Solve : help with hjt log - part 1? – InterviewSolution

InterviewSolution

1.	Solve : help with hjt log - part 1?
Answer» i have to be extremely careful with this one - so won't try it myself - although i've gotten pretty good at knowing what to get rid of at HOME - no chances here - but here it is - help please? Logfile of HijackThis v1.99.0 Scan saved at 9:03:57 AM, on 12/20/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe C:\WINDOWS\System32\NWTRAY.EXE C:\Program Files\CA\eTrust\InoculateIT\realmon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\skiefer\Application Data\elat.exe C:\WINDOWS\System32\w?wexec.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE C:\WINDOWS\System32\Cyf0o.exe C:\WINDOWS\System32\ZhscofZ.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\skiefer\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.100.250:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {071F6F97-F72F-D287-0B4E-8CCACFDECAC7} - C:\WINDOWS\System32\hdgoiibp.dll O2 - BHO: (no name) - {1AAC3254-EE15-01B7-D10A-17550DFB2845} - C:\WINDOWS\System32\avfkc.dll (file missing) O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\InoculateIT\realmon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [2u0BHziT] C:\documents and settings\skiefer\local settings\temp\2u0BHziT.exe O4 - HKLM\..\Run: [4gocD] C:\documents and settings\skiefer\local settings\temp\4gocD.exe O4 - HKLM\..\Run: [4S2NSLA3QS#366] C:\WINDOWS\System32\WxfV9U5.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Lerm] C:\Documents and Settings\skiefer\Application Data\elat.exe O4 - HKCU\..\Run: [Raac] C:\WINDOWS\System32\w?wexec.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - EXTRA context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O12 - Plugin for .SPOP: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v5.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PARC-FL.local O17 - HKLM\Software\..\Telephony: DomainName = PARC-FL.local O17 - HKLM\System\CCS\Services\Tcpip\..\{85C32FCE-F94D-4741-8917-DF0E589F58F8}: NameServer = 172.16.100.248,0.0.0.0 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PARC-FL.local O23 - Service: eTrust InoculateIT RPC Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe O23 - Service: eTrust InoculateIT Realtime Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe O23 - Service: eTrust InoculateIT Job Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe O23 - Service: Event Log Watch - Unknown - C:\WINDOWS\LogWatNT.exe O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\Cyf0o.exe C:\WINDOWS\System32\ZhscofZ.exe C:\WINDOWS\System32\w?wexec.exe they look iffey.........download spysweeper/shredder/stinger......now scan........thanx again merlin - it found a few things - got rid of them, but gotta find the magical way to get rid of the gator guy - that's one that is a very haunting pain in the butte - haven't had it in so long forgot how hard it was to make it go away. I don't have administrative RIGHTS on this puter - so - there is only so much i can do before calling for help - but i always like to try what i can. oh - by the way - the old problem i was having at home with the sims2, old compaq, and graphics - has been solved - i don't like to admit this - but for the first time in my life i broke down and bought a dell - only a dimension 3000, but for a CHANGE i'm not trying to keep things together - now i have some time to play, and then work on the old guy again later!

Discussion

No Comment Found

Related InterviewSolutions