| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 91088 | 2008-06-25 12:30:00 | HijackThis log | JOEJG (10295) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 682469 | 2008-06-29 11:00:00 | Okay, I thought it was a threat since I used Google and it came up as: www.neuber.com Thanks. |
JOEJG (10295) | ||
| 682470 | 2008-06-29 11:40:00 | Yes thats right - but If you notice what it says at the beginning. Note: The wuauclt.exe file is located in the folder C:\Windows\System32. In other cases, wuauclt.exe is a virus, spyware, trojan or worm! In other cases.......... |
bevy121 (117) | ||
| 682471 | 2008-06-29 11:43:00 | Yes, I understand it being in S32. xD Stupid Microsoft! | JOEJG (10295) | ||
| 682472 | 2008-06-29 11:55:00 | ? that is the original filename that Microsoft called their windows update file which is perfectly legitimate and resides in that location. All other files of the same name in other places are only the same in name - they are a Trojan or virus etc that use the fake MS filename as a cover. Tho I'm not huge fan of MS or anything, I do fail to see how they become "Stupid Microsoft" in this case |
bevy121 (117) | ||
| 682473 | 2008-06-30 15:47:00 | Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:48:51 PM, on 6/30/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\My Downloads\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe C:\WINDOWS\System32\hphmon04.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\UMonit2K.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\WINDOWS\System32\HPHipm11.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC0 7.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW0 7.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG0 7.EXE D:\Program Files\HijackThis.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.wanadoo.co.uk R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K.exe O4 - HKLM\..\Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{E8D8DD16-1C16-4B70-84E8-98C2BAEC0E74}: NameServer = 193.36.79.101 193.36.79.100 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\My Downloads\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe -- End of file - 5333 bytes Yup, recently installed Avast, heard it was good. |
JOEJG (10295) | ||
| 682474 | 2008-06-30 21:49:00 | Its clean | Speedy Gonzales (78) | ||
| 682475 | 2008-07-02 20:28:00 | Cool, the other day I ran that Avast in SAFEMODE and with a deep scan, it found 3 viruses right at the start in the WINDOWS System Volume - I think thats what its called? So today I booted up and went from 900 MB of space to 1.2GB which I'm pleased about. Thanks. |
JOEJG (10295) | ||
| 682476 | 2008-07-02 22:06:00 | Getting rid of Nortons will make it go better. | Driftwood (5551) | ||
| 682477 | 2008-07-02 22:28:00 | Cool, the other day I ran that Avast in SAFEMODE and with a deep scan, it found 3 viruses right at the start in the WINDOWS System Volume - I think thats what its called? So today I booted up and went from 900 MB of space to 1.2GB which I'm pleased about. Thanks. Thats the system restore folder. Disable system restore. If you have XP Pro, go to tools / folder options in my computer / untick hide protected system files. Highlight the system volume info folder / right mouse properties / security tab / click on add. Type in the name that appears when you click on start. Click on check names. If the name is right it'll complete it. Tick everything under allow. Then OK. Then you should be able to get into the system volume info folder. Delete everything in it. Then enable system restore again. If you want to use it If you have XP Home, you'll have to do the above in safe mode |
Speedy Gonzales (78) | ||
| 682478 | 2008-07-04 18:48:00 | Yeah, I will do it tommorow so I don't do anything foolish (tired, you see.) I have XP Home and now my C drive has 1.50GB! I don't know why but its just gone-up again. I think Avast has done me proud so far. :) Edit: I will get rid of Norton. I've had it for years and have been paying the yearly fee but now I feel I do not need it. The renewal of the subscription is arriving very soon also, so I'll just decline. |
JOEJG (10295) | ||
| 1 2 | |||||