friends hijackthis log

sidthereal · 03-15-2006, 12:33 PM

Logfile of HijackThis v1.99.1
Scan saved at 4:59:53 PM, on 3/15/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend\Tmas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackTh is.exe

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\hi\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [] winlog.exe
O4 - HKLM\..\Run: [Microsof Avps32 Control] av32.pif
O4 - HKLM\..\Run: [Microsoft Configu] msconfigu.exe
O4 - HKLM\..\Run: [cc32] C:\WINDOWS\System32\cc32.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\nefdw.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\alc.exe
O4 - HKLM\..\Run: [pcvp] C:\WINDOWS\System32\pcvp.exe
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [lcps] C:\WINDOWS\System32\lcps.exe
O4 - HKLM\..\Run: [RavTimeXP] C:\WINDOWS\Mstray.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\Run: [HTTP] C:\WINDOWS\System32\HTTP.exe
O4 - HKLM\..\Run: [Microsoft Configuew] msconfiguw.exe
O4 - HKLM\..\Run: [MS22] C:\WINDOWS\System32\MS22.exe
O4 - HKLM\..\Run: [Microsoft Configuewe] msconfiguwe.exe
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKLM\..\RunServices: [Microsof Avps32 Control] av32.pif
O4 - HKLM\..\RunServices: [Microsoft Configu] msconfigu.exe
O4 - HKLM\..\RunServices: [Microsoft Configuew] msconfiguw.exe
O4 - HKLM\..\RunServices: [Microsoft Configuewe] msconfiguwe.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [MuscleCarSetup.exe] C:\DOCUME~1\ADMINI~1\Desktop\MUSCLE~1.EXE /r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "F:\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Microsoft Configu] msconfigu.exe
O4 - HKCU\..\Run: [Microsoft Configuew] msconfiguw.exe
O4 - HKCU\..\Run: [Microsoft Configuewe] msconfiguwe.exe
O4 - HKCU\..\RunServices: [Microsoft Configu] msconfigu.exe
O4 - HKCU\..\RunServices: [Microsoft Configuew] msconfiguw.exe
O4 - HKCU\..\RunServices: [Microsoft Configuewe] msconfiguwe.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend\Tmas.exe
O4 - Startup: BitTorrent.lnk = F:\Bt\bittorrent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/...chsettings.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2C7303C-C1FC-4D05-8FFB-1EEF10A12DA6}: NameServer = 203.94.243.70,203.94.227.70
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\enl6l13s1.dll (file missing)
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\u0ru0a99ed.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\dk lite\DKService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mswmf32 - Unknown owner - C:\WINDOWS\mswmf32.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\axdcfasb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

comp has been acting slow and unstable...could the log help?
thanks in advance

sidthereal · 03-15-2006, 01:48 PM

did a scan using spysweeper, remved a helluva lotta things....
heres the fresh log
Logfile of HijackThis v1.99.1
Scan saved at 6:16:29 PM, on 3/15/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackTh is.exe

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\hi\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [] winlog.exe
O4 - HKLM\..\Run: [Microsof Avps32 Control] av32.pif
O4 - HKLM\..\Run: [Microsoft Configu] msconfigu.exe
O4 - HKLM\..\Run: [cc32] C:\WINDOWS\System32\cc32.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\nefdw.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\alc.exe
O4 - HKLM\..\Run: [pcvp] C:\WINDOWS\System32\pcvp.exe
O4 - HKLM\..\Run: [lcps] C:\WINDOWS\System32\lcps.exe
O4 - HKLM\..\Run: [RavTimeXP] C:\WINDOWS\Mstray.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\Run: [HTTP] C:\WINDOWS\System32\HTTP.exe
O4 - HKLM\..\Run: [Microsoft Configuew] msconfiguw.exe
O4 - HKLM\..\Run: [MS22] C:\WINDOWS\System32\MS22.exe
O4 - HKLM\..\Run: [Microsoft Configuewe] msconfiguwe.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKLM\..\RunServices: [Microsof Avps32 Control] av32.pif
O4 - HKLM\..\RunServices: [Microsoft Configu] msconfigu.exe
O4 - HKLM\..\RunServices: [Microsoft Configuew] msconfiguw.exe
O4 - HKLM\..\RunServices: [Microsoft Configuewe] msconfiguwe.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [MuscleCarSetup.exe] C:\DOCUME~1\ADMINI~1\Desktop\MUSCLE~1.EXE /r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "F:\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Microsoft Configu] msconfigu.exe
O4 - HKCU\..\Run: [Microsoft Configuew] msconfiguw.exe
O4 - HKCU\..\Run: [Microsoft Configuewe] msconfiguwe.exe
O4 - HKCU\..\RunServices: [Microsoft Configu] msconfigu.exe
O4 - HKCU\..\RunServices: [Microsoft Configuew] msconfiguw.exe
O4 - HKCU\..\RunServices: [Microsoft Configuewe] msconfiguwe.exe
O4 - Startup: BitTorrent.lnk = F:\Bt\bittorrent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/...chsettings.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2C7303C-C1FC-4D05-8FFB-1EEF10A12DA6}: NameServer = 203.94.243.70,203.94.227.70
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\enl6l13s1.dll (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\q4rqle951h.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\dk lite\DKService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mswmf32 - Unknown owner - C:\WINDOWS\mswmf32.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\axdcfasb.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

**Buzz1927** · 03-15-2006, 09:47 PM

Run Hijackthis and select "Do a system scan only", place a check by the following entries.

O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [] winlog.exe
O4 - HKLM\..\Run: [Microsof Avps32 Control] av32.pif
O4 - HKLM\..\Run: [Microsoft Configu] msconfigu.exe
O4 - HKLM\..\Run: [cc32] C:\WINDOWS\System32\cc32.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\nefdw.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\alc.exe
O4 - HKLM\..\Run: [pcvp] C:\WINDOWS\System32\pcvp.exe
O4 - HKLM\..\Run: [lcps] C:\WINDOWS\System32\lcps.exe
O4 - HKLM\..\Run: [RavTimeXP] C:\WINDOWS\Mstray.exe
O4 - HKLM\..\Run: [HTTP] C:\WINDOWS\System32\HTTP.exe
O4 - HKLM\..\Run: [Microsoft Configuew] msconfiguw.exe
O4 - HKLM\..\Run: [MS22] C:\WINDOWS\System32\MS22.exe
O4 - HKLM\..\Run: [Microsoft Configuewe] msconfiguwe.exe
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKLM\..\RunServices: [Microsof Avps32 Control] av32.pif
O4 - HKLM\..\RunServices: [Microsoft Configu] msconfigu.exe
O4 - HKLM\..\RunServices: [Microsoft Configuew] msconfiguw.exe
O4 - HKLM\..\RunServices: [Microsoft Configuewe] msconfiguwe.exe
O4 - HKCU\..\Run: [Microsoft Configu] msconfigu.exe
O4 - HKCU\..\Run: [Microsoft Configuew] msconfiguw.exe
O4 - HKCU\..\Run: [Microsoft Configuewe] msconfiguwe.exe
O4 - HKCU\..\RunServices: [Microsoft Configu] msconfigu.exe
O4 - HKCU\..\RunServices: [Microsoft Configuew] msconfiguw.exe
O4 - HKCU\..\RunServices: [Microsoft Configuewe] msconfiguwe.exe
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\enl6l13s1.dll (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\q4rqle951h.dll
O23 - Service: mswmf32 - Unknown owner - C:\WINDOWS\mswmf32.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe
O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\axdcfasb.exe

Close all open windows and browsers, and hit "Fix Checked".

Delete these folders\files.

C:\Program Files\winsupdater
C:\WINDOWS\System32\cc32.exe
C:\nefdw.exe
C:\alc.exe
C:\WINDOWS\System32\pcvp.exe
C:\WINDOWS\System32\lcps.exe
C:\WINDOWS\Mstray.exe
C:\WINDOWS\System32\HTTP.exe
C:\WINDOWS\System32\MS22.exe
C:\WINDOWS\system32\q4rqle951h.dll
C:\WINDOWS\mswmf32.exe
C:\Program Files\Network Monitor
C:\WINDOWS\nvidGUIv.exe
C:\WINDOWS\axdcfasb.exe

Find and delete these files.

winlog.exe
av32.pif
msconfigu.exe
msconfiguw.exe
msconfiguwe.exe

Reboot and post a new Hijackthis log.

03-15-2006, 12:33 PM	#1 (permalink)
sidthereal Gold Member Join Date: Jun 2005 Posts: 269	friends hijackthis log Logfile of HijackThis v1.99.1 Scan saved at 4:59:53 PM, on 3/15/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend\Tmas.exe C:\WINDOWS\System32\ctfmon.exe C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackTh is.exe O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\hi\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto O4 - HKLM\..\Run: [] winlog.exe O4 - HKLM\..\Run: [Microsof Avps32 Control] av32.pif O4 - HKLM\..\Run: [Microsoft Configu] msconfigu.exe O4 - HKLM\..\Run: [cc32] C:\WINDOWS\System32\cc32.exe O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\nefdw.exe O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\alc.exe O4 - HKLM\..\Run: [pcvp] C:\WINDOWS\System32\pcvp.exe O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe O4 - HKLM\..\Run: [lcps] C:\WINDOWS\System32\lcps.exe O4 - HKLM\..\Run: [RavTimeXP] C:\WINDOWS\Mstray.exe O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\Run: [HTTP] C:\WINDOWS\System32\HTTP.exe O4 - HKLM\..\Run: [Microsoft Configuew] msconfiguw.exe O4 - HKLM\..\Run: [MS22] C:\WINDOWS\System32\MS22.exe O4 - HKLM\..\Run: [Microsoft Configuewe] msconfiguwe.exe O4 - HKLM\..\RunServices: [] winlog.exe O4 - HKLM\..\RunServices: [Microsof Avps32 Control] av32.pif O4 - HKLM\..\RunServices: [Microsoft Configu] msconfigu.exe O4 - HKLM\..\RunServices: [Microsoft Configuew] msconfiguw.exe O4 - HKLM\..\RunServices: [Microsoft Configuewe] msconfiguwe.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h O4 - HKCU\..\Run: [MuscleCarSetup.exe] C:\DOCUME~1\ADMINI~1\Desktop\MUSCLE~1.EXE /r O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [ares] "F:\Ares\Ares.exe" -h O4 - HKCU\..\Run: [Microsoft Configu] msconfigu.exe O4 - HKCU\..\Run: [Microsoft Configuew] msconfiguw.exe O4 - HKCU\..\Run: [Microsoft Configuewe] msconfiguwe.exe O4 - HKCU\..\RunServices: [Microsoft Configu] msconfigu.exe O4 - HKCU\..\RunServices: [Microsoft Configuew] msconfiguw.exe O4 - HKCU\..\RunServices: [Microsoft Configuewe] msconfiguwe.exe O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend\Tmas.exe O4 - Startup: BitTorrent.lnk = F:\Bt\bittorrent.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend\Tmas.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/...chsettings.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F2C7303C-C1FC-4D05-8FFB-1EEF10A12DA6}: NameServer = 203.94.243.70,203.94.227.70 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\enl6l13s1.dll (file missing) O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\u0ru0a99ed.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Diskeeper - Executive Software International, Inc. - D:\dk lite\DKService.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: mswmf32 - Unknown owner - C:\WINDOWS\mswmf32.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\axdcfasb.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe comp has been acting slow and unstable...could the log help? thanks in advance __________________ he who laughs last must have a terrible sense of humor :eek:

03-15-2006, 01:48 PM	#2 (permalink)
sidthereal Gold Member Join Date: Jun 2005 Posts: 269	did a scan using spysweeper, remved a helluva lotta things.... heres the fresh log Logfile of HijackThis v1.99.1 Scan saved at 6:16:29 PM, on 3/15/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\System32\ctfmon.exe C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackTh is.exe O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\hi\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto O4 - HKLM\..\Run: [] winlog.exe O4 - HKLM\..\Run: [Microsof Avps32 Control] av32.pif O4 - HKLM\..\Run: [Microsoft Configu] msconfigu.exe O4 - HKLM\..\Run: [cc32] C:\WINDOWS\System32\cc32.exe O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\nefdw.exe O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\alc.exe O4 - HKLM\..\Run: [pcvp] C:\WINDOWS\System32\pcvp.exe O4 - HKLM\..\Run: [lcps] C:\WINDOWS\System32\lcps.exe O4 - HKLM\..\Run: [RavTimeXP] C:\WINDOWS\Mstray.exe O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\Run: [HTTP] C:\WINDOWS\System32\HTTP.exe O4 - HKLM\..\Run: [Microsoft Configuew] msconfiguw.exe O4 - HKLM\..\Run: [MS22] C:\WINDOWS\System32\MS22.exe O4 - HKLM\..\Run: [Microsoft Configuewe] msconfiguwe.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\RunServices: [] winlog.exe O4 - HKLM\..\RunServices: [Microsof Avps32 Control] av32.pif O4 - HKLM\..\RunServices: [Microsoft Configu] msconfigu.exe O4 - HKLM\..\RunServices: [Microsoft Configuew] msconfiguw.exe O4 - HKLM\..\RunServices: [Microsoft Configuewe] msconfiguwe.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h O4 - HKCU\..\Run: [MuscleCarSetup.exe] C:\DOCUME~1\ADMINI~1\Desktop\MUSCLE~1.EXE /r O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [ares] "F:\Ares\Ares.exe" -h O4 - HKCU\..\Run: [Microsoft Configu] msconfigu.exe O4 - HKCU\..\Run: [Microsoft Configuew] msconfiguw.exe O4 - HKCU\..\Run: [Microsoft Configuewe] msconfiguwe.exe O4 - HKCU\..\RunServices: [Microsoft Configu] msconfigu.exe O4 - HKCU\..\RunServices: [Microsoft Configuew] msconfiguw.exe O4 - HKCU\..\RunServices: [Microsoft Configuewe] msconfiguwe.exe O4 - Startup: BitTorrent.lnk = F:\Bt\bittorrent.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/...chsettings.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F2C7303C-C1FC-4D05-8FFB-1EEF10A12DA6}: NameServer = 203.94.243.70,203.94.227.70 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\enl6l13s1.dll (file missing) O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\q4rqle951h.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Diskeeper - Executive Software International, Inc. - D:\dk lite\DKService.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: mswmf32 - Unknown owner - C:\WINDOWS\mswmf32.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\axdcfasb.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe __________________ he who laughs last must have a terrible sense of humor :eek:

03-15-2006, 09:47 PM	#3 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 7,613	Run Hijackthis and select "Do a system scan only", place a check by the following entries. O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto O4 - HKLM\..\Run: [] winlog.exe O4 - HKLM\..\Run: [Microsof Avps32 Control] av32.pif O4 - HKLM\..\Run: [Microsoft Configu] msconfigu.exe O4 - HKLM\..\Run: [cc32] C:\WINDOWS\System32\cc32.exe O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\nefdw.exe O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\alc.exe O4 - HKLM\..\Run: [pcvp] C:\WINDOWS\System32\pcvp.exe O4 - HKLM\..\Run: [lcps] C:\WINDOWS\System32\lcps.exe O4 - HKLM\..\Run: [RavTimeXP] C:\WINDOWS\Mstray.exe O4 - HKLM\..\Run: [HTTP] C:\WINDOWS\System32\HTTP.exe O4 - HKLM\..\Run: [Microsoft Configuew] msconfiguw.exe O4 - HKLM\..\Run: [MS22] C:\WINDOWS\System32\MS22.exe O4 - HKLM\..\Run: [Microsoft Configuewe] msconfiguwe.exe O4 - HKLM\..\RunServices: [] winlog.exe O4 - HKLM\..\RunServices: [Microsof Avps32 Control] av32.pif O4 - HKLM\..\RunServices: [Microsoft Configu] msconfigu.exe O4 - HKLM\..\RunServices: [Microsoft Configuew] msconfiguw.exe O4 - HKLM\..\RunServices: [Microsoft Configuewe] msconfiguwe.exe O4 - HKCU\..\Run: [Microsoft Configu] msconfigu.exe O4 - HKCU\..\Run: [Microsoft Configuew] msconfiguw.exe O4 - HKCU\..\Run: [Microsoft Configuewe] msconfiguwe.exe O4 - HKCU\..\RunServices: [Microsoft Configu] msconfigu.exe O4 - HKCU\..\RunServices: [Microsoft Configuew] msconfiguw.exe O4 - HKCU\..\RunServices: [Microsoft Configuewe] msconfiguwe.exe O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\enl6l13s1.dll (file missing) O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\q4rqle951h.dll O23 - Service: mswmf32 - Unknown owner - C:\WINDOWS\mswmf32.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\axdcfasb.exe Close all open windows and browsers, and hit "Fix Checked". Delete these folders\files. C:\Program Files\winsupdater C:\WINDOWS\System32\cc32.exe C:\nefdw.exe C:\alc.exe C:\WINDOWS\System32\pcvp.exe C:\WINDOWS\System32\lcps.exe C:\WINDOWS\Mstray.exe C:\WINDOWS\System32\HTTP.exe C:\WINDOWS\System32\MS22.exe C:\WINDOWS\system32\q4rqle951h.dll C:\WINDOWS\mswmf32.exe C:\Program Files\Network Monitor C:\WINDOWS\nvidGUIv.exe C:\WINDOWS\axdcfasb.exe Find and delete these files. winlog.exe av32.pif msconfigu.exe msconfiguw.exe msconfiguwe.exe Reboot and post a new Hijackthis log. __________________ Son of Glyndwr Mae hen wlad fy nhadau yn annwyl i mi

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode