CastleCops® Roland's fastwebfinder

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Forum FAQ

Usergroups

Profile

Select FavForums

Roland's fastwebfinder

All -> FavForums -> Trend Micro HijackThis Logs

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

Metallica

Site Moderator
Premium Member

Joined: Dec 11, 2002
Posts: 4909
Location: Netherlands

Posted: Tue Dec 23, 2003 3:04 pm Post subject: Roland's fastwebfinder

Hi Roland, Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked: O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4\NHelper.dll O4 - HKLM\..\Run: [winactive] C:\Program Files\Window Active\winactive.exe O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.lyricsdomain.com/download.mp3.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/11931e5d8dee60142605/netzip/RdxIE601_fr.cab Then reboot and delete: C:\Program Files\NavExcel <= entire folder C:\Program Files\Window Active <= entire folder Do you know what these are? O4 - HKLM\..\Run: [vsc32cnf.exe] d:\bb\vsc\vsc32cnf.exe O4 - HKLM\..\Run: [vscvol.exe] d:\bb\vsc\vscvol.exe The only thing I could find was in Japanese. Regards, Pieter _________________ MS-MVP Consumer Security

rolandt

Guest
IP: 64.254.*.*

Posted: Sat Dec 27, 2003 1:52 am Post subject:

wrote:

Hi Roland,

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4\NHelper.dll

O4 - HKLM\..\Run: [winactive] C:\Program Files\Window Active\winactive.exe

O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.lyricsdomain.com/download.mp3.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/11931e5d8dee60142605/netzip/RdxIE601_fr.cab

Then reboot and delete:
C:\Program Files\NavExcel <= entire folder
C:\Program Files\Window Active <= entire folder

Do you know what these are?

O4 - HKLM\..\Run: [vsc32cnf.exe] d:\bb\vsc\vsc32cnf.exe
O4 - HKLM\..\Run: [vscvol.exe] d:\bb\vsc\vscvol.exe

The only thing I could find was in Japanese.
Jedi Brawl

Regards,

Pieter

Hi Pieter

1. I did what you suggested and no trace of Fastwebfinder. So far so good! Thanks a lot for your help.

2. But I didn't fix
O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4\NHelper.dll
I think 'Nav' stands for 'Norton Anti Virus'. Am I right?

3. As for your question about 'vsc32cnf.exe', it stands for 'Virtual Sound Canvas', a Midi instrumental bank made by Roland in Japan, hence the Japanese text you found.

4. To the Moderator:
May I ask you to take out my internet address from the site? I didn't know it would be put there for any spammer to use it. Please just stick with rolandt.
Thank you very much for your good work.

RolandT

Metallica

Site Moderator
Premium Member

Joined: Dec 11, 2002
Posts: 4909
Location: Netherlands

Posted: Sat Dec 27, 2003 12:23 pm Post subject:

1. You�re welcome. 2. That is what they would like you to think: http://www.doxdesk.com/parasite/NavExcel.html 3. Thanks for letting us know 4. I don't know how. I tried and it just stayed the way it was. I'll ask one of the more experienced Mods on this board. Regards, Pieter _________________ MS-MVP Consumer Security

phoenix22

Welcome back our old Site Admin
Premium Member

Joined: Mar 08, 2002
Posts: 4661
Location: APO SF96383

Posted: Sat Dec 27, 2003 3:22 pm Post subject: Tue Dec 23, 2003 9:46 am Post subject: fastwebfinder

His Original Log: Hello You seem to help many persons that have problems with Fastwebfinder. After reading all the postings about that obnoxious Fastwebfinder, I ran Hijack this and had it suppress: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fastwebfinder.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.fastwebfinder.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fastwebfinder.com/sp.php No success. I tried the shredder you advised, that suppressed one more entry. But No more success. Here is my log. Could you please tell me what to do?: Logfile of HijackThis v1.97.6 Scan saved at 08:31:08, on 2003-12-23 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe D:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\CTHELPER.EXE D:\PROGRA~3\NORTON~1\navapw32.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\System32\ctfmon.exe D:\RemoteControl\RcMan.exe D:\GO\CTCMSGo.exe D:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe Reader\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4\NHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~3\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [winactive] C:\Program Files\Window Active\winactive.exe O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe O4 - HKLM\..\Run: [vsc32cnf.exe] d:\bb\vsc\vsc32cnf.exe O4 - HKLM\..\Run: [vscvol.exe] d:\bb\vsc\vscvol.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [RemoteCenter] D:\RemoteControl\RcMan.exe O4 - HKCU\..\Run: [Creative MediaSource Go] D:\GO\CTCMSGo.exe /SCB O4 - Global Startup: Microsoft Office.lnk = D:\Office\OSA9.EXE O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Download All by FlashGet - D:\FlashGet\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - D:\FlashGet\FlashGet\jc_link.htm O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .mid%20: C:\Program Files\Internet Explorer\PLUGINS\npvmidi.dll O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.lyricsdomain.com/download.mp3.exe O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1069326034099 O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/11931e5d8dee60142605/netzip/RdxIE601_fr.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37897.7205902778 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Thank you for any advice, from Montreal, Canada. Roland _________________ 101st Abn Div. (AirAssault) "Rendezvous With Destiny!" "Night Stalkers/Phoenix Flight" For Buddy...who lived it! Whiskey for my men and beer for my horses! H.A.L.O!, 5th Grp., MACV-SOG, 160th AVN Grp., VFW

	All -> FavForums -> Trend Micro HijackThis Logs	All times are GMT
Page 1 of 1

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 141ppm 0.324s (0.047s) Making cybercriminals unhappy since 2002*