Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJackThis log


  • This topic is locked This topic is locked
1 reply to this topic

#1 noonytunes

noonytunes

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alcalde, New Mexico
  • Local time:10:18 AM

Posted 26 September 2004 - 03:54 PM

:thumbsup:

Logfile of HijackThis v1.98.2
Scan saved at 2:48:57 PM, on 9/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\progra~1\scansoft\paperp~1\pptd40nt.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Documents and Settings\Louise\Local Settings\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie6.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/comcast.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (filesize 744960 bytes, MD5 ABF5BA518C6A5ED104496FF42D19AD88)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll (filesize 114743 bytes, MD5 E2DC87821730E985C4B71639242D58F6)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx (filesize 844048 bytes, MD5 71B4EC7EE27A6935D3C20B98F0D8DDF9)
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE (filesize 61440 bytes, MD5 F60D7BA291B9812AE9A77CF95689818E)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE (filesize 212992 bytes, MD5 144900D5367D012E0D66A1A907583731)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (filesize 143360 bytes, MD5 2245189E80CC284F0F9833A54B836F9B)
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (filesize 90112 bytes, MD5 827F444CBDB208A5BEFA3B9D753D9293)
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe (filesize 81920 bytes, MD5 E932857433C9CC5792E04EBFB96B2FFF)
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe (filesize 45056 bytes, MD5 F06661D9C2DEB8C4293EEAF78CDCAC7C)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (filesize 52736 bytes, MD5 06A1ECB63DF139EC639E084D4AB3C9D7)
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (filesize 28739 bytes, MD5 3141750FAD211C6DADF7C2DC2EC74DA8)
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (filesize 57344 bytes, MD5 D4F5FAA2FD2DC5923C82EE5808BEED7C)
O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe (filesize 26624 bytes, MD5 7EDFBC6ADE1B1125DF2C510816FBC6DB)
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask (filesize 139264 bytes, MD5 EF4CCA29CCAE836416DC023C58B946DC)
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" (filesize 180224 bytes, MD5 FBF233E7B883CF00564409BA05812B21)
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe (filesize 245760 bytes, MD5 8B5A97E5C16DB873092CF3D27B8145A6)
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe (filesize 184320 bytes, MD5 7E046EECDFC13225648A995BF32B1898)
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe (filesize 254022 bytes, MD5 D85622AE601B456D8E465BEDD5689747)
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe (filesize 53248 bytes, MD5 0EA866BB816C1A400C6F02F0EB09EE1E)
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (filesize 705808 bytes, MD5 A0CE57A58DCC1572374B583837A0FC79)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealOne Player\RealPlay.exe SYSTEMBOOTHIDEPLAYER (filesize 26112 bytes, MD5 849D97FE4CC09CFC2772D10F641E1BAF)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe (filesize 32881 bytes, MD5 BED6EDDBF28DB980AA8D3A42D4A05586)
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (filesize 28739 bytes, MD5 3141750FAD211C6DADF7C2DC2EC74DA8)
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe (filesize 155648 bytes, MD5 F29744866F1A9CEF18ACE85A5FD89CF7)
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe (filesize 40960 bytes, MD5 A37C1E64E551A09DECD7B0D3EBDF65A1)
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (filesize 31744 bytes, MD5 0FB22DD37C17F80AD71316049F725170)
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (filesize 1038336 bytes, MD5 58F7E6434D285F4C98AD3621E0BD8C8D)
O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe (filesize 49152 bytes, MD5 6C05800EC72EE8DE97DF15899CBA34AD)
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE (filesize 128000 bytes, MD5 EFC3C2BF721894C125FE7720BF956358)
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe (filesize 1183744 bytes, MD5 FB0EF9576DC64C3A7E25D56CB4AAFDCA)
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (filesize 947472 bytes, MD5 E75AA32C6B79C846F5314CA4DA92F29E)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (filesize 947472 bytes, MD5 E75AA32C6B79C846F5314CA4DA92F29E)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll (filesize 1339904 bytes, MD5 4736ED846CA279D07B05406CBA0D64FB)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (filesize 2502656 bytes, MD5 C4F15909D8EACBFD7AB5EF8BC992D735)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (filesize 2502656 bytes, MD5 C4F15909D8EACBFD7AB5EF8BC992D735)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (filesize 1491216 bytes, MD5 86E14CA9134602A7A75C108279D263E0)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (filesize 1491216 bytes, MD5 86E14CA9134602A7A75C108279D263E0)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll (filesize 90112 bytes, MD5 D6C34970EBDB0B586F706D9410C1BF7E)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll (filesize 133376 bytes, MD5 A2EA5C73896AC06D2811A2AC157350BF)
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

I hope that isn't too mind boggling.......
:flowers:
nancylouisehite

Attached Files


noonytunes

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:18 PM

Posted 26 September 2004 - 08:26 PM

I dont see anything that would be causing a problem...

Try this as well:

Please run two online virus scans:

http://housecall.antivirus.com/
http://www.pandasoftware.com/activescan/

Then let us know if its working better and what the scans found.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users