Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1102134306\ee\AOLSoftware.exe
C:\Program Files\Spy Sniper\SpySniper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\1102134306\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Atomic Clock Sync\Atomic.exe
C:\Program Files\DG-DEV\Station Lock XP\SLXPAgent.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\Gaim\gaim.exe
C:\Program Files\LimeWire Extreme\LimeWire Extreme.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Documents and Settings\Paul\Desktop\HijackThis v1.99.1.exe
C:\Program Files\Mozilla Firefox\firefox.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102134306\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\Pure Networks\Port Magic\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SpySniper] "C:\Program Files\Spy Sniper\SpySniper.exe" OSStarting
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B3E4C09-5EB0-4F03-89A8-03C3A3FBCD65}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Registry Defragmentation\RegManServ.exe (file missing)
PLEASE email me back at PicAFlicPTA@aol.com, if you see something I should remove (except for Spy Sniper). THANKS!!!
1
See anything wrong here?
Started by PicAFlic, Dec 29 2005 09:02 AM
1 reply to this topic
#2 OFFLINE
-
- Members
-
- 67 posts
Advanced Member
- Location:Oztralya
Posted 29 December 2005 - 09:58 AM
The header for HiJackThis is very important: It helps to determine what steps might need to be taken to better secure your system, and provide more efficient cleanup procedures. For example, some files, which are standard on one platform, may indicate a virus or trojan on another. So, be sure to include this information with any future posts.
===============
Scan with HiJackThis, click "Scan", then check(tick) the following, if present:
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
files...
C:\WINDOWS\svchost.exe
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".
-
Reboot.
===============
After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
==
PS. Sorry, I don't do emails
.
===============
Scan with HiJackThis, click "Scan", then check(tick) the following, if present:
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
files...
C:\WINDOWS\svchost.exe
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".
-
Reboot.
===============
After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
==
PS. Sorry, I don't do emails
.
Try Opera Hijackthis. How you got infected ie-spyad. AVPE anti-virus Sygate free firewall. Spywareblaster Browser settings for increased security.
