Scan saved at 4:04:55 PM, on 05/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr....
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc....
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.ex...
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.e...
C:\WINDOWS\system32\wuauclt.exe
C:\downloads\hijackthis\HijackThis.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {46e75f52-5800-42cd-b4b3-35f7dab6df55} - C:\WINDOWS\system32\notfci.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search %26amp; Destroy\SDHelper.dll
O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\tmp18F7.tmp.dll
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\qopnll.dll",realset
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [System Soap Pro] C:\Program Files\System Soap Pro\soap.exe min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [A00F2E2508B.exe] C:\DOCUME~1\Scott\LOCALS~1\Temp\_A00F2E2...
O4 - HKCU\..\Run: [A00F2E2509B.exe] C:\DOCUME~1\Scott\LOCALS~1\Temp\_A00F2E2...
O4 - HKCU\..\Run: [A00F2E25473.exe] C:\DOCUME~1\Scott\LOCALS~1\Temp\_A00F2E2...
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.e...
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: %26amp;Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E%26amp;xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCE...
O8 - Extra context menu item: Yahoo! %26amp;Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! %26amp;Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! %26amp;SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Services (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin....
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.ca...
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/in...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CA...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shock...
Can you tell me what I can delete and what I should not delete from this hijackthis scan thatnks?
O2 - BHO: (no name) - {46e75f52-5800-42cd-b4b3-35f7d... - C:\WINDOWS\system32\notfci.dll
O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79... - C:\WINDOWS\system32\tmp18F7.tm...
O4 - HKCU\..\Run: [A00F2E2508B.exe] C:\DOCUME~1\Scott\LOCALS~1\Tem...
O4 - HKCU\..\Run: [A00F2E2509B.exe] C:\DOCUME~1\Scott\LOCALS~1\Tem...
O4 - HKCU\..\Run: [A00F2E25473.exe] C:\DOCUME~1\Scott\LOCALS~1\Tem...
Reply:Your in pretty deep. Try getting E-trust anti-virus. Or reformat your hard drive.
Reply:I would post that in a forum designed for it...
http://www.spywareinfo.com/~merijn/forum...
Reply:Suspicious:
O4 - HKCU\..\Run: [A00F2E2508B.exe] C:\DOCUME~1\Scott\LOCALS~1\Tem...
O4 - HKCU\..\Run: [A00F2E2509B.exe] C:\DOCUME~1\Scott\LOCALS~1\Tem...
O4 - HKCU\..\Run: [A00F2E25473.exe] C:\DOCUME~1\Scott\LOCALS~1\Tem...
Reply:First of all the log looks incomplete, there are 023 items for example.
Secondly it is very hard to read the log in that format.
Third, trying to fix items without expert advice could turn your computer into an expensive paperweight. You can go to a place like AumHa forums or if you have an MSN account you can post it at Community Feedback for review.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment