View Full Version : pc help needed from techy people
Right, my kids download stuff without my permission. I usually find it quite quickly & get rid of it. a couple of weeks ago something got on that is really annoying me.
when I am internetting, it will automatically open another tab & send me to another website that usually tries to sell something or claim I have won the said item.
I had something like this a year or so ago called 'myfreewebsearch' & I found it quite quickly but this time I can't find a trace of anything.
antivirus/antispyware can't find anything.....
I am using Windows Internet Explorer
Welsh Dan
30-12-08, 04:45 PM
go to tools-> internet options
then open the advanced tab, there are two reset buttons on there, use them both then close and re-open internet explorer.
if that doesnt work and it is really annoying you, take the computer back to a last saved point. cant remember the exact name of it but it will take it back to befor the thing was downloaded and let you carry on as normal and i think it keeps all the saved files as well.
Not sure if its related or not but my bro and my mum told me tother day apparently there is a new way of getting all of your details youve ever entered on any sites because explorer saves it all in the "remember me" option, apparently everything is kept whether you clear it or not so any card details and the like could still be accessed!
We have all switched over to firefox now as its supposed to miles safer, might be completely unrelated but i thought id share!
there was a virus in facebook that said someone has a video of you. and you click it and then they can get all of your information. my friend at work had it and canceled his facebook. i use firefox, imo its miles better
calibra-keith
30-12-08, 05:04 PM
have you updated your internet explorer?
http://www.bbc.co.uk/iplayer/episode/b00g924l/Click_20_12_2008/
go to about 7.40 and watch from there, this has caused lots of problems for people with popups, trojens and programs that you will struggle to find, makes your pc freeze and while online can access your comp, your details and steel what ever they like, mainly passwords for paypal and other online banking.
may not be but worth you looking into :thumb:
itrs malware - I had it and couldnt get rid of it - I ended up formatting my hard drive!
Download Adaware SE (do a search for lavasoft) - recommended by microsoft. Theres a free version (or trial) that'll identify the problem. Also use Firefox as IE has a loophole which is currently being exploited (although you can now get a patch so make sure your updates are updated).
Youre also best running a deep scan in dafe mode (reboot PC and press F8 - choose safe mode without internet connection) - run virus scan and then run malware scan uising adaware se - it'll find the problem.
If that fails then extreme measure is to format hard drive. It works - also helps clean up your PC making it run fast. Just back up your necesary files...
Ade
Not sure if its related or not but my bro and my mum told me tother day apparently there is a new way of getting all of your details youve ever entered on any sites because explorer saves it all in the "remember me" option, apparently everything is kept whether you clear it or not so any card details and the like could still be accessed!
We have all switched over to firefox now as its supposed to miles safer, might be completely unrelated but i thought id share!
Remembering personal data has been a feature of both IE and Firefox for donkeys years, nothing new.
Check msconfig for any odd startup items, also have a look in the IE folders in the registry for any obscure entries, and check the $root/drivers/etc/hosts file for dummy entries (note spybot adds its own content into this). Also try Malware bytes, thats a pretty good AV program. Do you get the same problems running in safe mode and minimal service mode?
meritlover
30-12-08, 05:46 PM
i think i know what your trying to say ;)
'my kids' went on and 'downloaded stuff' they shouldnt have too, and got all sorts of pop-ups associated with the content downloaded at the time on my pc
they were cleared in the end by Search-and-destroy.
dont worry you dont have to keep secrets on this site ;) Meritlover understands:thumb:
xxxx
Mattman
30-12-08, 06:19 PM
'my kids' went on and 'downloaded stuff'
lmao
General Baxter
30-12-08, 06:29 PM
Check msconfig for any odd startup items, also have a look in the IE folders in the registry for any obscure entries, and check the $root/drivers/etc/hosts file for dummy entries (note spybot adds its own content into this). Also try Malware bytes, thats a pretty good AV program. Do you get the same problems running in safe mode and minimal service mode?
+1 rep
iv just done this, now getting no pop ups, 15 active programs, i had over 60 before lol
nooooo
You must spread some Reputation around before giving it to roadknight again
roadknight
Not you too lol
+rep for trying to rep me lol
i think i know what your trying to say ;)
'my kids' went on and 'downloaded stuff' they shouldnt have too, and got all sorts of pop-ups associated with the content downloaded at the time on my pc
they were cleared in the end by Search-and-destroy.
dont worry you dont have to keep secrets on this site ;) Meritlover understands:thumb:
xxxx
if I wanted to download something dodgy, then I would.....
my 3 daughters really do come home from school with web addresses from their friends. these usually link to kids game sites. they trial a game, like it & then click on download.... that's when the trouble starts. I spend hours deleting things.
Follow the instructions on this link - http://www.geekstogo.com/forum/You-Must-Read-Before-Posting-Hijackthis-Log-t2852.html
Post the HJT log here... :)
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:30, on 30/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Virgin Broadband\PCguard\RPS.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Mike & Debbie Saunde\AppData\Local\wmggg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.ex e
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [workflow] E:\installs\workflow.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [wmggg] "c:\users\mike & debbie saunde\appdata\local\wmggg.exe" wmggg
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/PopularScreenSaversFWBInitialSetup1.0.1.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
--
End of file - 7813 bytes
Fix the following by running it again and selecting the tick box :-)
C:\Windows\system32\SearchFilterHost.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab (http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/PopularScreenSaversFWBInitialSetup1.0.1.0.cab)
Get spybot down loaded too.
This finds alot of the very hidden stuff.
Powered by vBulletin® Version 4.2.5 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.