Sign in with
Sign up | Sign in
Your question

Hijackthis log

Last response: in Windows XP
Share
Anonymous
June 12, 2005 9:08:31 PM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

I have been having problems with remnants of adware/malware and would like a knowledgeable person to look at this log file and tell me about anything suspicious. Particularly, a startup file called ncnk.exe has been blocked from loading but can't find it by any of the searches.

More about : hijackthis log

Anonymous
June 12, 2005 9:08:32 PM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Parasite Fighting Recipes
http://forum.aumha.org/viewforum.php?f=43

Register AumHa Forums
http://forum.aumha.org/profile.php?mode=register&sid=a9...

DETAILS ABOUT YOUR COMPUTER
http://aumha.org/mydetail.htm

Parasites - Adware, Spyware & Other Scumware
http://forum.aumha.org/viewforum.php?f=28

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:j_Zqe.72$on5.19@newssvr19.news.prodigy.com,
Fox Hunter <donlitt@sbcnonglobal.net> hunted and pecked:
> I have been having problems with remnants of adware/malware and would
> like a knowledgeable person to look at this log file and tell me about
> anything suspicious. Particularly, a startup file called ncnk.exe has
> been blocked from loading but can't find it by any of the searches.
Anonymous
June 12, 2005 9:08:32 PM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Bonjour *Fox Hunter* :

> I have been having problems with remnants of adware/malware and would like a knowledgeable person to look at this log file and tell me about anything suspicious. Particularly, a startup file called ncnk.exe has been blocked from loading but can't find it by any of the searches.

I'm here.
Post your log here and I give you the result of my analysis as soon as
possible.

:) 
--
Claude LaFrenière [MVP] :-)

«My Principal Design Was To Inform, Not To Amuse Thee.»
Lemuel Gulliver, The Travels (IV:12)
http://climenole.serendipia.net
Soon on www.msmvps.com
Bientôt sur www.msmvps.com
Related resources
Anonymous
June 12, 2005 9:08:32 PM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Bonjour *Fox Hunter* :

> I have been having problems with remnants of adware/malware and would like a knowledgeable person to look at this log file and tell me about anything suspicious. Particularly, a startup file called ncnk.exe has been blocked from loading but can't find it by any of the searches.

I found 2 suspect only ... but not a complete malware collection :) 
Sounds good !

Look points # 3,4,8 ... the others are not importants for now.

1)
Platform: Windows XP SP1 (WinNT 5.01.2600)
Needs to upgrade to the Service Pack 2...


2)
NVidia Helper: related to NVidia Helper service.
Useless most of the time.Put this service in manual.
C:\WINDOWS\System32\nvsvc32.exe

3) *******************
??? What's this ? Suspect...
C:\Program Files\ShopSafe\ShopSafe.exe

4) *******************
??? What's this ? Suspect ...
C:\WINDOWS\System32\vavknn.exe

5)
??? Usefull or not( probably no...)
C:\WINDOWS\System32\rundll32.exe
related to :o 4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup

6)
pop-up stopper : useless with SP2 and any other Web Browser such as
Firefox or Opera...
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

7)
Did you need to run this every days ?
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common
Files\Sonic\Update Manager\sgtray.exe" /r

8) ***************
The 2 suspects ...*****
O4 - HKLM\..\Run: [ShopSafe] C:\Program Files\ShopSafe\ShopSafe.exe
/dontopenmycards
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\vavknn.exe reg_run

9)
Intel Graphic Helper : possibly useless (not a malware however.)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

Use CodeStuff Starter (easier than msconfig) and *disable* :
C:\Program Files\ShopSafe\ShopSafe.exe /dontopenmycards
and
C:\WINDOWS\System32\vavknn.exe reg_run

Reboot and check if somethings is changed (good or bad) in your system...

Let us know.

:) 


--
Claude LaFrenière [MVP] :-)

«My Principal Design Was To Inform, Not To Amuse Thee.»
Lemuel Gulliver, The Travels (IV:12)
http://climenole.serendipia.net
Soon on www.msmvps.com
Bientôt sur www.msmvps.com
Anonymous
June 12, 2005 9:08:33 PM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Disable the NVIDIA Display Driver Service...
Start | Run | Type: services,msc | OK |
Scroll down to and double click: NVIDIA Display Driver Service |
Under Startup type set to Disabled | Apply | Click the Stop button |
When it stops click OK | You may have to reboot
----

NvMediaCenter
[[RunDLL32.exe NvMCTray.dll, NvTaskbarInit System Tray icon used to manage
settings for nVidia based graphics cards. May be required for some 3D
applications to recognize your card correctly - such as the game
"Everquest". Otherwise, settings can be changed manually via Display
Properties]]

Nview.dll = NVIDIA nView Desktop and Window Manager

Name NVIEW
Command rundll32.exe nview.dll, nViewLoadHook
Description This is a DLL to enable multiple display monitors on a single
computer. It can be a cause of numerous problems on some computers
---

NvCplDaemon
System Tray icon used to change display settings, change the clock rate and
memory speed for nVidia based graphics cards. This is unnecessary since you
can easily configure these settings the way you want them in the Display
Properties and not have to mess with them again. Also disable the "NVIDIA
Driver Helper Service" if enabled as it can cause this entry to be
re-enabled on re-boot (note that this service can also cause extreme
shutdown delays if enabled - see
http://www.blackviper.com/WinXP/strangeservice.htm
----

nwiz.exe = NVIDIA nView Wizard
[[Application enables user to having 32 virtual desktops, get a desktop
larger than the viewable area of the monitor, being able to divide the
display across more than one monitor, managing applications and many more
functionality.]]
----

Manually delete these three entries:
NvCplDaemon, NvMediaCenter and nwiz.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon
REG_SZ
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvMediaCenter
REG_SZ
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
nwiz
REG_SZ
nwiz.exe /install

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:1j17lcnnx6vfq$.ujm449vfrfkv.dlg@40tude.net,
Claude LaFrenière <No_InterNUT@AntiPebkac.org> hunted and pecked:
> Bonjour *Fox Hunter* :
>
>> I have been having problems with remnants of adware/malware and would
>> like a knowledgeable person to look at this log file and tell me about
>> anything suspicious. Particularly, a startup file called ncnk.exe has
>> been blocked from loading but can't find it by any of the searches.
>
> I found 2 suspect only ... but not a complete malware collection :) 
> Sounds good !
>
> Look points # 3,4,8 ... the others are not importants for now.
>
> 1)
> Platform: Windows XP SP1 (WinNT 5.01.2600)
> Needs to upgrade to the Service Pack 2...
>
>
> 2)
> NVidia Helper: related to NVidia Helper service.
> Useless most of the time.Put this service in manual.
> C:\WINDOWS\System32\nvsvc32.exe
>
> 3) *******************
> ??? What's this ? Suspect...
> C:\Program Files\ShopSafe\ShopSafe.exe
>
> 4) *******************
> ??? What's this ? Suspect ...
> C:\WINDOWS\System32\vavknn.exe
>
> 5)
> ??? Usefull or not( probably no...)
> C:\WINDOWS\System32\rundll32.exe
> related to :o 4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> C:\WINDOWS\System32\NvCpl.dll,NvStartup
>
> 6)
> pop-up stopper : useless with SP2 and any other Web Browser such as
> Firefox or Opera...
> C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
>
> 7)
> Did you need to run this every days ?
> O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common
> Files\Sonic\Update Manager\sgtray.exe" /r
>
> 8) ***************
> The 2 suspects ...*****
> O4 - HKLM\..\Run: [ShopSafe] C:\Program Files\ShopSafe\ShopSafe.exe
> /dontopenmycards
> O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\vavknn.exe reg_run
>
> 9)
> Intel Graphic Helper : possibly useless (not a malware however.)
> O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
>
> Use CodeStuff Starter (easier than msconfig) and *disable* :
> C:\Program Files\ShopSafe\ShopSafe.exe /dontopenmycards
> and
> C:\WINDOWS\System32\vavknn.exe reg_run
>
> Reboot and check if somethings is changed (good or bad) in your system...
>
> Let us know.
>
> :) 
>
>
> --
> Claude LaFrenière [MVP] :-)
>
> «My Principal Design Was To Inform, Not To Amuse Thee.»
> Lemuel Gulliver, The Travels (IV:12)
> http://climenole.serendipia.net
> Soon on www.msmvps.com
> Bientôt sur www.msmvps.com
Anonymous
June 12, 2005 9:11:10 PM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Sorry, forgot to add the log.

Logfile of HijackThis v1.99.1
Scan saved at 11:23:24 AM, on 6/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ShopSafe\ShopSafe.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\vavknn.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\MailWasher Pro\MailWasher.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ShopSafe] C:\Program Files\ShopSafe\ShopSafe.exe /dontopenmycards
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\vavknn.exe reg_run
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: MailWasherPro.lnk = C:\Program Files\MailWasher Pro\MailWasher.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://c.ancestry.com/cab/ImageViewer/MFImgVwr.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://images.myfamily.net/isfiles/downloads/MrSIDI.cab
O16 - DPF: {AFDD01B0-7ABB-11D9-9669-0800200C9A66} (MFInstall Class) - http://c.ancestry.com/MFInstall/MFInstall.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




"Fox Hunter" <donlitt@sbcnonglobal.net> wrote in message
news:j_Zqe.72$on5.19@newssvr19.news.prodigy.com
> I have been having problems with remnants of adware/malware and would like
> a knowledgeable person to look at this log file and tell me about anything
> suspicious. Particularly, a startup file called ncnk.exe has been blocked
> from loading but can't find it by any of the searches.
Anonymous
June 13, 2005 12:11:10 AM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Claude,
ShopSafe is a legimate program from MBNA America to allow use of one-time credit card numbers for security purposes. What about the item ncnk.exe that can't be found in the files and tries to load itself?


"Claude LaFrenière" <No_InterNUT@AntiPebkac.org> wrote in message
news:1j17lcnnx6vfq$.ujm449vfrfkv.dlg@40tude.net
> Bonjour *Fox Hunter* :
>
>> I have been having problems with remnants of adware/malware and would like
>> a knowledgeable person to look at this log file and tell me about anything
>> suspicious. Particularly, a startup file called ncnk.exe has been blocked
>> from loading but can't find it by any of the searches.
>
> I found 2 suspect only ... but not a complete malware collection :) 
> Sounds good !
>
> Look points # 3,4,8 ... the others are not importants for now.
>
> 1)
> Platform: Windows XP SP1 (WinNT 5.01.2600)
> Needs to upgrade to the Service Pack 2...
>
>
> 2)
> NVidia Helper: related to NVidia Helper service.
> Useless most of the time.Put this service in manual.
> C:\WINDOWS\System32\nvsvc32.exe
>
> 3) *******************
> ??? What's this ? Suspect...
> C:\Program Files\ShopSafe\ShopSafe.exe
>
> 4) *******************
> ??? What's this ? Suspect ...
> C:\WINDOWS\System32\vavknn.exe
>
> 5)
> ??? Usefull or not( probably no...)
> C:\WINDOWS\System32\rundll32.exe
> related to :o 4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> C:\WINDOWS\System32\NvCpl.dll,NvStartup
>
> 6)
> pop-up stopper : useless with SP2 and any other Web Browser such as
> Firefox or Opera...
> C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
>
> 7)
> Did you need to run this every days ?
> O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common
> Files\Sonic\Update Manager\sgtray.exe" /r
>
> 8) ***************
> The 2 suspects ...*****
> O4 - HKLM\..\Run: [ShopSafe] C:\Program Files\ShopSafe\ShopSafe.exe
> /dontopenmycards
> O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\vavknn.exe reg_run
>
> 9)
> Intel Graphic Helper : possibly useless (not a malware however.)
> O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
>
> Use CodeStuff Starter (easier than msconfig) and *disable* :
> C:\Program Files\ShopSafe\ShopSafe.exe /dontopenmycards
> and
> C:\WINDOWS\System32\vavknn.exe reg_run
>
> Reboot and check if somethings is changed (good or bad) in your system...
>
> Let us know.
>
> :) 
>
>
> --
> Claude LaFrenière [MVP] :-)
>
> «My Principal Design Was To Inform, Not To Amuse Thee.»
> Lemuel Gulliver, The Travels (IV:12)
> http://climenole.serendipia.net
> Soon on www.msmvps.com
> Bientôt sur www.msmvps.com
Anonymous
June 13, 2005 12:11:11 AM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

HI *Fox Hunter* :

> Claude,
> ShopSafe is a legimate program from MBNA America to allow use of one-time credit card numbers for security purposes.
> What about the item ncnk.exe that can't be found in the files and tries to load itself?

I found almost nothings about "ncnk.exe" !
I checked again your HJT log and it's not there
And almost nothings with Google...

Very strange...

Some malwares generates random names the stay hidden from the users...

1- Kill that process
2- Update your anti-virus and your antispywares and runned them in safe mode.
3- Some tools and links:

A) "Mini- antivirus" to be runned in safe mode:

Stinger :
http://vil.nai.com/vil/stinger/

Avast cleaner :
http://www.avast.com/eng/avast_cleaner.html

MS:
http://www.microsoft.com/downloads/details.aspx?FamilyI...

Kaspersky:
ftp://ftp.kaspersky.ru/utils/clrav.com

Anti Root-Kits
F-Secure (beta)
http://www.f-secure.com/blacklight/

B) Online scan:

Anti-trojan:
http://www.windowsecurity.com/trojanscan/

Anti-spy:
http://www.spywareguide.com/txt_onlinescan.html
http://store.ca.com/dr/v2/ec_main.entry25?page=FindOutW...

Anti-virus:
www.trendmicro.com

Let us know.

:) 

--
Claude LaFrenière [MVP] :-)

«My Principal Design Was To Inform, Not To Amuse Thee.»
Lemuel Gulliver, The Travels (IV:12)
http://climenole.serendipia.net
Soon on www.msmvps.com
Bientôt sur www.msmvps.com
Anonymous
June 13, 2005 1:42:16 AM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

I, too, say very strange. You probably found the same reference I saw in Google. Have used the scanners I have, Ad-aware, Spybot, MS Anti-Spyware, in safe mode and they found nothing, so far. Will keep trying and let the group know what found it.

"Claude LaFrenière" <No_InterNUT@AntiPebkac.org> wrote in message
news:1g68kdg1f5lso.109r2e7mo8wfz.dlg@40tude.net
> HI *Fox Hunter* :
>
>> Claude,
>> ShopSafe is a legimate program from MBNA America to allow use of one-time
>> credit card numbers for security purposes. What about the item ncnk.exe
>> that can't be found in the files and tries to load itself?
>
> I found almost nothings about "ncnk.exe" !
> I checked again your HJT log and it's not there
> And almost nothings with Google...
>
> Very strange...
>
> Some malwares generates random names the stay hidden from the users...
>
> 1- Kill that process
> 2- Update your anti-virus and your antispywares and runned them in safe
> mode. 3- Some tools and links:
>
> A) "Mini- antivirus" to be runned in safe mode:
>
> Stinger :
> http://vil.nai.com/vil/stinger/
>
> Avast cleaner :
> http://www.avast.com/eng/avast_cleaner.html
>
> MS:
> http://www.microsoft.com/downloads/details.aspx?FamilyI...
>
> Kaspersky:
> ftp://ftp.kaspersky.ru/utils/clrav.com
>
> Anti Root-Kits
> F-Secure (beta)
> http://www.f-secure.com/blacklight/
>
> B) Online scan:
>
> Anti-trojan:
> http://www.windowsecurity.com/trojanscan/
>
> Anti-spy:
> http://www.spywareguide.com/txt_onlinescan.html
> http://store.ca.com/dr/v2/ec_main.entry25?page=FindOutW...
>
> Anti-virus:
> www.trendmicro.com
>
> Let us know.
>
> :) 
>
> --
> Claude LaFrenière [MVP] :-)
>
> «My Principal Design Was To Inform, Not To Amuse Thee.»
> Lemuel Gulliver, The Travels (IV:12)
> http://climenole.serendipia.net
> Soon on www.msmvps.com
> Bientôt sur www.msmvps.com
June 20, 2005 1:24:23 AM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Dump Norton, It ain't working for you !
You have a couple of bad bugs in the log.
!