# Help me! C:\WINDOWS\explorer.exe infection!



## dewthedrift (Nov 17, 2006)

How do i get rid of it? It can't be blocked or removed, and i don't really want to delete it manually, since Windows require's it to run. Help me out plz ; ;


----------



## mjack547 (Sep 1, 2003)

Hi and welcome to TSG

Go to http://www.spywareinfo.com/~merijn/files/HijackThis.exe and download 'Hijack This!'.

First make a folder on your computer in my documents called Hijackthis and then Unzip it to that folder.
Then doubleclick the Hijackthis.exe.

Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here 
in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.

Someone here will be happy to help you analyze the results.


----------



## dewthedrift (Nov 17, 2006)

Logfile of HijackThis v1.99.1
Scan saved at 12:58:44, on 17/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Common Files\AOL\1144131243\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1144131243\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Valve\Steam\Steam.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\AOL\1144131243\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\Program Files\Common Files\AOL\1144131243\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe
c:\program files\common files\aol\1144131243\ee\aolssc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
c:\program files\common files\aol\1144131243\ee\anotify.exe
C:\Documents and Settings\Master Shake\My Documents\Hijack This\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144131243\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1144131243\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1144131243\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144033244697
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1144131243\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe


----------



## mjack547 (Sep 1, 2003)

Updating Java:

* Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9. http://java.sun.com/javase/downloads/index.jsp
* Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
* Click the "Download" button to the right.
* Check the box that says: "Accept License Agreement".
* The page will refresh.
* Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
* Close any programs you may have running - especially your web browser.
* Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
* Check any item with Java Runtime Environment (JRE or J2SE) in the name.
* Click the Remove or Change/Remove button.
* Repeat as many times as necessary to remove each Java versions.
* Reboot your computer once all Java components are removed.
* Then from your desktop double-click on the download to install the newest version.

Now you are saying that the explorer.exe that is infected how do you know this?


----------



## dewthedrift (Nov 17, 2006)

Virus Scan pops up saying that the file is infected and it is unable to remove or block it.


----------



## mjack547 (Sep 1, 2003)

Download and install *ewido anti-spyware 4.0*
Open *ewido anti-spyware*
Click on the *Update* icon at the top of the window
Click on the *Start update* button
Wait for the update to download and install

Click on the *Scanner* icon at the top of the window
Click on the *Settings* tab then select *Recommended Options* and choose *Quarantine*
Click on the *Scan* tab
Select *Complete System Scan*. Ewido will now begin to scan your system


When the scan has completed, click on the *Save Scan Report* button and save the scan to your *Desktop* where it can be easily found

Copy and paste the scan results into your next post.

Please go HERE to run Panda's ActiveScan http://www.pandasoftware.com/activescan/

* Once you are on the Panda site click the Scan your PC button
* A new window will open...click the Check Now button
* Enter your Country
* Enter your State/Province
* Enter your e-mail address and click send
* Select either Home User or Company
* Click the big Scan Now button
* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
* When download is complete, click on My Computer to start the scan
* When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Come back here and post a new HijackThis log along with the logs from the Ewido and Panda scans


----------



## dewthedrift (Nov 17, 2006)

Incident Status Location

Spyware:Spyware/Dogpile Not disinfected C:\Documents and Settings\Calin's Stuff\Program Files\DogpileToolbar\cursorsearchword.dll 
Adware:Adware/Dogpile Not disinfected C:\Documents and Settings\Calin's Stuff\Program Files\DogpileToolbar\insptbar.dll 
Virus:Trj/Pakes.V Disinfected C:\Documents and Settings\Calin's Stuff\WINDOWS\cpa.exe 
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][2].txt 
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt 
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][2].txt 
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt 
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][2].txt 
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt 
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][2].txt 
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt 
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][2].txt 
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][2].txt 
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt 
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][2].txt 
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt 
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt 
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt 
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt 
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt 
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt 
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][2].txt 
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt 
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][2].txt 
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][2].txt 
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt 
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt 
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt 
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\Master Shake\My Documents\My Videos\screenshots\Setup.exe

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:	23:46:36 17/11/2006

+ Scan result:

C:\Documents and Settings\Master Shake\My Documents\My Videos\screenshots\Setup.exe -> Adware.180Solutions : No action taken.
C:\Documents and Settings\Calin's Stuff\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : No action taken.
C:\Documents and Settings\Calin's Stuff\Program Files\DogpileToolbar\cursorsearchword.dll -> Adware.Dogpile : No action taken.
C:\Documents and Settings\Calin's Stuff\Program Files\DogpileToolbar\insptbar.dll -> Adware.Dogpile : No action taken.
C:\Documents and Settings\Calin's Stuff\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][URL]www.adbrite[/URL][2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][2].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt -> TrackingCookie.Admarketplace : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][2].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt -> TrackingCookie.Clickhype : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt -> TrackingCookie.Popularix : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][2].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][2].txt -> TrackingCookie.Tracking101 : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt -> TrackingCookie.Web-stat : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Master Shake\Cookies\master [email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.

::Report end

Logfile of HijackThis v1.99.1
Scan saved at 10:39:27, on 18/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Common Files\AOL\1144131243\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1144131243\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\AOL\1144131243\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\Program Files\Common Files\AOL\1144131243\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
c:\program files\common files\aol\1144131243\ee\aolssc.exe
C:\Documents and Settings\Master Shake\My Documents\Hijack This\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144131243\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1144131243\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1144131243\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144033244697
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1144131243\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe


----------

