Thread: HJT Log
View Single Post
Old 03-15-2005, 08:05 AM   #3 (permalink)
TechPaul
Registered User
 
Join Date: Mar 2005
Posts: 17
OS: Win XP


Good morning,

Got rid of TrendMicro, and followed your instructions. I was able to delete the sysmonnt.exe file in safe mode, but the 2 items you indicated for removal in HJT weren't available to fix until I rebooted into normal mode.

When I rebooted into normal mode, the attempt to connect was still occuring. I've now fixed the R3 URL Search Hook, and the 04 HKCU sysmonnt items, but didn't want to reboot again in case there were other steps based on my new log. Here is this morning's log.

Thank you so much for your assistance,

Paul



====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 3/2/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 6:34:15 AM, on 3/15/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Program Files\Utilities\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Utilities\Notebook Utilities\hptasks.exe
C:\PROGRA~1\UTILIT~1\ONE-TO~1\OneTouch.EXE
C:\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4nb.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O4 - HKLM\..\Run: [TV Now] C:\Program Files\Utilities\Notebook Utilities\HpTvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\Utilities\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\UTILIT~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [Presentation Ready] C:\Program Files\Utilities\Presentation Ready\PresRdy.exe -r
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\hrjs0517e.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\Utilities\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


End of KRC HijackThis Analyzer Log.
====================================================================
TechPaul is offline