Hijack This help!

Stormbringer · Post by **Stormbringer** » 2004-10-30 06:12pm

Logfile of HijackThis v1.98.2
Scan saved at 6:11:57 PM, on 10/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Compaq Wireless LAN\Client Manager\CMCOM.EXE
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.ltu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.my.ltu.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.ltu.edu/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Compaq Client Manager.lnk = ?
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Remote Update Monitor.lnk = C:\Program Files\Sophos\Remote Update\imonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = campus.ltu.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = campus.ltu.edu
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

The Cleric · Post by **The Cleric** » 2004-10-30 06:19pm

For shame. There's a sticky thread for this SB.

Einhander Sn0m4n · Post by **Einhander Sn0m4n** » 2004-10-30 06:20pm

Stormbringer wrote:C:\WINDOWS\System32\drivers\CDAC11BA.EXE <== CDILLA! YUCK! KILL KILL KILL!
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start <== OPTIONAL
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k <== Recent Crash? (Leave this alone)
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe <== RESOURCE HOG!
O4 - Global Startup: Compaq Client Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE <== OPTIONAL
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present <== KILL!
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Stormbringer · Post by **Stormbringer** » 2004-10-30 06:28pm

Einhander Sn0m4n wrote:
Stormbringer wrote:C:\WINDOWS\System32\drivers\CDAC11BA.EXE <== CDILLA! YUCK! KILL KILL KILL!
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start <== OPTIONAL
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k <== Recent Crash? (Leave this alone)
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe <== RESOURCE HOG!
O4 - Global Startup: Compaq Client Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE <== OPTIONAL
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present <== KILL!
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

That means what exactly? Stuff that I should remove or what?

Einhander Sn0m4n · Post by **Einhander Sn0m4n** » 2004-10-30 06:38pm

Everything except O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k <== Recent Crash? (Leave this alone)

Stormbringer · Post by **Stormbringer** » 2004-10-30 06:44pm

So terminate everything else with extreme prejudice?

Einhander Sn0m4n · Post by **Einhander Sn0m4n** » 2004-10-30 06:48pm

Stormbringer wrote:So terminate everything else with extreme prejudice?

Pretty much.

Stormbringer · Post by **Stormbringer** » 2004-10-30 07:12pm

Thanks.

That seems to have a helped a little but ufortunately the laptop is still looking like it's FUBARed. I think it might just be the goddamned CD drive and wireless card are fucked. Wouldn't suprise me on this shitty machine,

phongn · Post by **phongn** » 2004-10-30 08:14pm

There is a sticky thread, so please use that next time.

Stormbringer · Post by **Stormbringer** » 2004-10-30 08:59pm

phongn wrote:There is a sticky thread, so please use that next time.

Sorry, I didn't see it in the mountain of other stickies. Just a suggestion but it might be worth culling some of them.

Einhander Sn0m4n · Post by **Einhander Sn0m4n** » 2004-10-31 12:19am

Stormbringer wrote:Thanks.

That seems to have a helped a little but ufortunately the laptop is still looking like it's FUBARed. I think it might just be the goddamned CD drive and wireless card are fucked. Wouldn't suprise me on this shitty machine,

Sounds like C-Dilla's still fucking something up (it can disrupt networking and CD operations). See this link for more help.

Stormbringer · Post by **Stormbringer** » 2004-10-31 12:57am

Einhander Sn0m4n wrote:
Stormbringer wrote:Thanks.

That seems to have a helped a little but ufortunately the laptop is still looking like it's FUBARed. I think it might just be the goddamned CD drive and wireless card are fucked. Wouldn't suprise me on this shitty machine,
Sounds like C-Dilla's still fucking something up (it can disrupt networking and CD operations). See this link for more help.

That might well be the thing. The problem is I need to keep C-dilla for the purposes of the school installed versions of 3d Studio and MAX. If I could I would have.

Still, I think the problems with both are largely hardware related. The CD drive is fucking up discs permanent like and the wireless card goes wonky if it's so much as bumped.

StarDestroyer.Net BBS

Hijack This help!

Hijack This help!

Re: Hijack This help!

Re: Hijack This help!