Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT log--nancylouisehite


  • This topic is locked This topic is locked
9 replies to this topic

#1 noonytunes

noonytunes

  • Members
  • 663 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alcalde, New Mexico
  • Local time:07:51 PM

Posted 05 October 2004 - 11:13 PM

While I've been trying to see to it that I have all the prerequisite downloads from HP before I download SP2--it seems that I got hijacked by searchassistant.
Logfile of HijackThis v1.98.2
Scan saved at 10:03:57 PM, on 10/5/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common

Files\EPSON\EBAPI\SAgent2.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Documents and

Settings\Owner.INSPIRATION\Local

Settings\Temp\Temporary Directory 1 for

HijackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://us3.hpwis.com/
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\

Internet Settings,ProxyOverride = localhost
O3 - Toolbar: &Radio -

{8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan -

{BA52B914-B692-46c4-B683-905236F6F655} -

c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [hpsysdrv]

c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard]

C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray]

C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]

C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AutoPlay]

C:\HP\BIN\AUTOPLAY.EXE
O4 - HKLM\..\Run: [Ink Monitor] C:\Program

Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [MCUpdateExe]

C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe]

c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask]

"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe"

/checktask
O4 - HKLM\..\Run: [VirusScan Online]

"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program

Files\VERITAS Software\Update

Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Zone Labs Client]

"C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Microsoft Works Update

Detection] C:\Program Files\Microsoft

Works\WkDetect.exe
O4 - Global Startup: EPSON Status Monitor 3

Environment Check 2.lnk =

C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SR

CV02.EXE
O4 - Global Startup: SpySubtract.lnk =

C:\Program

Files\interMute\SpySubtract\SpySub.exe
O16 - DPF:

{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}

(McAfee.com Operating System Class) -

http://download.mcafee.com/molbin/shared/mcinsc

tl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://v5.windowsupdate.microsoft.com/v5consume

r/V5Controls/en/x86/client/wuweb_site.cab?10964

07275154
O16 - DPF:

{74D05D43-3236-11D4-BDCD-00C04F9A3B61}

(HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2004061001/h

ousecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF:

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

(ActiveScan Installer Class) -

http://www.pandasoftware.com/activescan/as5/asi

nst.cab
O16 - DPF:

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerS

etupDownloader.cab
O16 - DPF:

{B8BE5E93-A60C-4D26-A2DC-220313175592}

(ZoneIntro Class) -

http://zone.msn.com/binFramework/v10/ZIntro.cab

27513.cab
O16 - DPF:

{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}

(DwnldGroupMgr Class) -

http://bin.mcafee.com/molbin/shared/mcgdmgr/en-

us/1,0,0,21/mcgdmgr.cab
O16 - DPF:

{E5D419D6-A846-4514-9FAD-97E826C84822}

(HeartbeatCtl Class) -

http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF:

{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN

Chat Control 4.5) -

http://fdl.msn.com/public/chat/msnchat45.cab

Thanks for the help!

Attached Files


noonytunes

BC AdBot (Login to Remove)

 


#2 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:08:51 PM

Posted 06 October 2004 - 04:31 AM

Hi nancylouisehite,

Your log looks clean. Update your Windows ASAP and then post a new HJT log please.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#3 noonytunes

noonytunes
  • Topic Starter

  • Members
  • 663 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alcalde, New Mexico
  • Local time:07:51 PM

Posted 06 October 2004 - 07:16 AM

Hi! I came across something that instructed me to: "Increase System Performance w/out Adding Memory". Now I can't find where to click on to do that. I think it was on the HP site...not sure. Guess I should defragment the hard drive before downloading SP2 also???
Thanks
noonytunes

#4 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:08:51 PM

Posted 06 October 2004 - 07:23 AM

Guess I should defragment the hard drive before downloading SP2 also???

Only after SP2 installation.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#5 noonytunes

noonytunes
  • Topic Starter

  • Members
  • 663 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alcalde, New Mexico
  • Local time:07:51 PM

Posted 06 October 2004 - 07:26 AM

:thumbsup: Thanx
noonytunes

#6 noonytunes

noonytunes
  • Topic Starter

  • Members
  • 663 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alcalde, New Mexico
  • Local time:07:51 PM

Posted 06 October 2004 - 07:28 AM

OH, another Q--for some reason, I can't access my download history on Windows downloads--maybe because of having to use Application Recovery.
????????????
noonytunes

#7 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:08:51 PM

Posted 08 October 2004 - 03:17 AM

I'm not sure you have a download history. Why do you need it ?
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#8 noonytunes

noonytunes
  • Topic Starter

  • Members
  • 663 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alcalde, New Mexico
  • Local time:07:51 PM

Posted 08 October 2004 - 06:40 AM

I was able to view it before all of this mess. It scans your system to let you know what downloads you need too. I can't get the scan from the site either--for some strange reason.
:thumbsup:
noonytunes

#9 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:08:51 PM

Posted 08 October 2004 - 07:12 AM

Are you getting an initialization error ? Write down the number and post it here.

Is your firewall enabled ?

Try this:
1. Open Internet Explorer
2. Click Tools / Internet Options
3. Click the Security Tab
4. Click on the Trusted Sites Icon
5. Click on the Sites button
6. Unselect the check box "Require server verification (https:)for all sites in this zone"
7. Add all 4 sites listed below

http://Windowsupdate.microsoft.com
http://V4.Windowsupdate.microsoft.com
https://v4.Windowsupdate.microsoft.com (Note: The https is correct)
http://Download.Windowsupdate.com

Click on the Trusted Zone icon
To adjust your security level, click Default Level or Custom Level.
Try setting the Custom level to Low

Edited by cryo, 08 October 2004 - 07:13 AM.

Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#10 noonytunes

noonytunes
  • Topic Starter

  • Members
  • 663 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alcalde, New Mexico
  • Local time:07:51 PM

Posted 08 October 2004 - 08:01 AM

I'm not getting an initialization error...so I have no number.
I did what you said...now I'll see if there is a difference.
I have the free Zone Alarm firewall.
I had my puter clean as a whistle...finally got my speed back (have cable connection), but all of a sudden I'm slow...guess I'm going to have to kick some booty
:thumbsup:
noonytunes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users