Hijackthis Log have I got PROBS?Yor N

  sid 21:21 25 May 2004
Locked

Appreciate any help on understanding the results of this log
Do I have problems on my pc?
Not happy with the 016 logs. Look a little dodgy t me but Im not to sure
Thanks for any response.

Logfile of HijackThis v1.97.7
Scan saved at 18:02:38, on 25/05/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MouseWarePro\MWProEng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Teknum Systems\updsvc.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by PC Advisor
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [MWProEng] C:\Program Files\MouseWarePro\MWProEng.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} -
O16 - DPF: {11111111-1111-1111-1111-111111111157} -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - click here
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - click here

  GANDALF <|:-)> 21:41 25 May 2004

The only thing that my beady eye can see is 'C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe', which is not a trojan but is often mistaken for one by many trojan progs...usually gives a false positive. Are you noticing any problems?

G

  Gaz 25 21:43 25 May 2004

This one is Downloader.Backdoor:

C:\WINNT\system32\internat.exe

  Gaz 25 21:43 25 May 2004

And this one is a spyware component:

C:\Program Files\Common Files\Teknum Systems\updsvc.exe

  Gaz 25 21:47 25 May 2004

Run both a virus scan and spyware scan with fully up-to-date definitions.

  GANDALF <|:-)> 21:50 25 May 2004

click here internat exe is for your keyboard in order to type the foreign lingo ;-)))

G

  GANDALF <|:-)> 21:52 25 May 2004

Steady Gaz 25, you'll have the computer wrecked........The Teknum Systems folder is a hidden folder that sits in Program Files\Common Files, and comes with Handybits programs like EasyCrypto and EasyCrypto for one won't function without it.
It checks for updates of the program at startup...which is why it connects to the net;-))).


G

  GANDALF <|:-)> 21:53 25 May 2004

I think that I may have mentioned this in post #1

G

  Gaz 25 22:00 25 May 2004

Yes. Internat is for keyboard, but there is also a virus using same filename.

I wasnt suggesting delete it manually, but I would suggest running a virus scan and spyware scan, if that shows up clear then thats fine.

EasyCrypto - I dont use it so I couldnt comment on it really, but I have heard of Teknum systems being spyware related.

  sid 22:38 25 May 2004

Thanks guys yes i use easy crypto n dont have a problem with it i was more concerned with the DPF files
O16 - DPF: {11111111-1111-1111-1111-111111111157} -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - click here
are they a problem or not cos Im not 2 sure any comments are well appreciated Thnx again

  sid 22:42 25 May 2004

Really meant DPF files
O16 - DPF: {10000000-1000-0000-1000-000000000000} -
O16 - DPF: {11111111-1111-1111-1111-111111111157} - Help!!!
wot are they

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Alienware 17 R4 2017 review

These brilliant Lego posters show just what children's imaginations are capable of

Mac power user tips and hidden tricks

Comment réinitialiser votre PC, ordinateur portable ou tablette Windows ?