Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


impulse91's HJT log

  • This topic is locked This topic is locked
2 replies to this topic

#1 impulse91


  • Members
  • 3 posts
  • Local time:08:07 AM

Posted 14 October 2005 - 06:29 AM

Mod Edit: Split from this post:

Format my whole hard drive clean and reinstalling the XP again.

The fact is, this problem keeps showing before and after I have reinstalled.

What I have done "trying" to fix this problem
-Ran a virus scan 3 times but couldnt find any worms nor viruses. Used McAfee
-Used the program called Hijackthis and here's my log file.
Logfile of HijackThis v1.99.1
Scan saved at 오후 6:23:11, on 2005-10-14
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\사용자\바탕 화면\Yune\HijackThis.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O16 - DPF: {00001021-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter21 Class) - http://download.netmarble.com/web/nmstarter/NMStarter21.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A42C8547-9866-4050-8075-86DAA142702C}: NameServer =
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

It's been only a day since I have reinstalled XP so there's not much programs in it. So I really dont know whats causing this.

Edited by tg1911, 14 October 2005 - 09:33 AM.

BC AdBot (Login to Remove)


#2 ddeerrff



  • Malware Response Team
  • 2,738 posts
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:07:07 AM

Posted 18 October 2005 - 11:39 PM

Hello impulse91 and welcome to BleepingComputer.

The Mean Time to Infection of an unpatched, unprotected WindowsXP connected to the internet system is 19 minutes. You have McAfee installed, and that's good, but you are way behind in Windows updates. Before we go any further, it is essential that you update your operating system; otherwise any infections we remove could reoccur. Go to Windows Update and install all the offered Critical and Security updates EXCEPT FOR SP2 at this time. Then be sure you have the Windows built-in firewall enabled.

I would like you to have a file scanned for me. Go to the Jotti's malware scan site and submit the following files for a malware scan:


Post the results of the scans in your next reply along with a fresh HJT log.

#3 ddeerrff



  • Malware Response Team
  • 2,738 posts
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:07:07 AM

Posted 02 November 2005 - 10:22 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users