Re: HijackThisLog Analysis - Richard

Date: Saturday, 18 September, 2004 1:38 AM

Your log looks clean except for these two entries:

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Generated probably due to a system fault that may have halted your computer earlier.

O4 - HKLM\..\RunServices: [Reg Service] REGSRV32.EXE

Some program is trying to register a DLL that does not exist. This could be the result of a virus or other failed application.

Logfile of HijackThis v1.98.2
Scan saved at 18:09:17, on 17 / 09 / 2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Program Files \ BT Digital Access USB \ gsyno.exe
C: \ Program Files \ Dynamic 128k \ AODISERV.EXE
C: \ WINDOWS \ System32 \ REGSRV32.EXE
C: \ WINDOWS \ System32 \ wins.exe
C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe
C: \ WINDOWS \ System32 \ ctfmon.exe
C: \ WINDOWS \ System32 \ ZoneLabs \ isafe.exe
C: \ Program Files \ BT Digital Access USB \ vstartx.exe
C: \ Program Files \ BT Digital Access USB \ gisdnlog.exe
C: \ Program Files \ Norton AntiVirus \ navapsvc.exe
C: \ Program Files \ Norton AntiVirus \ AdvTools \ NPROTECT.EXE
C: \ WINDOWS \ system32 \ r_server.exe
C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe
C: \ Program Files \ Norton AntiVirus \ SAVScan.exe
C: \ Program Files \ Zone Labs \ ZoneAlarm \ multiscan.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ hijack this \ HijackThis.exe
C: \ Program Files \ Messenger \ msmsgs.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Start Page = website: google.co.uk /
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C: \ Program Files \ Adobe \ Acrobat 5.0 \ Reader \ ActiveX \ AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C: \ Program Files \ Norton AntiVirus \ NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C: \ WINDOWS \ System32 \ msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C: \ Program Files \ Norton AntiVirus \ NavShExt.dll
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [Advanced Tools Check] C: \ PROGRA~1 \ NORTON~1 \ AdvTools \ ADVCHK.EXE
O4 - HKLM \ .. \ Run: [GazelDisplay] "C: \ Program Files \ BT Digital Access USB \ gsyno.exe" -h
O4 - HKLM \ .. \ Run: [AO / DI Service] C: \ Program Files \ Dynamic 128k \ AODISERV.EXE
O4 - HKLM \ .. \ Run: [Reg Service] REGSRV32.EXE
O4 - HKLM \ .. \ Run: [Microsoft Windows Media Player] mediaplayer.exe
O4 - HKLM \ .. \ Run: [msconfig] wins.exe
O4 - HKLM \ .. \ Run: [Microsoft Update] wuamgrd.exe
O4 - HKLM \ .. \ Run: [Zone Labs Client] "C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe"
O4 - HKLM \ .. \ Run: [KernelFaultCheck] %systemroot% \ system32 \ dumprep 0 -k
O4 - HKLM \ .. \ RunServices: [Reg Service] REGSRV32.EXE
O4 - HKLM \ .. \ RunServices: [Microsoft Windows Media Player] mediaplayer.exe
O4 - HKLM \ .. \ RunServices: [msconfig] wins.exe
O4 - HKLM \ .. \ RunServices: [Microsoft Update] wuamgrd.exe
O4 - HKCU \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ System32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [Microsoft Windows Media Player] mediaplayer.exe
O4 - HKCU \ .. \ Run: [Microsoft Update] wuamgrd.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C: \ WINDOWS \ web \ related.htm
O9 - Extra ´Tools´ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C: \ WINDOWS \ web \ related.htm
O12 - Plugin for .spop: C: \ Program Files \ Internet Explorer \ Plugins \ NPDocBox.dll
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ {9E58FA7B-349F-4C9F-ADF4-191964EC1411}: NameServer = 194.74.65.69 194.72.9.38