(did someone...) HIJACK THIS!

Logfile of HijackThis v1.97.7
Scan saved at 1:19:56 PM, on 12/15/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\GWMDMMSG.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\zzzAAA\HijackThis.exe

O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O4 - Startup: Shortcut to Ad-watch.lnk = C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d2c89f68a1bb5a/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37902.4724652778
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4301/mcfscan.cab


Hi-

My system is preforming reasonably well. I have run BOTH Spybots and Ad-aware Professional. However judging from the
number of attacks my computer tries to ward off I just wonder if anyone sees anything scarry in this hijack thislog,

also, Spybots (part of the regestry inconsistancy checks) said that

Windows Registry: Kernelfaultcheck
%system root%\system32\dumpreg 0-k
startup file does not exist

I don't really understand what it is in the first place much less if it exists. (should I let spybots fix it,
which i assume means deleting the registry entry?

Also, I am trying to make the transition from a computer that loads everything but the kitchen sink at startup to
one thats loads programs if and when I actually want to use them. So if you see any glaring examples of something
conflicting with this philosophy, please say so (Note combobuttun is already earmarked for removal - what it does is
enable the physical botton on my external hard drive for a so-called one touch backup...only, i dont use the button
I use the retrospect backup software controls which gives you many more options that you make into "one click" backup
scripts)

along those lines retrospect loads at start up using 3600K. i dont know why it has to run, but it is backup software
that works so i am afraid to consider turning it off.


As you can see at the end, I use several online virus checkers as a backup to my intalled Norton
Product. Specifically: Panda, RAV, McAfee, KAV, AVG, and PC-Cillon.

I have have a reason for the AV's and will ask a question or two on them in a separate post.
   
==============================================

If you advance confidently in the direction of your dreams, endeavor to live the life that you imagined, you will meet with a success unexpected in common hours
               - Henry David Thoreau

 

Hi Hands Off,

dumprep 0 -k
dumprep 0 -u   Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out

This one is unnecessary as well:
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

Source: http://www.sysinfo.org/startuplist.php

The rest looks OK to me.

Regards,

Pieter

 

Thanks Pieter-

I will do as you suggest to get rid of dumprep 0-k, (still curious, does the name symbolize the programmers opinion of "preppie types", dum-prep, or was is a swipe at those annoying hardware sales types, dump-rep?)

I like that you included that sight where i could have looked up nerocheck had I only known. When I did a search on it, i took a wrong turn and ended up on a sort of a cd-r cult's page where they seemed to worship Nero. They assurred me that "it had to check." Cults!

Thanks Again!
- HandsOff

 

Hi HandsOff,

Glad I could help.

Since you are running XP this might interest you as well:
http://www.blackviper.com/WinXP/servicecfg.htm
in the trimming down cult, so to speak.

Regards,

Pieter