HijackThis Scan

AnnieLynn · May 6, 2004

Please let me know what I need to delete.
Thank you.

Logfile of HijackThis v1.96.1
Scan saved at 11:58:25 PM, on 5/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Andrea Harwell\Desktop\Andrea's Music & Stuff\Other\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32

\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -

osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.

ea.com/update/EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.

real.com/28c397344e7aa7f8aa05/netzip/RdxIE601.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) -

http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://

download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Unzy · May 6, 2004

Hi AnnieLynn,

Your log looks ok, although you have a really ancient version of HijackThis. What specific problem are you having?

You can fix these with HijackThis :

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/28c397344e7aa7f8aa05/netzip/RdxIE601.cab

And repost a log using the latest version :

HijackThis 1.97.7

Keep us posted

Cheers,

AnnieLynn · May 7, 2004

Sorry I didn't say what the problem was.
I had some weird programs on my computer that I didn't recognize and I have MSN's new toolbar that has a pop up blocker and it has been working pretty well, but in the last few days I've been having a lot of pop ups again.

Here's the new log using the newer version of HijackThis:

Logfile of HijackThis v1.97.7
Scan saved at 12:15:12 AM, on 5/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Andrea Harwell\Desktop\Andrea's Music & Stuff\Other\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Thanks for you help.

dvk01 · May 7, 2004

still nothing definite showing but try this to check something please

Please download the KillBox from here:

http://download.broadbandmedic.com/VbStuff/KillBox.zip

UnZip it to it's own folder not to the Desktop or a Temp folder. Click on The KillBox.exe and it will open. Now click find then find vx2 better internet, then on the little pop up window that says killbox file list, will open if it finds any files then press file/create log and a pop up says do you want to create a log in notepad, say yes and then save as usual in notepad and copy & paste the resulting list here

AnnieLynn · May 7, 2004

Here's the results from Killbox.

Log for KillBox Version: 2.00.0179
------------------------------------

---msg{}dll search---

Unzy · May 8, 2004

Hi again,

What sort of popups are you talking about? Do you remember any keywords in the url or windowtitle? Are they always different popups or ...

Thnx

Cheers,

AnnieLynn · May 8, 2004

I haven't noticed the pop ups in the last few days, so maybe I just needed to run adaware and do the stuff you had me do.

Thanks for your help though.

Unzy · May 9, 2004

Hi AnnieLynn,

Ah that's good to hear

Hope all is well again, if not ... you know where to find us

Take care

Cheers,

Log in or Sign up

HijackThis Scan

AnnieLynn Guest

Unzy Registered Member

AnnieLynn Guest

dvk01 Global Moderator

AnnieLynn Guest

Unzy Registered Member

AnnieLynn Guest

Unzy Registered Member

Log in or Sign up

HijackThis Scan

AnnieLynn Guest

Unzy Registered Member

AnnieLynn Guest

dvk01 Global Moderator

AnnieLynn Guest

Unzy Registered Member

AnnieLynn Guest

Unzy Registered Member

Useful Searches