Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

Register Log in

Completely screwed up pc

D

Dee_Collins

FPCH Member
Joined
Mar 31, 2008
Messages
34
Location
Kent
Some Experience
Hi

My internet is just completely screwed up, I have super anti spyware installed (free version) Malwarebytes (free) installed Avast Antivirus also. Basically I cant really do anything on the net, cant search google,yahoo or log into my email, have millions of pop ups even though I have all the blockers on. The cursor is constantly flickering tons more than it has ever done before.

I have windows xp and IE 7

Can anyone help?

Thanks
Dee
 
Let's start by disabling what you don't need. This is called booting to Safe Mode. You do this by tapping the F8 key immediately after starting the computer until the Start Menu comes up. Use the arrow keys to boot to Safe Mode with Networking.

Let us know how that goes.
 
Hi

Yep running in safe mode at the moment and i can do everything now, like log into my email and use the search engines now also. What should I do next?
 
Hi

Please download the latest version of HijackThis from Trend Micro and click on Download Hijack This Installer and save it to your desktop.
  • Doubleclick HJTInstall.exe to install HijackThis.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in Notepad. Include this log by copying and pasting in your next reply.
Notes:
Do not use the AnalyseThis button, its findings are dangerous if misinterpreted.
Do not have Hijackthis fix anything yet. Most of what it finds will be harmless, or required for your computer to run like it should.

You can download this in Safe mode but "Run" it in normal mode.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:14, on 30/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\brsvc01a.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\brss01a.exe
D:\WINDOWS\system32\imapi.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
D:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\Rundll32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://uk.red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/uk/*http://uk.docs.yahoo.
com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
Yahoo! Search - Web Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = M.O.T. Your PC ! <<>>
Intelenet | Intelligent Networking Solutions or email: mot@pdsystems.info
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
D:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} -
D:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
D:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program
Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM8b4abea7] Rundll32.exe "D:\WINDOWS\system32\oyumqlmq.dll",s
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Program
Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\Program
Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://D:\Program Files\AOL
Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &ieSpell Options - res://D:\Program
Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live
Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
Add to Windows Live Favorites
O8 - Extra context menu item: Check &Spelling - res://D:\Program
Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://D:\Program
Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://D:\Program
Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open in new background tab - res://D:\Program Files\Windows
Live Toolbar\Components\en-gb\msntabres.dll.mui/229?96385411e23941a59bda1d2f2bc5bbc
O8 - Extra context menu item: Open in new foreground tab - res://D:\Program Files\Windows
Live Toolbar\Components\en-gb\msntabres.dll.mui/230?96385411e23941a59bda1d2f2bc5bbc
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program
Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program
Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program
Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program
Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} -
D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program
Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
D:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) -
http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation
Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) -
http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3
_instmodule.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program
Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
http://www.eset.eu/buxus/docs/OnlineScanner.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program
Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe
Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner -
D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program
Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil
Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd -
D:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program
Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 8684 bytes
 
well the only things which are tcked are the following:

oyumqlmp (whatever that is)
ashDisp
jusched

The only reason I dont have loads is because I have had problems with my other pc and was told from this forum to only have Avast and Java running on startup, hence why only the above running. Have to amit I dont know what the first one is
 
If it's running well in Safe Mode, then there's something in the startup routine that's causing the problem. I'm no expert in analyzing HiJackThis logs.

I can suggest going back to msconfig. Turn everything in the STARTUP tab off. In the SERVCES tab, click on HIDE MS SERVICES and disable all the non-MS services. Restart in normal mode and see how it works.
 
Please start Hijackthis and do a Scan Only and place a check mark on the following items.

  • [*]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c.../uk.docs.yahoo.com/info/bt_side.html
    [*]R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! Search - Web Search
    [*]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = M.O.T. Your PC ! <<>> Intelenet | Intelligent Networking Solutions or email: mot@pdsystems.info
    [*]R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
    [*]O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
    [*]O4 - HKLM\..\Run: [BM8b4abea7] Rundll32.exe "D:\WINDOWS\system32\oyumqlmq.dll",s
    [*]O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    [*]O4 - HKLM\..\Run: [BM8b4abea7] Rundll32.exe "D:\WINDOWS\system32\oyumqlmq.dll",s
    [*]O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    [*]O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    Then click on Fix selected

Then download and run this CureIt 4.44 then restart your computer and let me know how its running.​


.
 
Yes sorry I am still here just trying to do all that you have suggested, hving a few problems doing the java download atm, but getting there slowly, as soon as I have it figured I shall let you know how its running.
 
Hi

I have finished doing what you said and the pc seems to be running loads better now, I can log into emails and searcg google etc, one thing though I did have a window appear after java had finished installing saying there was a fatl error and something couldnt be opened but I didnt see what it was as it then disappeared....

Another thing that has happened is I am constantly getting pop ups even though my blockers are enabled, I never used to get any pop ups at all
 
Last edited:
Good glad to hear it's better. Did you download and run the CureIt 4.44 program I linked to above?

Please download and run that program. Let me know what it finds.

Then we will run a FULL scan and clean routine that you need to follow the steps exactly as outlined. I won't post those instructions though until I hear back from you about the CureIt 4.44 program results.

.
 
The scanner found the following:

A0148422.exe Probably BACKDOOR Trojan
A0148423.exe Probably BACKDOOR Trojan
A0148424.exe program.mIRC.616

Whilst the scan was running my Avast kept finding Adware, should I press cure on the above items?
 
I did do a scan yesterday with that program and it did pull up more and so i clicked cure and it managed to delete a few and the ones it couldnt cure it moved. I had to click yes or no else the scan wouldnt continue. Most of what it found yeaterday were backdoor trojans
 
Back
Top