| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 86529 | 2008-01-20 02:48:00 | hijack this | Arnie (6624) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 631998 | 2008-01-20 02:48:00 | Hi Guys can you look at this I am cleaning up a niegbours com and have just reinstalled windows. I know ie6 needs updating thnxLogfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:42:28 PM, on 1/20/2008 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS.0\system32\spoolsv.exe C:\WINDOWS.0\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS.0\PCHealth\HelpCtr\Binaries\MSConfig.ex e /auto O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [EPSON Stylus CX6900F Series] C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_FAT IBKP.EXE /FU "C:\WINDOWS.0\TEMP\E_S1AF.tmp" /EF "HKCU" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.0\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.0\web\related.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{ECCEA33D-3719-4123-A8B2-209989890C3F}: NameServer = 58.28.4.2 58.28.6.2 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- End of file - 3665 bytes |
Arnie (6624) | ||
| 631999 | 2008-01-20 02:54:00 | Looks fine to me, but you can tick these then tick fix checked Close browser/s. These are safe but dont have to be i n startup. O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" Uninstall all versions of Java, its now up to 1.6.0.4. I would install SP1 or 2 as well. You're asking for trouble having no SP at all. Or a firewall. |
Speedy Gonzales (78) | ||
| 632000 | 2008-01-20 03:10:00 | Thanks Speedy, Yes we need to do all the updates once he has reactivated windows, which needs a phone call to M/S. Will tell him to try to keep off the net untill this is done. Tops marks for you speedy as usual |
Arnie (6624) | ||
| 632001 | 2008-01-20 10:50:00 | I think you have a second install of windows there... did you mean to? The %windir% folder being named "WINDOWS.0" would suggest there is still another "WINDOWS" folder as well |
bevy121 (117) | ||
| 632002 | 2008-01-21 00:06:00 | No not really I did a reinstall from his Optima OEM disc and it loaded seperately. Once he reactivates by phone today I think, wont know untill I see him tonight I will update SP1, SP2 IE7 etc and hopefully he will keep out of suspect sites. S & D removed over 180 files, which took out some of the original windows as well. It is still there but has missing files. Can i just remove the old windows? Is there a special way to do this? I am pleased I have got as far as I have with my little knowedge. |
Arnie (6624) | ||
| 632003 | 2008-01-21 03:07:00 | Hate to say it, but if it was me I'd do the install again - after formatting the C: drive first. As you say, S & D removed over 180 files so there is no telling what unwanted things may still be lingering on the drive. If you are doing a re-install on a computer, it is very advisable to format first so you know you are starting with a "clean install" once again If you want to just leave things as they are and remove the original windows folder (I dont advise it tho), then here's a guide to do it (support.microsoft.com) |
bevy121 (117) | ||
| 1 | |||||