Ive just had good luck with MSAS at my home pc
My HJT log [RESOLVED]
Started by
retrac
, May 14 2005 12:27 PM
#151
Posted 20 May 2005 - 12:11 AM
Ive just had good luck with MSAS at my home pc
#152
Posted 20 May 2005 - 12:11 AM
Which programs?
#153
Posted 20 May 2005 - 12:14 AM
Spywareblaster and Spyware guard
#154
Posted 20 May 2005 - 12:18 AM
round 4 lol
Logfile of HijackThis v1.99.1
Scan saved at 1:20:54 AM, on 5/20/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\ALOHAD~1\ALOHA\BACKOF~1\LICENSE\FSSECS.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BD254E2-8B0C-4C01-BE11-A86733D1EC5E}: NameServer = 206.222.97.82,206.222.97.50
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BD254E2-8B0C-4C01-BE11-A86733D1EC5E}: NameServer = 206.222.97.82,206.222.97.50
O17 - HKLM\System\CS2\Services\Tcpip\..\{0BD254E2-8B0C-4C01-BE11-A86733D1EC5E}: NameServer = 206.222.97.82,206.222.97.50
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: CtlSvr - Aloha Technologies - C:\AlohaDrive\Aloha\bin\Ctlsvr.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EdcSvr - Aloha Technologies - C:\AlohaDrive\Aloha\bin\Edcsvr.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Fastech Security Server (FSSecurityServer) - Ibertech, Inc. - C:\ALOHAD~1\ALOHA\BACKOF~1\LICENSE\FSSECS.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Logfile of HijackThis v1.99.1
Scan saved at 1:20:54 AM, on 5/20/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\ALOHAD~1\ALOHA\BACKOF~1\LICENSE\FSSECS.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BD254E2-8B0C-4C01-BE11-A86733D1EC5E}: NameServer = 206.222.97.82,206.222.97.50
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BD254E2-8B0C-4C01-BE11-A86733D1EC5E}: NameServer = 206.222.97.82,206.222.97.50
O17 - HKLM\System\CS2\Services\Tcpip\..\{0BD254E2-8B0C-4C01-BE11-A86733D1EC5E}: NameServer = 206.222.97.82,206.222.97.50
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: CtlSvr - Aloha Technologies - C:\AlohaDrive\Aloha\bin\Ctlsvr.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EdcSvr - Aloha Technologies - C:\AlohaDrive\Aloha\bin\Edcsvr.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Fastech Security Server (FSSecurityServer) - Ibertech, Inc. - C:\ALOHAD~1\ALOHA\BACKOF~1\LICENSE\FSSECS.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
#155
Posted 20 May 2005 - 12:25 AM
You won't even know SpywareBlaster is there (seriously!) and SpyWareGuard will definitely not use up much resources.
The file wasn't there, correct?
The file wasn't there, correct?
#156
Posted 20 May 2005 - 12:29 AM
no the file wasnt there Heh durn file
im gonna go with all your recommendations on keeping this sytem clean
i should prolly check 4 windows updates too huh ?
im gonna go with all your recommendations on keeping this sytem clean
i should prolly check 4 windows updates too huh ?
#157
Posted 20 May 2005 - 12:30 AM
Yes, definitely check for security updates!
#158
Posted 20 May 2005 - 12:32 AM
cool well im gonna finish this puppy up try in make it home in 30 minutes hopefully
Thanks again so much !
Thanks again so much !
#159
Posted 20 May 2005 - 12:33 AM
you saved my computer my sisters and my work computer SO COOL
i think my parents are gonna hit me up in week you down ???
i eventually stop asking so many questions hehe
i think my parents are gonna hit me up in week you down ???
i eventually stop asking so many questions hehe
Edited by retrac, 20 May 2005 - 12:34 AM.
#160
Posted 20 May 2005 - 12:34 AM
I'm down lol
#161
Posted 20 May 2005 - 12:35 AM
you see my edit ?
Talk to ya soon have a good night
Talk to ya soon have a good night
Edited by retrac, 20 May 2005 - 12:36 AM.
#162
Posted 20 May 2005 - 12:37 AM
(yes I did see it )
Good night!
Good night!
#163
Posted 20 May 2005 - 12:53 AM
Should i do that "Immunize" on the spybot S&D program ??
Ive always wondered what that was ??
Ive always wondered what that was ??
#164
Posted 20 May 2005 - 12:57 AM
Tutorial on How to use Spybot to remove Spyware. Should be on there
Yep
You should now click on the Immunize this system button designated by the red box in figure 5. This will immunize Internet Explorer so that you will not be allowed to download and run known malware or other malicious programs. After you click this button you should see an image similar to Figure 6 below which will show you that Spybot successfully immunized Internet Explorer.
Yep
You should now click on the Immunize this system button designated by the red box in figure 5. This will immunize Internet Explorer so that you will not be allowed to download and run known malware or other malicious programs. After you click this button you should see an image similar to Figure 6 below which will show you that Spybot successfully immunized Internet Explorer.
Edited by bananafanafo, 20 May 2005 - 12:59 AM.
#165
Posted 20 May 2005 - 02:49 AM
hey still here guess i can watch the movie tommorow
i did everything that spybot helper said and i ran the scan and it found :"Alexa Related" and "URLSearchHook.Atlpz"
i was about to fix selected problems and deciced to see what you thought about this ????
i did everything that spybot helper said and i ran the scan and it found :"Alexa Related" and "URLSearchHook.Atlpz"
i was about to fix selected problems and deciced to see what you thought about this ????
Edited by retrac, 20 May 2005 - 02:57 AM.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users