| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 91088 | 2008-06-25 12:30:00 | HijackThis log | JOEJG (10295) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 682459 | 2008-06-25 12:30:00 | If someone would be kind and check it for me, thanks. But it looks okay to me. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:43:06 PM, on 6/25/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\My Downloads\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe C:\WINDOWS\System32\hphmon04.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\UMonit2K.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\WINDOWS\System32\HPHipm11.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE C:\WINDOWS\system32\wuauclt.exe D:\Program Files\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.wanadoo.co.uk R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{E8D8DD16-1C16-4B70-84E8-98C2BAEC0E74}: NameServer = 193.36.79.101 193.36.79.100 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\My Downloads\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe -- End of file - 4734 bytes |
JOEJG (10295) | ||
| 682460 | 2008-06-25 12:52:00 | Run HJT again, tick these then tick fix checked Close browsers Whats F? O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm |
Speedy Gonzales (78) | ||
| 682461 | 2008-06-25 13:31:00 | F: drive is my CD-RW drive. I'm guessing that one was my printer/scanner setup. HP is my Hewlett-Packard printer or/and scanner. Should I delete? I'll wait for you, no worries about waiting. |
JOEJG (10295) | ||
| 682462 | 2008-06-28 11:03:00 | Can you read my other topic first: pressf1.co.nz and then please check this: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:15:33 AM, on 6/28/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\My Downloads\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe C:\WINDOWS\System32\hphmon04.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\UMonit2K.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\HPHipm11.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe D:\My Downloads\Ad-Aware2007.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe D:\Program Files\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.wanadoo.co.uk R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.a2articles.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Windows UDP Control Services] wksvcsc.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{E8D8DD16-1C16-4B70-84E8-98C2BAEC0E74}: NameServer = 193.36.79.101 193.36.79.100 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\My Downloads\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe -- End of file - 4878 bytes |
JOEJG (10295) | ||
| 682463 | 2008-06-28 12:56:00 | You guys can see that wuauclt? I knew that was strange, that and another that I thought was suspicious. They have both been deleted by me when I observed the WINDOWS and did a Google search on them. Can you see anymore? Since my CCleaner and Ad-Aware obviously failed to see them. |
JOEJG (10295) | ||
| 682464 | 2008-06-28 13:22:00 | O4 - HKLM\..\Run: [Windows UDP Control Services] wksvcsc.exe You've got a service running a trojan which I think you will need to use SDFix to get rid of it. I'd do that first then see if there's any others lurking Here's where to download it and follow the instructions there... (you might want to copy those instructions and save on desktop as a text file - you will need to reboot in safe mode during the process) forums.majorgeeks.com . also Search with Wanadoo = nasty O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm |
bevy121 (117) | ||
| 682465 | 2008-06-28 14:14:00 | Ok, well I keep getting the file asking me to upload itself whenever I startup and enter the desktop. Its that file, but I haven't fallen for that mistake. Also it wants me to remove my Norton, which is just stupid. Thank you. |
JOEJG (10295) | ||
| 682466 | 2008-06-28 15:08:00 | Enemy trojan, defeated! SDFix: Version 1 . 198 Run by Administrator on Sat 06/28/2008 at 14:52 Microsoft Windows XP [Version 5 . 1 . 2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\wksvcsc . exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0 . 3 . 1361 . 2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www . gmer . net Rootkit scan 2008-06-28 15:11:25 Windows 5 . 1 . 2600 Service Pack 2 NTFS scanning hidden processes . . . scanning hidden services & system hive . . . scanning hidden registry entries . . . scanning hidden files . . . scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\\system32\\sessmgr . exe"="%windir%\\system32\\sessmgr . exe:*:enabled:@xpsp2re s . dll,-22019" "C:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst . exe"="C:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst . exe:*:Enabled:Dr SpeedTouch" "C:\\Program Files\\Messenger\\msmsgs . exe"="C:\\Program Files\\Messenger\\msmsgs . exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr . exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr . exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall . exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall . exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\WiFiConnector\\NintendoWFCReg . exe"="C:\\Program Files\\WiFiConnector\\NintendoWFCReg . exe:*:Enabled :Nintendo Wi-Fi USB Connector" [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\\system32\\sessmgr . exe"="%windir%\\system32\\sessmgr . exe:*:enabled:@xpsp2re s . dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr . exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr . exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall . exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall . exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups . zip Files with Hidden Attributes : Mon 23 Jun 2008 0 A . . H . --- "C:\WINDOWS\SoftwareDistribution\Download\a783a22e3 1f260e48506574cb9cd7a65\BIT5 . tmp" Mon 23 Jun 2008 0 A . . H . --- "C:\WINDOWS\SoftwareDistribution\Download\ac67bfa42 0e16e3ec2485fdb23d07a09\BIT4 . tmp" Finished! And my Hijackthis log Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 3:20:21 PM, on 6/28/2008 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP2 (6 . 00 . 2900 . 2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr . exe D:\My Downloads\aawservice . exe C:\WINDOWS\Explorer . EXE C:\WINDOWS\system32\spoolsv . exe D:\Program Files\navapsvc . exe C:\WINDOWS\System32\nvsvc32 . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\wscntfy . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag . exe C:\WINDOWS\system32\rundll32 . exe C:\WINDOWS\system32\wuauclt . exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd . exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7 . exe C:\WINDOWS\System32\hphmon04 . exe C:\WINDOWS\CTHELPER . EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf . exe C:\WINDOWS\system32\UMonit2K . exe C:\Program Files\Common Files\Symantec Shared\ccApp . exe C:\WINDOWS\system32\ctfmon . exe C:\WINDOWS\System32\msiexec . exe C:\Program Files\SpeedTouch\Dr SpeedTouch\drst . exe C:\Program Files\Messenger\msmsgs . exe C:\WINDOWS\System32\HPHipm11 . exe C:\Program Files\WiFiConnector\NintendoWFCReg . exe D:\Program Files\HijackThis . exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = . wanadoo . co . uk/iesearch/default . htm" target="_blank">www . wanadoo . co . uk R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper . dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1 . dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\NavShExt . dll O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar . dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1 . dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\NavShExt . dll O4 - HKLM\ . . \Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag . exe" /icon O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\WINDOWS\System32\NvCpl . dll,NvStartup O4 - HKLM\ . . \Run: [nwiz] nwiz . exe /install O4 - HKLM\ . . \Run: [NvMediaCenter] RUNDLL32 . EXE C:\WINDOWS\System32\NvMcTray . dll,NvTaskbarInit O4 - HKLM\ . . \Run: [zzzHPSETUP] F:\Setup . exe O4 - HKLM\ . . \Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd . exe O4 - HKLM\ . . \Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7 . exe O4 - HKLM\ . . \Run: [HPHmon04] C:\WINDOWS\System32\hphmon04 . exe O4 - HKLM\ . . \Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04 . exe" O4 - HKLM\ . . \Run: [CTHelper] CTHELPER . EXE O4 - HKLM\ . . \Run: [CTxfiHlp] CTXFIHLP . EXE O4 - HKLM\ . . \Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K . exe O4 - HKLM\ . . \Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8 . 0\Reader\Reader_sl . exe" O4 - HKLM\ . . \Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp . exe O4 - HKLM\ . . \Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy . exe O4 - HKCU\ . . \Run: [CTFMON . EXE] C:\WINDOWS\system32\ctfmon . exe O4 - HKCU\ . . \Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst . exe" -b O4 - HKCU\ . . \Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs . exe" /background O4 - HKUS\S-1-5-19\ . . \Run: [CTFMON . EXE] C:\WINDOWS\System32\CTFMON . EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\ . . \Run: [CTFMON . EXE] C:\WINDOWS\System32\CTFMON . EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\ . . \Run: [CTFMON . EXE] C:\WINDOWS\System32\CTFMON . EXE (User 'SYSTEM') O4 - HKUS\ . DEFAULT\ . . \Run: [CTFMON . EXE] C:\WINDOWS\System32\CTFMON . EXE (User 'Default user') O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool . lnk = C:\Program Files\WiFiConnector\NintendoWFCReg . exe O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar . dll/VSearch . htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\My Downloads\aawservice . exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr . exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc . exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService . exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\navapsvc . exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32 . exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11 . exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ . exe -- End of file - 5599 bytes I will delete that search with Wanadoo one now, so is that it? All clear? Edit: Deleted that as well . |
JOEJG (10295) | ||
| 682467 | 2008-06-28 18:37:00 | Grrr! That wuauclt just won't go away! Every time I delete it manually from the recycle bin, it just appears again on my next boot. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:46:01 PM, on 6/28/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe D:\My Downloads\aawservice.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\system32\rundll32.exe F:\Setup.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe C:\WINDOWS\System32\hphmon04.exe C:\WINDOWS\CTHELPER.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\UMonit2K.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe C:\WINDOWS\System32\msiexec.exe C:\WINDOWS\System32\HPHipm11.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\MsiExec.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe D:\Program Files\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.wanadoo.co.uk R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\NavShExt.dll O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\NavShExt.dll O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\My Downloads\aawservice.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe -- End of file - 5605 bytes Sorry about this, its like a neverending test of patience. I can end the wuauclt with task manager, but I want to get rid of it. Gtg now, so will be back tommorow. Thanks in advance. |
JOEJG (10295) | ||
| 682468 | 2008-06-28 18:46:00 | Tick these as well O4 - HKLM\ . . \Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd . exe O4 - HKLM\ . . \Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8 . 0\Reader\Reader_sl . exe" If youre talking about this file C:\WINDOWS\system32\wuauclt . exe It belongs to XP for Windowsupdate, and its probably coming back because its part of XP . And because of file protection . Everytime u delete it, because its required XP brings it back Leave it / Dont delete it |
Speedy Gonzales (78) | ||
| 1 2 | |||||