| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 98402 | 2009-03-24 00:23:00 | HiJackThis log | Driftwood (5551) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 758840 | 2009-03-24 00:23:00 | Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 13:21:26, on 24/03/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINXP\System32\smss.exe C:\WINXP\system32\winlogon.exe C:\WINXP\system32\services.exe C:\WINXP\system32\lsass.exe C:\WINXP\system32\svchost.exe C:\WINXP\System32\svchost.exe C:\WINXP\system32\svchost.exe C:\WINXP\system32\spoolsv.exe C:\WINXP\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINXP\system32\slserv.exe C:\WINXP\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINXP\system32\wscntfy.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINXP\system32\ctfmon.exe C:\WINXP\system32\wuauclt.exe C:\Documents and Settings\Paul\Desktop\HiJack\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINXP\SYSTEM32\avgrsstx.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINXP\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINXP\System32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINXP\SYSTEM32\slserv.exe -- End of file - 3767 bytes |
Driftwood (5551) | ||
| 758841 | 2009-03-24 00:26:00 | HJT is out of date but you can tick these then tick fix checked Close browsers R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file) O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe |
Speedy Gonzales (78) | ||
| 758842 | 2009-03-24 00:35:00 | Thanks, I'll do that & then run a later version. | Driftwood (5551) | ||
| 758843 | 2009-03-24 04:51:00 | Here is the latest log. Can't seem to get Outlook Express to run. Comes up with: "The identity logon could not be started. Some componants are either missing or incorrectly configured" Have reinstalled IE7 but doesent help. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 17:43:52, on 24/03/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINXP\System32\smss.exe C:\WINXP\system32\winlogon.exe C:\WINXP\system32\services.exe C:\WINXP\system32\lsass.exe C:\WINXP\system32\svchost.exe C:\WINXP\System32\svchost.exe C:\WINXP\system32\svchost.exe C:\WINXP\Explorer.EXE C:\WINXP\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINXP\system32\ctfmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINXP\system32\slserv.exe C:\WINXP\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINXP\system32\wscntfy.exe C:\WINXP\system32\wuauclt.exe C:\Documents and Settings\Paul\Desktop\HiJack\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINXP\SYSTEM32\avgrsstx.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINXP\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINXP\System32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINXP\SYSTEM32\slserv.exe -- End of file - 3683 bytes |
Driftwood (5551) | ||
| 758844 | 2009-03-24 04:58:00 | Hmm that error means this (support.microsoft.com) Or this (support.microsoft.com) Ones for OE 5.5 and the other OE 5 - 5.5. And windows 98 / ME, but not XP. Were you using OE 5.xx or 6?? The log is fine |
Speedy Gonzales (78) | ||
| 758845 | 2009-03-24 05:10:00 | Thanks Speedy. I've read both of those, but this system is XP using IE7. Those fixes seem to relate to Win98 or ME. |
Driftwood (5551) | ||
| 758846 | 2009-03-24 05:17:00 | Thats what I said, in my post. Does it show an error code number as well? Go to start/run and type sfc /scannow See what happens. I think you need the XP cd |
Speedy Gonzales (78) | ||
| 758847 | 2009-03-24 05:37:00 | error code 0x8007045A I've already done the scannow. Bit of history which may help. System would boot to xp start screen, them repeat. Same in safe mode. Pulled HD & slaved to another system. Scanned it with Malware bytes, Superantispyware & Avast. Found a veriety of trojans, tracking cookies, adware etc. Still would not boot. Hooked it up again & ran scandisc & repair. That fixed up some errors & after that it booted to windows AVG8 was installed but not running & Outlook Express wouldn't load Disabled system repair & ran M/bytes, 5 more trojans. Ran Ccleaner. Ran scf /scannow |
Driftwood (5551) | ||
| 758848 | 2009-03-24 05:44:00 | Thats a windowsupdate error (support.microsoft.com) Not an outlook express error Go to start/run, and type eventvwr. Look under system/application, for the time it happened. Double click on it. Click on the icon under the down arrow, and paste it here. Or click on the link it gives you, and see if it gives you a fix |
Speedy Gonzales (78) | ||
| 758849 | 2009-03-24 05:54:00 | OK, may be a while though, just re-installing sp2 on it at present. And cooking tea at the same time. |
Driftwood (5551) | ||
| 1 2 3 | |||||