| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 123125 | 2012-02-05 05:21:00 | HiJack log diagnosis please | jupiter1 (2578) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1257505 | 2012-02-05 05:21:00 | Win XP. No major problems but system has just recently started accessing the web via my Netcomm router almost continuously. Anything in the HiJack log that can be deleted or changed to stop this ? All security programs run clean....Ad-Aware 9 Spybot 1.6.2 Malware Bytes. Also run Ccleaner, all ok on these front's. TIA HiJack log follows.......... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:58:32 p.m., on 5/02/2012 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Microsoft Money\System\urlmap.exe C:\Tools\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R3 - URLSearchHook: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - fpdownload2.macromedia.com O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 5351 bytes |
jupiter1 (2578) | ||
| 1257506 | 2012-02-05 05:27:00 | Install SP3 and keep it up to date. Is it an AMD or Intel system? Uninstall this O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') And Ad-aware, and spybot. Use malwarebytes instead. Install a virus scanner O4 - HKUS\S-1-5-18\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'Default user') Then get the norton removal tool, and run it Uninstall all previous versions of java. Yours is out of date. Make sure you install the latest version only. Either 6 update 30. Or 7 update 2. Older versions of java have vulnerabilities. |
Speedy Gonzales (78) | ||
| 1257507 | 2012-02-05 05:34:00 | Thanks Speedy. Will get back to you once I have done all this. Have tried to install SP3 twice in the past but it fails each time. Will try again and let you know the error report. Have uninstalled Norton in the past with Uninstall tool apparently successfully but it seems to have resurrected it's self ! Cheers, Phil. |
jupiter1 (2578) | ||
| 1257508 | 2012-02-05 05:41:00 | Did you get SP3 manually or from Windows update?? Look in C:\windows\softwaredistribution folder. Open the reportingevents txt file. Copy and paste the last few lines. That'll tell us why its failing | Speedy Gonzales (78) | ||
| 1257509 | 2012-02-05 19:57:00 | Did you get SP3 manually or from Windows update?? Look in C:\windows\softwaredistribution folder. Open the reportingevents txt file. Copy and paste the last few lines. That'll tell us why its failing First time from MS win update this time from my ISP's server. Both times failed with "Update aborted access denied error" All other of your previous suggestions are done. Old Java removed but new one not yet downloaded and installed. Below are the last lines applicable to today's attempt at installing SP3. Total gibberish to me I'm afraid. After backing out SP3 KB946648 was successfully installed. {27E77728-D46D-49E8-8A47-12ED2C150B37} 2012-02-06 07:37:32:828+1300 1 202 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Reboot completed. {63E253AB-B8D6-4996-A25E-BD6CAA45229E} 2012-02-06 08:16:22:546+1300 1 202 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Reboot completed. {D3871CBC-A7D1-43F6-A35F-8CB522E6AE96} 2012-02-06 08:18:19:984+1300 1 189 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. To install the updates, an administrator should log on to this computer and Windows will prompt with further instructions: - Security Update for Windows XP (KB946648) {9E3BD639-65A5-4445-9411-B9EBA006532A} 2012-02-06 08:18:19:984+1300 1 162 101 {83D1ADF5-779D-4016-8C31-549270F67B3F} 104 0 AutomaticUpdates Success Content Download Download succeeded. {D99964F9-EE84-447A-A9EC-E54D17B6B2B8} 2012-02-06 08:20:18:609+1300 1 183 101 {83D1ADF5-779D-4016-8C31-549270F67B3F} 104 0 AutomaticUpdates Success Content Install Installation Successful: Windows successfully installed the following update: Security Update for Windows XP (KB946648) |
jupiter1 (2578) | ||
| 1257510 | 2012-02-05 19:58:00 | Old Java removed but new one not yet downloaded and installed. | jupiter1 (2578) | ||
| 1257511 | 2012-02-05 20:18:00 | Hmm are there any failed entries in reportingevents?? Copy and paste some of them (if there are). It should show an error code or something | Speedy Gonzales (78) | ||
| 1257512 | 2012-02-05 22:13:00 | Above are all the lines pertaining to todays attempt to install SP3. As I said, all gibberish to me so cant answer your question about error reports. Phil |
jupiter1 (2578) | ||
| 1257513 | 2012-02-05 23:21:00 | Well there's nothing in those lines saying anything failed. I could have a look if you want with teamviewer. If you get this send the ID and pw it gives you (after you install it) in a PM. | Speedy Gonzales (78) | ||
| 1257514 | 2012-02-05 23:36:00 | done. see pm | jupiter1 (2578) | ||
| 1 | |||||