December 1, 200520 yr Logfile of HijackThis v1.99.1 Scan saved at 18:21:35, on 01/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Program Files\Sygate\SPF\smc[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: ExecutableFile] C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService[Caution: ExecutableFile] C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG[Caution: ExecutableFile] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM[Caution: ExecutableFile] C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\windows\system\hpsysdrv[Caution: ExecutableFile] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: ExecutableFile] C:\HP\KBD\KBD[Caution: ExecutableFile] C:\WINDOWS\ALCXMNTR[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile] C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile] C:\Program Files\Java\jre1.5.0_05\bin\jusched[Caution: ExecutableFile] C:\Program Files\Common Files\InstallShield\UpdateService\issch[Caution: ExecutableFile] C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile] C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile] C:\Program Files\Microsoft AntiSpyware\gcasDtServ[Caution: ExecutableFile] C:\WINDOWS\system32\wuauclt[Caution: ExecutableFile] C:\Program Files\HijackThis\HijackThis[Caution: ExecutableFile] O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv[Caution: ExecutableFile] O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: ExecutableFile] O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD[Caution: ExecutableFile] O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD[Caution: ExecutableFile] O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR[Caution: ExecutableFile] O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2[Caution: ExecutableFile] O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher[Caution: ExecutableFile] O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP[Caution: ExecutableFile]" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile] /STARTUP O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile]" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched[Caution: ExecutableFile] O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc[Caution: ExecutableFile] -startgui O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM[Caution: ExecutableFile] -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch[Caution: ExecutableFile]" -start O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [ctfmon[Caution: ExecutableFile]] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile] O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile] O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL[Caution: ExecutableFile]/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile] O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile] O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile] O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: ExecutableFile] O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService[Caution: ExecutableFile] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT[Caution: ExecutableFile] O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc[Caution: ExecutableFile] Nothing wrong with my PC or at least I hope not. I just wanted someone who knows about this type of stuff to check it over. Thanks a lot. :)
December 1, 200520 yr I don't see anything malicious, though I do see this. :) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) Not sure if this needs fixing or not, but it doesn't look harmful. Wait for a super pro to jump in :) ==================================Retired tip.it moderator.Teaching and inspiring.
December 1, 200520 yr the file msgrapp.dll belongs to MSN Messenger. It's not a big deal to be missing this file......but if MSN starts acting up...you could do with reinstalling it. It is however a known issue that HijackThis can report this file as missing when it really is not. Resigned From Runescape - Alpha_120 --> Level 69 -ArenaScape-Join Clan UCORB ~ Rank #5 ClanClan members, need something? PM ME!!!
Create an account or sign in to comment