| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 90208 | 2008-05-26 20:31:00 | HijackThis Log help needed | brig (1359) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 672779 | 2008-05-26 20:31:00 | This is from a Toshiba Satellite 1130 laptop running XP Home on only 256 Mb Ram ( soon to be upped to 512) It was grinding to a halt and failing to complete a dial-up connection. I've removed various trojans and other nasties and although it's quite a bit faster it still won't complete dial-up. I'm one step away from a reformat - but first, can anyone see anything suspicious in this? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:07:32 a.m., on 27/05/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\TPPALDR.EXE C:\WINDOWS\System32\hkcmd.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\ Yahoo! \COMPAN~1\Installs\cpn\ycomp5_3_ 12_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O3 - Toolbar: & Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\ Yahoo! \COMPAN~1\Installs\cpn\ycomp5_3_ 12_0.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: & Yahoo! Search - file:///C:\Program Files\ Yahoo! \Common/ycsrch.htm O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\ Yahoo! \Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\ Yahoo! \Common/ycdict.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Companion\Modules\messmod2\v4\yhexbme s.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Companion\Modules\messmod2\v4\yhexbme s.dll O9 - Extra button: Photo Manager-1 - {49C93020-B937-11d4-84A9-0020AFFA0544} - C:\Program Files\Thalia\Manager 2.0\IEPlugin.exe (file missing) O9 - Extra 'Tools' menuitem: Photo Manager-1 - {49C93020-B937-11d4-84A9-0020AFFA0544} - C:\Program Files\Thalia\Manager 2.0\IEPlugin.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Photo Manager-2 - {DB9A7420-C982-11d4-84C9-0020AFFA0544} - C:\Program Files\Thalia\Manager 2.0\IEPlugin-2.exe (file missing) O9 - Extra 'Tools' menuitem: Photo Manager-2 - {DB9A7420-C982-11d4-84C9-0020AFFA0544} - C:\Program Files\Thalia\Manager 2.0\IEPlugin-2.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Chat - us.chat1.yimg.com O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - scan.safety.live.com O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} ( Yahoo! Webcam Upload Wrapper) - chat.yahoo.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - us.dl1.yimg.com O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe -- End of file - 7703 bytes Thanks for looking |
brig (1359) | ||
| 672780 | 2008-05-26 21:48:00 | Looks clean to me, but these can be ticked, then tick fix checked Close browsers O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Photo Manager-1 - {49C93020-B937-11d4-84A9-0020AFFA0544} - C:\Program Files\Thalia\Manager 2.0\IEPlugin.exe (file missing) O9 - Extra 'Tools' menuitem: Photo Manager-1 - {49C93020-B937-11d4-84A9-0020AFFA0544} - C:\Program Files\Thalia\Manager 2.0\IEPlugin.exe (file missing) 09 - Extra button: Photo Manager-2 - {DB9A7420-C982-11d4-84C9-0020AFFA0544} - C:\Program Files\Thalia\Manager 2.0\IEPlugin-2.exe (file missing) O9 - Extra 'Tools' menuitem: Photo Manager-2 - {DB9A7420-C982-11d4-84C9-0020AFFA0544} - C:\Program Files\Thalia\Manager 2.0\IEPlugin-2.exe (file missing) |
Speedy Gonzales (78) | ||
| 672781 | 2008-05-26 21:53:00 | [QUOTE=brig;677748] failing to complete a dial-up connection. O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\ Yahoo! \COMPAN~1\Installs\cpn\ycomp5_3_ 12_0.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O3 - Toolbar: & Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\ Yahoo! \COMPAN~1\Installs\cpn\ycomp5_3_ 12_0.dll O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: & Yahoo! Search - file:///C:\Program Files\ Yahoo! \Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\ Yahoo! \Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\ Yahoo! \Common/ycdict.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Companion\Modules\messmod2\v4\yhexbme s.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Companion\Modules\messmod2\v4\yhexbme s.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: Yahoo! Chat - us.chat1.yimg.com O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - scan.safety.live.com O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} ( Yahoo! Webcam Upload Wrapper) - chat.yahoo.com O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - us.dl1.yimg.com These are not malware as such but I'd remove them. When you say it won't complete dialup - what happens exactly. Using your dialup icon, does it give you an error number? 691, 767 or some such? |
pctek (84) | ||
| 672782 | 2008-05-27 03:12:00 | Thanks for the help Speedy and pctek. I removed all of the entries you both suggested but the problem is still the same. The Connecting box gets as far as "Dialing" then hangs till "Opening port....Error 680" appears then it tries again. The modem shows normal in Device Manager and gives a "success" answer to a query in Diagnostics I've tried all sorts of fixes and will reformat next If the modem needs replacing it needs major surgery to get at it -maybe an external modem is the easiest answer - any thoughts about external modems on laptops? The owner lives in the bush and has a lousy connection at the best of times. |
brig (1359) | ||
| 672783 | 2008-05-27 03:17:00 | By the looks of it error 680 means there's no dialtone. Its either, you havent connected the modem to the phone jack. Or if there's 2 outputs on the modem (like if its a faxmodem, where one is for the phoneline, the other is for a phone (I think). The cable going to the phoneline is in the wrong jack, on your modem. You didnt plug the phone cable into the ethernet jack on this laptop did you?? Since they look similar. |
Speedy Gonzales (78) | ||
| 672784 | 2008-05-27 19:54:00 | By the looks of it error 680 means there's no dialtone. Thanks for the suggestions Speedy, but I looked at all those things early on. I've tried just about everything I've found in Google and will now try a reformat in the chance that the other problems of trojans etc. have caused corrupted files. |
brig (1359) | ||
| 672785 | 2008-05-27 22:19:00 | Ah don't reformat. Recreate your DUN, run WinsockXPFix too. Then if all else is fine then its likely to be the modem. |
pctek (84) | ||
| 672786 | 2008-06-09 05:06:00 | Ah don't reformat. Recreate your DUN, run WinsockXPFix too. Then if all else is fine then its likely to be the modem. You were right pctek, I did the reformat and it didn't help the dial up problem - but the laptop is running sweeter after it and is even better now that I put in 1GB RAM. The problem was resolved when I managed to track down and install a PCMCIA card modem. Thanks for the interest :D :D :D |
brig (1359) | ||
| 1 | |||||