goman87 Posted August 22, 2005 Report Share Posted August 22, 2005 I regularly scan my PC with anti-spyware scanners, but I looked over my HJT Log and to me it looks messy.Logfile of HijackThis v1.99.1Scan saved at 2:30:28 PM, on 8/22/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeE:\Program Files\SPF\smc.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\ATI Multimedia\main\ATIDtct.EXEE:\DVD Burner\PDVDServ.exeC:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exeC:\Program Files\Java\jre1.5.0_03\bin\jusched.exeE:\PROGRA~1\Avast!\ashDisp.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Microsoft Shared\DAO\system32_\svchost.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\TGTSoft\StyleXP\StyleXP.exeE:\Xfire\Xfire.exeC:\Program Files\NetAssistant\bin\mpbtn.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeE:\Program Files\Avast!\aswUpdSv.exeE:\Program Files\Avast!\ashServ.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\svchost.exeE:\Program Files\Avast!\ashMaiSv.exeE:\Program Files\Avast!\ashWebSv.exeC:\Program Files\Windows Media Player\wmplayer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\notepad.exeC:\Documents and Settings\Kyle\My Documents\HTL\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.miniclip.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mousebreaker.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mousebreaker.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = 1337 ExPL0r3rR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXEO4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckRegO4 - HKLM\..\Run: [RemoteControl] "E:\DVD Burner\PDVDServ.exe"O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [WinService32] svchostO4 - HKLM\..\Run: [smcService] E:\PROGRA~1\SPF\smc.exe -startguiO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exeO4 - HKLM\..\Run: [avast!] E:\PROGRA~1\Avast!\ashDisp.exeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [WinLiveUpdate] C:\Program Files\Common Files\Microsoft Shared\DAO\system32_\svchost.exeO4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [NBJ] "E:\DVD Burner\Nero BackItUp\NBJ.exe"O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -HideO4 - Startup: Xfire.lnk = E:\Xfire\Xfire.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exeO4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exeO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: &NeoTrace It! - E:\PROGRA~1\NEOTRA~1\NTXcontext.htmO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.htmlO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - E:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cabO16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1109257564366O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cabO16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cabO16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cabO16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cabO16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cabO18 - Protocol: bw+0s - {4A081AFC-ED22-4B1A-A766-A8E4D3515414} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O18 - Protocol: offline-8876480 - {4A081AFC-ED22-4B1A-A766-A8E4D3515414} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO23 - Service: Abel - Unknown owner - E:\EA Games\main\Cain\Abel.exe (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Avast!\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: AutoComplete Service (Autocomplete) - Acesoft - E:\Program Files\Tracks Eraser Pro\autocomp.exeO23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Avast!\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Avast!\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Avast!\ashWebSv.exe" /service (file missing)O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\iPOD\bin\iPodService.exeO23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: Steganos Live Encryption Engine (Version 503) [service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE503.exe (file missing)O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Program Files\SPF\smc.exeO23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeO23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing) Link to post Share on other sites
alsocom Posted August 25, 2005 Report Share Posted August 25, 2005 (edited) Hello goman87. You don't have much bad on your computer. There are a couple of questionable programs on your computer that I need to alert you to. If you did not intentionally install these than I can give you instructions on removing them.007 Spy SoftwarePassword CrackerStep 1We need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes that we need to make.Open Microsoft AntiSpyware.Click on Options, Settings.In the left pane, click on Real-time Protection.Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).After you uncheck these, click on the Save button and close Microsoft AntiSpyware.Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.After the computer is clean, it is very important that you enable Real-time Protection again.Step 2Open HijackThis, run a scan, then check the following:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)With all other programs and browsers closed, click fix checked.Step 3Reboot normally and scan with HijackThis. Post the new log as a reply to this thread. Let me know about the two questionable programs.Please let us know of any complications you had and how the computer is behaving. Edited August 25, 2005 by alsocom Link to post Share on other sites
goman87 Posted August 25, 2005 Author Report Share Posted August 25, 2005 Logfile of HijackThis v1.99.1Scan saved at 11:56:53 AM, on 8/25/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeE:\Program Files\SPF\smc.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\ATI Multimedia\main\ATIDtct.EXEE:\DVD Burner\PDVDServ.exeC:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exeC:\Program Files\Java\jre1.5.0_03\bin\jusched.exeC:\WINDOWS\system32\rundll32.exeE:\PROGRA~1\Avast!\ashDisp.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\TGTSoft\StyleXP\StyleXP.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeE:\Program Files\Avast!\aswUpdSv.exeE:\Program Files\Avast!\ashServ.exeC:\Program Files\NetAssistant\bin\mpbtn.exeE:\Xfire\Xfire.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\svchost.exeE:\Program Files\Avast!\ashMaiSv.exeE:\Program Files\Avast!\ashWebSv.exeC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Documents and Settings\Kyle\My Documents\HTL\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.miniclip.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mousebreaker.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mousebreaker.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = 1337 ExPL0r3rR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXEO4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckRegO4 - HKLM\..\Run: [RemoteControl] "E:\DVD Burner\PDVDServ.exe"O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [WinService32] svchostO4 - HKLM\..\Run: [smcService] E:\PROGRA~1\SPF\smc.exe -startguiO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exeO4 - HKLM\..\Run: [avast!] E:\PROGRA~1\Avast!\ashDisp.exeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [WinLiveUpdate] C:\Program Files\Common Files\Microsoft Shared\DAO\system32_\svchost.exeO4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [NBJ] "E:\DVD Burner\Nero BackItUp\NBJ.exe"O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -HideO4 - HKCU\..\Run: [googletalk] "E:\Program Files\Google Talk\googletalk.exe" /autostartO4 - Startup: Xfire.lnk = E:\Xfire\Xfire.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exeO4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exeO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.htmlO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cabO16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1109257564366O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cabO16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cabO16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cabO16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cabO16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cabO18 - Protocol: bw+0s - {4A081AFC-ED22-4B1A-A766-A8E4D3515414} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: offline-8876480 - {4A081AFC-ED22-4B1A-A766-A8E4D3515414} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO23 - Service: Abel - Unknown owner - E:\EA Games\main\Cain\Abel.exe (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Avast!\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: AutoComplete Service (Autocomplete) - Acesoft - E:\Program Files\Tracks Eraser Pro\autocomp.exeO23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Avast!\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Avast!\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Avast!\ashWebSv.exe" /service (file missing)O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\iPOD\bin\iPodService.exeO23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: Steganos Live Encryption Engine (Version 503) [service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE503.exe (file missing)O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Program Files\SPF\smc.exeO23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeO23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)The computer has been running pretty good, but sometimes MSN Messenger starts to use alot of CPU Usage and I have to restart it. And, I normally us FF but when I use IE, it sometime starts to act up and then I get (Not Responding) Link to post Share on other sites
alsocom Posted August 25, 2005 Report Share Posted August 25, 2005 There are a couple of questionable programs on your computer that I need to alert you to. If you did not intentionally install these than I can give you instructions on removing them.007 Spy SoftwarePassword CrackerLet me know about the two questionable programs.You didn't state whether you installed those programs or not. Please let me know.For the MSN Messenger problem, it was showing in the HijackThis log that a file was missing. You may need to reinstall the program or check to make sure you have the latest version. Link to post Share on other sites
goman87 Posted August 25, 2005 Author Report Share Posted August 25, 2005 There are a couple of questionable programs on your computer that I need to alert you to. If you did not intentionally install these than I can give you instructions on removing them.007 Spy SoftwarePassword CrackerLet me know about the two questionable programs.You didn't state whether you installed those programs or not. Please let me know.For the MSN Messenger problem, it was showing in the HijackThis log that a file was missing. You may need to reinstall the program or check to make sure you have the latest version.<{POST_SNAPBACK}>Right, I knew I forgot something, I do know about those programs. Link to post Share on other sites
alsocom Posted August 26, 2005 Report Share Posted August 26, 2005 Other than those two items, your new log appears clean. Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)1. Right-click My Computer, and then click Properties.2. On the System Restore tab, put a check mark in the 'Turn Off System Restore' check box.3. Click OK, and then click Yes. 4. Restart the computer.5. Repeat steps 1 - 2, this time clearing the box beside 'Turn Off System Restore', click 'OK'.I suggest that you get these programs to help keep the computer clean:Spyware Blaster - Blocks bad ActiveX items from installing on your computer. Spyware Blaster runs silently in the background.ie-spyad - Puts over 12,000 bad URLs into your restricted sites for Internet Explorer.Firefox - 'Safer' alternative to the Internet Explorer web browser.AVG AntiVirus - Free antivirus program if you currently are not using one.ZoneAlarm - Free firewall program if you currently are not using one.Here are two very good and free malware scanners:Spybot Search and Destroy 1.4AdAware SE v1.06Set-up Instructions for Spybot S&D and Adaware SEIf you have them already, check to make sure that they are the newest version.Update these regularly.You may also want to read "So how did I get infected in the first place" to learn how to better secure your computer.Be sure to keep Windows and your Anti-virus updated. Link to post Share on other sites
goman87 Posted August 27, 2005 Author Report Share Posted August 27, 2005 Thanks alsocom for you help. Link to post Share on other sites
alsocom Posted August 27, 2005 Report Share Posted August 27, 2005 Your welcome. Glad to help out. Link to post Share on other sites
Recommended Posts