| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 98928 | 2009-04-13 05:02:00 | Hi Jack this | demon31 (13324) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 764601 | 2009-04-13 05:02:00 | Hi All Having problems with windows especially restore does not show up(or load & windows update same thing Can someone look at this hijack please Logfile of HijackThis v1.99.1 Scan saved at 3:54:09 PM, on 4/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS.0\system32\spoolsv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS.0\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS.0\system32\drivers\dcfssvc.exe C:\WINDOWS.0\System32\svchost.exe C:\Program Files\IPEVO\Free-1 USB Phone\Free-1 USB Phone.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS.0\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS.0\PCHealth\HelpCtr\Binaries\HelpCtr.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = go.microsoft.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn8\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file) O2 - BHO: TBSB08360 - {85880F59-485A-474D-9955-915EC345316C} - (no file) O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn8\yt.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [Free-1] "C:\Program Files\IPEVO\Free-1 USB Phone\Free-1 USB Phone.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [EPSON Stylus CX6900F Series] C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_FAT IBKP.EXE /FU "C:\DOCUME~1\Gazza\LOCALS~1\Temp\E_S21.tmp" /EF "HKCU" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ErrorFix] C:\Program Files\ErrorFix\ErrorFix.exe -boot O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - support.microsoft.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - www.update.microsoft.com O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS.0\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS.0\system32\drivers\dcfssvc.exe O23 - Service: Google Update Service (gupdate1c98c9e725e69a2) (gupdate1c98c9e725e69a2) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe |
demon31 (13324) | ||
| 764602 | 2009-04-13 05:09:00 | Dont know why your folders have o on them Tick these then tick fix checked Close browsers O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file) O2 - BHO: TBSB08360 - {85880F59-485A-474D-9955-915EC345316C} - (no file) O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized Uninstall this program O4 - HKCU\..\Run: [ErrorFix] C:\Program Files\ErrorFix\ErrorFix.exe -boot Then reboot, then get malwarebytes below, update it then scan. Remove whatever comes up |
Speedy Gonzales (78) | ||
| 764603 | 2009-04-13 05:15:00 | Did you reinstall recently? It looks like you did not format the hard drive before you reinstalled...you may have leftover files from a previous installation Once you are done scanning with MalwareBytes, download Spyware Terminator and perform a full scan. www.spywareterminator.com Disable system restore first by right clicking my computer>Properties>system restore tab>Tick "Turn off system restore on all drives" Once all malware is removed you may re-enable system restore. Blam |
Blam (54) | ||
| 764604 | 2009-04-13 06:18:00 | Yes there was a reinstall about a year ago and has been operating fine until recently. Speedy could not find this: O4 - HKCU\..\Run: [ErrorFix] C:\Program Files\ErrorFix\ErrorFix.exe -boot. program to remove so checked it on hijack. Tried searching but search along with the others mentioned does not show or appear to work. also IE7 is coming up as "no addons enabled and anything I do does not enable them. I am using firefox here. Could there be some deep seated trojon etc?? Maleware showed nothing termintor showed heaps and followed instructions Getting quite frustrated |
demon31 (13324) | ||
| 764605 | 2009-04-13 06:32:00 | So what exactly is not working? Reboot whne the removal is finished, and make sure you disabled system restore BEFORe you scanned. Blam |
Blam (54) | ||
| 764606 | 2009-04-14 06:26:00 | Done all that has been advised and still no good, I wonder what next | demon31 (13324) | ||
| 764607 | 2009-04-14 06:45:00 | Try going run>cmd and type "sfc /scannow" and press enter. It may ask for your XP cd. Blam |
Blam (54) | ||
| 1 | |||||