Im New and this is my hijack this log

Ok, sorry for the delay, I've been busy....

@roxyholly

You can fix these entries with HijackThis if you want to free your memory: (not required startups)

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125413510\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

And that DVD burning problem, I'll suggest that you post that problem to here -> http://forums.afterdawn.com/forum_view.cfm/125

@handsom

Ok, post the logs when you're ready.

 

Ewido Scan:

--------------------------------------------------------------------
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:15:55 AM, 4/30/2006
+ Report-Checksum: B0164AA1

+ Scan result:

:mozilla.14:C:\Documents and Settings\HanddsomeDan\Application Data\Mozilla\Firefox\Profiles\1v1xx4ts.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.15:C:\Documents and Settings\HanddsomeDan\Application Data\Mozilla\Firefox\Profiles\1v1xx4ts.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.23:C:\Documents and Settings\HanddsomeDan\Application Data\Mozilla\Firefox\Profiles\1v1xx4ts.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\HanddsomeDan\Application Data\Mozilla\Firefox\Profiles\1v1xx4ts.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.48:C:\Documents and Settings\HanddsomeDan\Application Data\Mozilla\Firefox\Profiles\1v1xx4ts.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.49:C:\Documents and Settings\HanddsomeDan\Application Data\Mozilla\Firefox\Profiles\1v1xx4ts.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.71:C:\Documents and Settings\HanddsomeDan\Application Data\Mozilla\Firefox\Profiles\1v1xx4ts.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.113:C:\Documents and Settings\HanddsomeDan\Application Data\Mozilla\Firefox\Profiles\1v1xx4ts.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.114:C:\Documents and Settings\HanddsomeDan\Application Data\Mozilla\Firefox\Profiles\1v1xx4ts.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.116:C:\Documents and Settings\HanddsomeDan\Application Data\Mozilla\Firefox\Profiles\1v1xx4ts.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.117:C:\Documents and Settings\HanddsomeDan\Application Data\Mozilla\Firefox\Profiles\1v1xx4ts.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.118:C:\Documents and Settings\HanddsomeDan\Application Data\Mozilla\Firefox\Profiles\1v1xx4ts.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.168:C:\Documents and Settings\HanddsomeDan\Application Data\Mozilla\Firefox\Profiles\1v1xx4ts.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.169:C:\Documents and Settings\HanddsomeDan\Application Data\Mozilla\Firefox\Profiles\1v1xx4ts.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.170:C:\Documents and Settings\HanddsomeDan\Application Data\Mozilla\Firefox\Profiles\1v1xx4ts.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.171:C:\Documents and Settings\HanddsomeDan\Application Data\Mozilla\Firefox\Profiles\1v1xx4ts.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.179:C:\Documents and Settings\HanddsomeDan\Application Data\Mozilla\Firefox\Profiles\1v1xx4ts.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup


::Report End
--------------------------------------------------------------------



----Hijackthis Scan:----



--------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 9:35:22 AM, on 4/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\HanddsomeDan\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/rickianblaster/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/rickianblaster/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{44EA2125-1CE3-413D-B66D-A37925141D43}: NameServer = 192.168.1.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


--------------------------------------------------------------------

Is it clean now? Or are there more traces?

 

Hi handsom, you're clean now =)

 

Thank you very much; that was a huge concern for me. I really appreciate the help.

 

You're welcome =)

 

One more question; I leave my computer on overnight for a variety of reasons. It's quite often for it to do 24 hour+ operation. But it seems to have a crash that causes it to become unresponsive. Sometimes I'll come home or wake up and turn on the monitor to find it restarted and has a 'non-system disk or disk error' message going for me. Other times, I'll notice incredibly sluggish repsonsiveness, and when I check the current processes, msmsgs.exe is taking 90%+ cpu... First off. I hate msn messenger, in all forms. Including the little default one that comes with windows. Secondly, I am wondering if it could be replaced or altered with anything malicious. Because that and ccapp.exe are always the first things having problems.

Do you think this could be an issue? Do you know a way to get rid of msmsg.exe? I use office, but I would really like that messenger gone.

Thanks again!

 

Ok, here are the instructions for disabling Windows Messenger -> http://www.pchell.com/support/removemessenger.shtml

And MSN Messenger can be removed through Control Panel -> Add/Remove Programs

You could also clean your registry with CCleaner -> http://www.filehippo.com/download_ccleaner/

And the name of the process was msmsgs.exe and not msmsg.exe, right?

 

Yes; msmsgs.exe, sorry for the confusion there. Thanks for the assist. CCapp.exe sound familiar to you?

 

Ok good. CCapp.exe belongs to your Norton Antivirus. It is responsible for the auto-protect and email checking facilities.

 

That was really helpful, I really appreciate the link with so much info; it was very convenient having all of the info and the little 'what ifs' already answered. Thanks! There is still a bit of a problem though...

I have msmsgs.exe listed in my processes still; which is causing me a growing concern. I did the registry trick for 4.5 or later to get it off, and it's still running.... I even went through the trouble of uninstalling windows messenger through windows components...... My fear here has been that I might be looking at a trojan disguised as msmsgs; and now that I've disabled and unsinstalled it; yet still see it running, I am getting really concerned that I have a big problem here...

Any suggestions?

[bold]Edit:[/quote]It seems to be gone now that I've done the reg clean with ccleaner. Thanks!

 

You're welcome =)

 

Well; it seems to come back on restart. And I don't know why..... But it really shouldn't be.

 

Ok, is it the process msmsgs.exe that came back?

Have you deleted MSN Messenger through Add/Remove programs?

Which steps did you exactly do from here? -> http://www.pchell.com/support/removemessenger.shtml

 

Well; for some reason that link doesn't seem to work anymore;

-I did the registry removal, by adding it specifically to NOT be run at startup.

-I went through add/remove programs, clicked under windows components and actually uninstalled it.

I ran Ccleaner on my registry as well (That took a bit of a while, wow.) So that element is all clean, hijackthis still has the same log a when I last posted it. So, having uninstalled windows messenger (msmsgs.exe) I am growing very concerned as to how it is still running, and how legitimate this process is...

 

Hi handsom.

Try this tool -> http://www.majorgeeks.com/DisableRemove_Windows_Messenger_d2327.html

Unzip it to your desktop.
->Run the file disablemessenger.exe
->Check the following options:

Disable Winodws Messenger Machine Wide
Hide Messenger from Outlook Express
Uninstall Windows Messenger

->Press Apply
->Press OK
->Restart your computer
->Check if msmsgs.exe is still running
->Tell me the results

 

Thanks; I will run that ASAP when I get home; does this sort of difficulty happen often?

 

I wouldn't count this as a difficulty yet
When you're ready, please let me know if it is gone now...

 

Thank God. It's finally gone. All is clean now; I went around and found instructions to disable Creative's stupid startup video; and now my computer is how it should be.

That should be all I need, I really do wish to thank you a lot. You have been more helpful than you can imagine.

 

That is nice to hear and you're welcome