First log

Discussion in 'adware, spyware & hijack cleaning' started by bafoon, May 24, 2004.

Thread Status:
Not open for further replies.
  1. bafoon

    bafoon Registered Member

    Joined:
    May 20, 2004
    Posts:
    3
    Hi , could you please have a quick look at this log and see if there are any problems.
    Thankyou for your valuable time. :)

    Logfile of HijackThis v1.97.7
    Scan saved at 11:08:00 AM, on 21/05/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Stardock\TrayServer.exe
    C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\mdm.exe
    C:\WINDOWS\System32\taskswitch.exe
    C:\WINDOWS\System32\fast.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
    C:\WINDOWS\System32\ImapiRox.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Customizer XP\RAMIdle.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\PROGRA~1\Norton SystemWorks\Speed Disk\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\tlntsvr.exe
    C:\WINDOWS\System32\Fast.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\knlwrap.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\iKernel.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\hijackthis1977\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\F Drives Backup\WINDOWS\SYSTEM\OOBE\BLANK.HTM
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
    O2 - BHO: (no name) - {0431B7A9-DB0C-42C0-AAFF-5F5E39629F46} - C:\WINDOWS\system32\vfikkhbo.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\Stardock\TrayServer.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\Norton AntiVirus\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - HKCU\..\Run: [Tweak-XP] C:\WINDOWS\Install Folder\Tweak-xp.exe -ex
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: RAMIdle.lnk = C:\Program Files\Customizer XP\RAMIdle.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: ICQ (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: ICQ Lite (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
    O9 - Extra button: Telstra Usage Meter (HKLM)
    O9 - Extra 'Tools' menuitem: Telstra Usage Meter (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O15 - Trusted Zone: http://ninemsn.com.au
    O15 - Trusted Zone: http://www.commbank.com.au
    O15 - Trusted Zone: http://www.comsec.com.au
    O15 - Trusted Zone: http://www.geocities.com
    O15 - Trusted Zone: http://www.kristinasworld.com
    O15 - Trusted Zone: http://www.lavasoftsupport.com
    O15 - Trusted Zone: http://www.msn.com
    O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2837b1976976f86cc006/netzip/RdxIE601.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37896.1791319444
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
    Last edited: May 24, 2004
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi bafoon,

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    O2 - BHO: (no name) - {0431B7A9-DB0C-42C0-AAFF-5F5E39629F46} - C:\WINDOWS\system32\vfikkhbo.dll

    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)

    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2837b1976976f86cc006/netzip/RdxIE601.cab

    Then reboot and get Windows and IE updated as soon as possible.

    Regards,

    Pieter
     
  3. bafoon

    bafoon Registered Member

    Joined:
    May 20, 2004
    Posts:
    3
    Thanks so much Pieter!
    I forgot to mention the main annoyance though. Immediately after I rebooted after installing SpyGuard last week, Windows Installer tried to install Easy CD Creator 5 Platinum. Now, everytime I start up the same thing happens, o_O

    Do you have any ideas as to what is happening to cause this?

    Thanks again.
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Not really. I have seen it lots of time with Office products but never for Easy CD Creator.

    Have you tried reinstalling the program?

    It wouldn't hurt to update Windows and IE either.

    Regards,

    Pieter
     
  5. bafoon

    bafoon Registered Member

    Joined:
    May 20, 2004
    Posts:
    3
    Thanks again, Pieter.
    I have updated WinXP with SP1 and also IE6 with the cumulative update. I'll try reinstalling EasyCDCreator and see if that fixes the problem.... Thankyou. :)

    Bafoon
     
Thread Status:
Not open for further replies.