| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 107909 | 2010-03-06 21:30:00 | HJT Log and Service Pack Problems | SP8's (9836) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 864526 | 2010-03-06 21:30:00 | Hi all ! Working on a students Toshiba M801 .... everything in Chinese so having to use daughters lappy to make sense of anything ! Have done a full scan with Malwarebytes, Spybot & MSE ... got rid of quite a few nasties but did not do that in safe mode or with system restore off ....should I repeat scans ? Something is stopping service packs downloading but think I can sort that out if I know the comp is "clean". Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:28:36, on 2010/3/7 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\ThpSrv.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\QvodPlayer\QvodTerminal.exe C:\Users\Toshiba m801\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Media Player\wmpnscfg.exe D:\DeskDict2\YodaoDict.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Windows\system32\igfxsrvc.exe C:\Users\Toshiba m801\AppData\Local\Google\Chrome\Application\chrom e.exe C:\Users\Toshiba m801\AppData\Local\Google\Chrome\Application\chrom e.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O1 - Hosts: ::1 localhost O2 - BHO: QvodExtend - {53AC8551-0DE0-4606-8A1E-A51AF20ADD60} - C:\Program Files\QvodPlayer\QvodExtend.dll O2 - BHO: Yodao Toolbar Helper - {6516E5BB-1186-4E2B-B8B8-2DC0E35AB1FA} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: BOC ProcessProtect Class - {776B71E2-B4CC-4C94-BC7C-09103AA690B6} - C:\Windows\system32\ProcessProtection.dll O2 - BHO: Windows Live 登录帮助程序 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE O4 - HKCU\..\Run: [YodaoDict] "D:\DeskDict2\RunDict.exe" -hide O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [QvodPlayer] C:\Program Files\QvodPlayer\QvodTerminal.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Toshiba m801\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [QvodPlayer] C:\Program Files\QvodPlayer\QvodTerminal.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [QvodPlayer] C:\Program Files\QvodPlayer\QvodTerminal.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 有道搜索(&Y) - res://D:\Toolbar\ydtbv2.20.0011.4000\YodaoToolbar.dll/158.htm O8 - Extra context menu item: 百度一下所选文字 (&B) - C:\Program Files\Common Files\Baidu\Baidu.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: 写入日志 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: 在 Windows Live Writer 中写入日志(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://*.alipay.com O15 - Trusted Zone: http://*.alisoft.com O15 - Trusted Zone: http://www.bankofchina.com O15 - Trusted Zone: http://www.boc.cn O15 - Trusted Zone: http://*.taobao.com O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) - img.alipay.com O16 - DPF: {52FF336D-A05D-4A14-A3A1-7B6B4B427F88} (UploadControl Control) - b.bst.126.net O16 - DPF: {654921BB-4DEA-41C7-BA97-9A1A5CDA9C72} (Uploader Control) - b.bst.126.net O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - dl.uc.sina.com O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - upload.facebook.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O16 - DPF: {D9306BD1-2325-4C28-8632-B02330C1BB02} (PhotoUploadCtrlMini Control) - b.bst.126.net O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Windows\System32\KuGoo3DownXControl.ocx O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Windows\System32\KuGoo3DownXControl.ocx O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google 更新服务 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: Tencent Software Update Service (TSUSVC) - Tencent - C:\Program Files\Tencent\QQSoftMgr\1.0.338.203\TencentUpdateS vc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9740 bytes Thanks in advance to any and all that can help out ! |
SP8's (9836) | ||
| 864527 | 2010-03-06 21:40:00 | Are there any errors, when you try to install the service packs?? You can tick these then tick fix checked Close browsers I would disable system restore O2 - BHO: Yodao Toolbar Helper - {6516E5BB-1186-4E2B-B8B8-2DC0E35AB1FA} - (no file) Uninstall ALL versions of java, its out of date, then update it This looks suss O2 - BHO: BOC ProcessProtect Class - {776B71E2-B4CC-4C94-BC7C-09103AA690B6} - C:\Windows\system32\ProcessProtection.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background This is a backdoor trojan by the looks of it (some sites say QvodTerminal.exe is) O4 - HKCU\..\Run: [QvodPlayer] C:\Program Files\QvodPlayer\QvodTerminal.exe O4 - HKUS\S-1-5-18\..\Run: [QvodPlayer] C:\Program Files\QvodPlayer\QvodTerminal.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [QvodPlayer] C:\Program Files\QvodPlayer\QvodTerminal.exe (User 'Default user') Did someone add these??? O15 - Trusted Zone: http://*.alipay.com O15 - Trusted Zone: http://*.alisoft.com O15 - Trusted Zone: http://www.bankofchina.com O15 - Trusted Zone: http://www.boc.cn O15 - Trusted Zone: http://*.taobao.com O15 - ESC Trusted Zone: http://*.update.microsoft.com I would reboot after doing the above, if this is 32 bit, install trojan remover (it MAY install) update it then click on scan. Then select all options under the utilities menu |
Speedy Gonzales (78) | ||
| 864528 | 2010-03-06 22:56:00 | Good morning Speedy. I always check new students computers when we host them and noticed that there were no service packs. I've cleaned out what I could and just tried to download SP1 .. it's @ 20% but I expect it to have problems and wonder whether I should cancel it and do the HJ thing first. As to the BOC stuff .... the student deals through BOC but she's given me the OK to delete them. SP1 stopped @ 20% as I was writing this .... error code 80070002 .... I've been through the whole process as per instructions on the Microsoft Support site but still failing. Wondering whether I can download to my comp and transfer to CD / DVD and install manually ? I'll clean out what you suggested and run Trojan Remover .... try downloading again and get back to you if I have any further problems. Clean install maybe ??? |
SP8's (9836) | ||
| 864529 | 2010-03-06 23:09:00 | No you cant copy whatever from your PC (if its windows / or installed already). It wont work. Use something like ccleaner, to clean the temp files Umm yup only other way you can fix it is to do a clean install You could try this (windows.microsoft.com). Even tho this is for Win7, it'll probably work for Vista |
Speedy Gonzales (78) | ||
| 864530 | 2010-03-07 00:41:00 | Hi Speedy ..... done everything, including CCleaner & TJ Remover which checked out everything OK. I wasn't meaning to copy SP's from my comp, but to download the SP's and install manually. For some reason Windows Update isn't doing it .... I'll have a read at the support site. Thanks for all your help ! |
SP8's (9836) | ||
| 864531 | 2010-03-07 00:52:00 | This looks suss O2 - BHO: BOC ProcessProtect Class - {776B71E2-B4CC-4C94-BC7C-09103AA690B6} - C:\Windows\system32\ProcessProtection.dll This is a backdoor trojan by the looks of it (some sites say QvodTerminal.exe is) O4 - HKCU\..\Run: [QvodPlayer] C:\Program Files\QvodPlayer\QvodTerminal.exe O4 - HKUS\S-1-5-18\..\Run: [QvodPlayer] C:\Program Files\QvodPlayer\QvodTerminal.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [QvodPlayer] C:\Program Files\QvodPlayer\QvodTerminal.exe (User 'Default user') These are legit Chinese programs.One is for computer security (www.isra.org.cn/ ) and the other is for music and videos.(http:) |
Pancake (6359) | ||
| 864532 | 2010-03-07 01:00:00 | OK then, well leave them there. Or reinstall them if you uninstalled them | Speedy Gonzales (78) | ||
| 864533 | 2010-03-07 01:13:00 | Thanks Eddy ... TOO late ... uninstalled !! Not a big problem. I've done all the steps in the Windows Update error 80070002 support .... SP's still refusing to download and install automatically. Suggestions ?? Clean install or download SP's as a stand-alone version and install manually ?? AND .. if I do that from MS USA .... will it work on Chinese version !!!! Panadine or hammer ..... LOL |
SP8's (9836) | ||
| 864534 | 2010-03-07 01:21:00 | You'll probably get the same error, if you install it manually. Do you want chinese traditional or chinese simplified? | Speedy Gonzales (78) | ||
| 864535 | 2010-03-07 01:29:00 | Simplified is the one she uses Speedy | SP8's (9836) | ||
| 1 2 | |||||