Hijackthis log. please review

Discussion in 'adware, spyware & hijack cleaning' started by zdfranz, Mar 19, 2004.

Thread Status:
Not open for further replies.
  1. zdfranz

    zdfranz Registered Member

    Joined:
    Mar 19, 2004
    Posts:
    5
    Hi,

    Can someone review my log and make recomendations?

    I don't have any major problem at this time, but would like to establish a baseline and cleanup anything that's
    questionable.

    Thanks, ZDF

    Logfile of HijackThis v1.97.7
    Scan saved at 8:42:00 PM, on 3/19/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Shavlik Technologies\HFNetChkPro4\4.1.0.0\HFNetChkProService.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    C:\WINNT\Mixer.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WinZip\WINZIP32.EXE
    C:\Downloads\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37906.5506134259
    O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1C2D47BA-08C0-48CE-8296-6C11422CB265}: NameServer = 207.69.188.185 207.69.188.186
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1C2D47BA-08C0-48CE-8296-6C11422CB265}: NameServer = 207.69.188.185 207.69.188.186
     
  2. Kevin_b_er

    Kevin_b_er Registered Member

    Joined:
    Dec 1, 2002
    Posts:
    13
    not to be rude or anything, but you didn't post a log to be reviewed.

    You can download HJT from http://www.spywareinfoforum.com/~merijn/files/hijackthis.zip
     
  3. zdfranz

    zdfranz Registered Member

    Joined:
    Mar 19, 2004
    Posts:
    5
    Thanks Kevin. No offense taken. I'm new to the board.

    :oops:

    I've modified the post to include the missing log.
     
  4. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi dfranz, and welcome to Wilders.

    I am not seeing anything wrong in your log...it is clean.

    Did you have any other concerns with regards to how your computer is behaving?

    Regards,

    snap
     
  5. zdfranz

    zdfranz Registered Member

    Joined:
    Mar 19, 2004
    Posts:
    5
    Hi Snapdragin.

    Thanks for the help. My computer is running OK. I wanted to run HJT to become familiar with the process.
    How can I learn more? Are there any online overviews or tutorials that are geared to help me do the interpretation of the logs? Are there any dangers to posting logs on open forums ?

    Thanks again, ZDF
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi zdfranz,

    To learn more about HijackThis:
    http://www.merijn.org/htlogtutorial.html
    http://hjt.wizardsofwebsites.com/
    http://www.wilderssecurity.com/showthread.php?t=15983

    There is no way to uniquely identify someone by reviewing his log. Sometimes it's possible to see the organisation because of the network-name being displayed, but that's about all.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.