Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Problems here please Help
- Thread starter iceb
- Start date
- Thread starter
- #2
Here is my log
Logfile of HijackThis v1.99.1
Scan saved at 14:16:32, on 02-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmer\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programmer\Acronis\TrueImage\TrueImageMonitor.exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\MAFWTray.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Winamp\winampa.exe
C:\PROGRA~1\Icq2\ICQ.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Spamihilator\spamihilator.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Winzip\Wzqkpick.exe
C:\Programmer\Meaya\Popup Ad Filter\PopFilter.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\icey\Skrivebord\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.cybercity.dk:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Programmer\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\System32\MAFWTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\Icq2\ICQNet.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programmer\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Programmer\Spamihilator\spamihilator.exe"
O4 - Startup: PopFilter.exe.lnk = C:\Programmer\Meaya\Popup Ad Filter\PopFilter.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\programmer\Microsoft Office\Office\Osa9.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\Winzip\Wzqkpick.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} -
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} -
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} -
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Programmer\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Programmer\Sophos\Sophos Anti-Virus\SavService.exe
Logfile of HijackThis v1.99.1
Scan saved at 14:16:32, on 02-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmer\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programmer\Acronis\TrueImage\TrueImageMonitor.exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\MAFWTray.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Winamp\winampa.exe
C:\PROGRA~1\Icq2\ICQ.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Spamihilator\spamihilator.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Winzip\Wzqkpick.exe
C:\Programmer\Meaya\Popup Ad Filter\PopFilter.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\icey\Skrivebord\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.cybercity.dk:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Programmer\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\System32\MAFWTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\Icq2\ICQNet.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programmer\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Programmer\Spamihilator\spamihilator.exe"
O4 - Startup: PopFilter.exe.lnk = C:\Programmer\Meaya\Popup Ad Filter\PopFilter.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\programmer\Microsoft Office\Office\Osa9.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\Winzip\Wzqkpick.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} -
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} -
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} -
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Programmer\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Programmer\Sophos\Sophos Anti-Virus\SavService.exe
Have hijack this fix these.If you didn't set the 06 entry yourself then fix it also with hijcak this!
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} -
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} -
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} -
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} -
Member of ASAP Alliance of Security Analysis Professionals
under the name khazars
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} -
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} -
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} -
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} -
Member of ASAP Alliance of Security Analysis Professionals
under the name khazars
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question