Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ladydreamrider's Hijackthis Log


  • This topic is locked This topic is locked
3 replies to this topic

#1 Ladydreamrider

Ladydreamrider

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:21 PM

Posted 12 April 2006 - 01:42 PM

John, I tried typing this in three times got almost done, hit the tab key and lost it...


I'll try it this way...

Platform: Windoes XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.29.00.2180

Running processes
C: WINDOWS\system 32\smss.exe winlongon.exe lsasss.exe svchost.exe ( five files)

C:\WINDOWS\ Explorer.EXE

C:\Program Files\Java

System 32 files igrxtray.exe hkcmd.exe (two files)

Three program files for eTrust internet security... Antivirus\CAVRID.exe antivirus\CAVTray.exe Anti-spam\QSP-2.1.215.15\QOELoader

System 32 file tprmon.exe svchost.exe

Two Program File: Alltel~1\SMART~1 ALLTEL DSL Check up center

Two Program Files Hewlett Packard Digital Imaging

One Program file HijackThis

RO - HKCU\ Software\Microsoft\ IE\main start page: http: //nytimes.com
R1 - HKCU\ Software\MS\Windows\ Currentversion\Internet SEttings, ProxyOveride=127.0
R3- URLSearchHook: (no name) - reg key # - no file
R3- URLSearchHook: (no name) - reg key# - no file

02 BHO: Yahoo! Toolbar helper
02 BHO: AcroIEH Progj Class - Reg #)
02 BHO: IE_PopupBlocker Classs - Reg#
02 BHO: SSVHElper Class - Reg # - Java\j
02 BHO: Google Toolbar Helper Reg #
03 Toolbar: &Google
03 Toolbar: Yahoo! Toolbar
04 HKLM\..\run; [Zone labs Client ] eTrust
04 HKLM CAVRID etrust
O4 HKLM CaAvTRay e trust
04 HKLM TRackPoint SRV tp4mon.exe
04 HKLM QOELoader etrust
04 HKLM Motive SmartBridge Alltel
04 HKLM AGRSMMSG AGRSMMSG.exe
04 Global Startup: Alltel
04 Global Startup: hp psc 2000 Series lnk HP
04 Global Startup: Office
04 Global Startup: Office ject 6100
08 Extra Context menu item: &Google Search
08 Extra Context menu item: &Translate English Word - res. google
08 Extra Context menu item: Backward Linkd - res. Google
08 Extra Context menu item: Cached snapshot of pade - res/ google
08 Extra Context menu item: Similar Pages google
08 Extra Context menu item: Translate Page into English - res google
08 Extra Button; (no name) reg # Program Files Java
09 Extra Tools: menuitem: Windows Messenger
016 DPF: reg # https:// activation.alltel
016 DPF: reg # (WUWebControl Class - http://Update.MS
020 - winlogon Notify: igfxcui- C:\Windows\Sys32\igfxsrvc.dll
023 -service: TrueVecor Internet Monitor (vsmon) - zone labs, LLC


It was a short log. Here is the info from Pest Control when it popped up window to let me know it had quarantined this: WIN32.Nuclear UP 11.B Processld "5764" File D:\Workflow\active.exe

This popped up a second time while I was doing a virus scan last night, but it never showed up in any other windows after the scans. I scanned with AVG eTrust and ran SpySweeper.

When I tried to down load a driver for the jump drive, the add hardware wizard is missing.

I'm puzzled. The operating system is working fine. The device drivers are not showing up at all yet when I plug in the jump drive a balloon window comes up that lets me into the usb host controller window. It tells me there is no high speed driver but it looks like somewhere on the hard drive, the USP driver is hiding.
Which seems to indicate to me that the other device drivers are still around somewhere. Hope you can help
LD
Our main business is not to see what lies dimly at a distance,but to do what lies clearly at hand. - Thomas Carlyle

BC AdBot (Login to Remove)

 


#2 Ladydreamrider

Ladydreamrider
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:21 PM

Posted 14 April 2006 - 10:21 AM

Logfile of HijackThis v1.99.1
Scan saved at 10:12:51 PM, on 4/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\WINDOWS\system32\tp4mon.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nytimes.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - Global Startup: ALLTEL DSL Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/ALLTEL...aller_2-0-0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119620130781
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Catch me on chat and I'll explain how I got the jump drive working and devices back. Still working on getting everything running.
Our main business is not to see what lies dimly at a distance,but to do what lies clearly at hand. - Thomas Carlyle

#3 Ladydreamrider

Ladydreamrider
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:21 PM

Posted 14 April 2006 - 03:39 PM

First I called my son in CA who is a computer wiz.
I'm going to leave all the steps we went through to find the steps that worked... since that's what we need here and I don't have time to type it all in :thumbsup:

Explorer; File: options show hidden files; Show program files
Scroll down to Windows
Windows (Found two... virus had put in one...now empty.)
Opened: System 32 folder
Opened: Device drivers Folder
scrolled down to devmgmt.msc
opened that and saw all devices still there.

Found out Plug and PLay has to be working
Went to start run services.msc
PlugandPlay
was disabled
Started up
Went to computer properties hardware devices all were back on computer but not running
back to services. All had been stopped.
Used my computer to see which ones to start and which modes to start them in.
Yea!

Got it all up and mostly running.. had to reboot to get DSL running again. '
Doing AVG virus scan ran vcleaner and MS Antispyware
Computer is clean.
Still working to get it running faster. Ran scan disk and defrag.

Hope this helps a lot of you.
Ladydreamrider
Our main business is not to see what lies dimly at a distance,but to do what lies clearly at hand. - Thomas Carlyle

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:11:21 PM

Posted 14 April 2006 - 03:47 PM

Thanks for telling us what you did to get working again.

Congrats!

I'm going to close this thread now. If other problems arise for you please start a new topic.

Regards,
Koan
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users