Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: help with hjt log - part 1  (Read 4766 times)

0 Members and 1 Guest are viewing this topic.

daydreamer110761

  • Guest
help with hjt log - part 1
« on: December 20, 2004, 10:18:29 AM »
i have to be extremely careful with this one - so won't try it myself - although i've gotten pretty good at knowing what to get rid of at home - no chances here - but here it is - help please?

Logfile of HijackThis v1.99.0
Scan saved at 9:03:57 AM, on 12/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\Program Files\CA\eTrust\InoculateIT\realmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\skiefer\Application Data\elat.exe
C:\WINDOWS\System32\w?wexec.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\WINDOWS\System32\Cyf0o.exe
C:\WINDOWS\System32\ZhscofZ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\skiefer\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

Logged

daydreamer110761

  • Guest
Re: help with hjt log - part 2
« Reply #1 on: December 20, 2004, 10:18:50 AM »
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.100.250:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {071F6F97-F72F-D287-0B4E-8CCACFDECAC7} - C:\WINDOWS\System32\hdgoiibp.dll
O2 - BHO: (no name) - {1AAC3254-EE15-01B7-D10A-17550DFB2845} - C:\WINDOWS\System32\avfkc.dll (file missing)
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\InoculateIT\realmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2u0BHziT] C:\documents and settings\skiefer\local settings\temp\2u0BHziT.exe
O4 - HKLM\..\Run: [4gocD] C:\documents and settings\skiefer\local settings\temp\4gocD.exe
O4 - HKLM\..\Run: [4S2NSLA3QS#366] C:\WINDOWS\System32\WxfV9U5.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Lerm] C:\Documents and Settings\skiefer\Application Data\elat.exe
O4 - HKCU\..\Run: [Raac] C:\WINDOWS\System32\w?wexec.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PARC-FL.local
O17 - HKLM\Software\..\Telephony: DomainName = PARC-FL.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{85C32FCE-F94D-4741-8917-DF0E589F58F8}: NameServer = 172.16.100.248,0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PARC-FL.local
O23 - Service: eTrust InoculateIT RPC Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
O23 - Service: eTrust InoculateIT Realtime Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
O23 - Service: eTrust InoculateIT Job Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
O23 - Service: Event Log Watch - Unknown - C:\WINDOWS\LogWatNT.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe



Logged

merlin_2

  • Guest
Re: help with hjt log - part 1
« Reply #2 on: December 20, 2004, 04:33:48 PM »
C:\WINDOWS\System32\Cyf0o.exe
C:\WINDOWS\System32\ZhscofZ.exe
C:\WINDOWS\System32\w?wexec.exe

they look iffey.........download spysweeper/shredder/stinger......now scan........
Logged

daydreamer110761

  • Guest
Re: help with hjt log - part 1
« Reply #3 on: December 21, 2004, 08:30:44 AM »
thanx again merlin - it found a few things - got rid of them, but gotta find the magical way to get rid of the gator guy - that's one that is a very haunting pain in the butte - haven't had it in so long forgot how hard it was to make it go away.  I don't have administrative rights on this puter - so - there is only so much i can do before calling for help - but i always like to try what i can.

oh - by the way - the old problem i was having at home with the sims2, old compaq, and graphics - has been solved - i don't like to admit this - but for the first time in my life i broke down and bought a dell - only a dimension 3000, but for a change i'm not trying to keep things together - now i have some time to play, and then work on the old guy again later!   :D
Logged
Pages: [1]   Go Up
« previous next »