We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Google misbehaving!!!!!!!!!!
Comments
-
Anybody there?:wave:When man sacrifices the Love of POWER for the Power of Love, there will be peace on earth.0
-
Click Start>run... Type in regedit... click Edit>Find... type into there the !!!!!! site which keeps popping up (without the http://) and click "find next"... can you find it?
If not, go onto this site: http://network-tools.com/
... click "Ping" and type in the !!!!!! site's name in the search field. click "Submit". on the bottom left, you'll have some numbers... copy the numbers which look similar to this: ###.###.###.### and paste them in the searchfield of Regedit (which you previously opened). search the numbers. Can you find them?
If all else fails, try to do an online scan using Kaspersky... http://www.kaspersky.com/virusscanner
Running out of ideas now!0 -
Hi Gatita... ur thread got a lil buried there.
can you post the results of Start >> Run >> cmd ..in the command window type without the quotes " "'s "ipconfig /all"
Right click in the command window and select Mark. Drag your mouse over the results of the above command from " Windows IP Configuration " to the end. When all selected - press the Return/Enter key.
Then reply here by pressing Cltr + V to paste the info - thanks
There are still a few more tools - root kit revealers and temp area removers to try.
I would add also that some infections need tools running several times to remove them. And there is work to be done on your last HJT log ...Rich people save then spend.
Poor people spend then save what's left.0 -
Have you tried removing google toolbar?0
-
SHHHHHHHHHHHH
we think that you have cracked it.:T When we clicked on that link(as we were going to copy and paste it as you said), when lo and behold it showed "page cannot be displayed":D . So it looks as though the dratted pest has been disposed of .HEHEHE. We spent the weeekend doing about 7 different scans with the various trogan/spyware etc that you pointed us to all in safe mode and system restore disabled, plus resetting our router ( messing up all our settings, including wireless, but thats another story!!!!).
GreenNotM... you mentioned about the HJT log needing more work see the lastest scan log below.once again a million thanks to all of you that helped us.
Logfile of HijackThis v1.99.1
Scan saved at 22:23:31, on 26/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Anna\LOCALS~1\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.moneysavingexpert.com/
O2 - BHO: SuperAdBlockerBHO Class - !!00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKCU\..\Run: [BgMonitor_!!79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: !!00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: !!0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: !!74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: !!8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: livecall - !!828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - !!828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXEWhen man sacrifices the Love of POWER for the Power of Love, there will be peace on earth.0 -
Well you have certainly loaded up a few other tools...... ProcessGuard, SuperSdBlocker, but no Windows Defender or SpyBot now...
Is it the Windows firewall you are using ? If so here are 2 good free ones - Kerio Personal Firewall and ZoneLabs, but only use 1 at a time.
The following can go - if you want is but more of a tidy up. see reasons in blue.
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe << this could be a MS Office language switching tool or a version of Coolwebsearch but as it is in the "correct" folder and you have Excel... Do you change languages in Office or XP ? It can be turned off via XP..
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) << as the files are missing remove or re-install
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab << see here for details, are you still updating drivers ? Active X controls need to be watched.
You may want to read Tony Klein’s article 'How Did I Get Infected In The First Place'
http://forums.spywareinfo.com/index.php?showtopic=60955......
You may also want to run a RootKit revealer just in case you have something hidden away ... https://europe.f-secure.com/exclude/blacklight/index.shtml
Download the Graphical User Version and save it to c:\blacklight\
Double-click blbeta.exe to run the program
Click : Scan
A list of all items found is created
If anything is found then look in the BlackLight folder and named fsbl.xxxxxxx.log (xxxxxxx are numbers) will be the report.
Open the file and post the contents here.
And finally the other PC ??Rich people save then spend.
Poor people spend then save what's left.0 -
Hello GreenNotM:p
I have run the RootKit.nothing found thank goodness:o
Yes we do have Spybot installed.and we have been using Windows Firewall, and also we thought:cool: that the router had its own built-in firewall? but we will download ZoneLabs. I have also got rid of the things you pointed out in the HighJack log.
I have the horrible suspicion the reason we got infected was through an 'open' connection on our router:eek: The thing is we found it IMPOSSIBLE to 'lock' it, we spent HOURS trying to, the Sweex router has to be the most difficult to configure of all of them! or we are total idiots! (DON'T answer that:D so..........we have decided to spash out and buy a new one, a WWQ77393 :: Linksys Wireless-G ADSL Home Gateway Router HOPEFULLY this will be easier, should arrive this afternoon.
Again thank you, you have been an:AWhen man sacrifices the Love of POWER for the Power of Love, there will be peace on earth.0 -
Guess what:o when I tried to do a Disk-Cleanup it just hangs/freezes, I googled and found this below, but am unsure if I have done it correctly as it doesn't seem to have worked. Oh dear! will my PC problems never end:p
Disk Cleanup Freeze?
This tutorial has been test to work on WinXP Pro and Home only. That doesn't mean it won't work in other WinOS. Just that it's not been tested in others. It's a very common problem that many newbies almost always ignore to correct; that when you try to the Disk Cleanup tool, it may stop responding and you may receive the following message:
Disk Cleanup is calculating how much space you will be able to free on (C:).
This may take a few minutes to complete.
Scanning: Compress old files
This problem happens when there is an incorrect entry in the registry that is used by the Disk Cleanup utility to locate compressed files. In my view, I've noticed it happening to clean formatted computers as well, so I would suppose that the problem in the registry too is probably a faulty of M$ programming.
But here is a good little trick to follow if this happens to you:
1. Create a registry file by "right clicking" on the desktop > New > Text Document.
2. Name it anything you want with .reg extension. For example: diskcleanup.reg
3. Right click this file > Edit.
4. Type in the following code, then save and close:
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Compress old files]When man sacrifices the Love of POWER for the Power of Love, there will be peace on earth.0 -
Use the MS Guided method - best to avoid reg edits ..... http://support.microsoft.com/?kbid=823302Rich people save then spend.
Poor people spend then save what's left.0 -
or the MS manual method
Manual step to remove temporary files
To manually resolve this problem, delete all the files in the current user's Temp folder, and then delete all the user's temporary Internet files. To do this, follow these steps:
1.Click Start, click Run, type %temp%, and then click OK to open the Temp folder.
2.In the Temp folder, click Select All on the Edit menu, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
3.Click Start, click Control Panel, and then double-click Internet Options.
4.On the General tab, click Delete Files.
5.Click to select the Delete all offline content check box, and then click OK.
6.Click Start, and then click My Computer.
7.Right-click the drive that you want to clean, and then click Properties.
8.Click Disk Cleanup to run the Disk Cleanup tool again.
from above URL
maybe worth running "chkdsk /f /r" Start >> run >> "cmd" >> "chkdsk /f /r" ... you may need to reboot and this will run in a blue screen on restartingRich people save then spend.
Poor people spend then save what's left.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.7K Mortgages, Homes & Bills
- 177.5K Life & Family
- 258.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards