 2 entries

O23 - Service: Windows Update Manager Tool (UpdateManagerTool) - Unknown owner - C:\WINDOWS\update\updmangr.exe (file missing)
O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)

then go to those locations and manually delete the file if it still exists.

that error message is part of the talk talk antivirus

are you still getting pop ups ??

Browntoa

I suggest uninstalling the Talk talk Anti virus stuff at this point

turn on windows firewall

http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx

then connect to the web and download crapcleaner

www.ccleaner.com

and run it to let it clean all the temp files etc from the PC

and then download and install AVG

http://free.grisoft.com/doc/5390/lng/us/tpl/v5#avg-free

then update it and do a full scan in safe mode

then do a new hijack this log

Browntoa

how you getting on ??

any joy yet ??

were you still getting pop-ups after the last ewido clean ??

stressedoutmumof1

Hi guys - just wanted to say a really BIG thankyou!

Everything is working perfectly now, and if it wasn't for you I wouldn't be here. Thanks you so much for all your patience and fantastic knowledge - you're stars!!!

Thanks again.