HijackThis Log

Discussion in 'adware, spyware & hijack cleaning' started by ecordle, Mar 15, 2004.

Thread Status:
Not open for further replies.
  1. ecordle

    ecordle Registered Member

    Joined:
    Mar 12, 2004
    Posts:
    21
    Location:
    Scarva
    Thanks for the advice
    I Ran Ad-aware which found 20 Objects, 10 reg Keys/1reg value/7 files/2 folders
    Problems-
    I found downloading had slowed to a crawl.
    Norton alert tracker was going crazy every time i went on line - lots of unused port blocks, esp. from 'ed's desk'
    The alert tracker is sitting quietly at the moment for the first time in months!! Hope this is enough.

    Logfile of HijackThis v1.97.7
    Scan saved at 00:02:27, on 15/03/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Norton Internet Security\SymProxySvc.exe
    C:\Program Files\Norton Internet Security\NISSERV.EXE
    C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
    C:\WINDOWS\System32\wfxsnt40.exe
    C:\Program Files\Labtec\Wireless Mouse\MOUSE32A.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Norton Internet Security\IAMAPP.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Norton Internet Security\ATRACK.EXE
    C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmNT.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Windows XP Fun Pack\Winter 2003\WinterPowerToy\WinterWalltoy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Edd\My Documents\My Downloads\hijackthis1977\HijackThis.exe

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Labtec\Wireless Mouse\MOUSE32A.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - Startup: Winter Fun Wallpaper Changer.lnk = ?
    O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmNT.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Researcher (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38058.7393518519
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0B8638C2-B8D8-4657-9FFF-B659F6A7AE95}: NameServer = 212.67.96.129 212.67.120.148
     
  2. dave38

    dave38 Spyware Expert

    Joined:
    Feb 26, 2004
    Posts:
    377
    It looks as if Adaware got it all! There is nothing obvious in your log.
     
  3. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi ecordle,

    It looks like AdAware did the job!!!!

    Your log is clean!!

    Regards,
    Kent

    Edit: Ooops.... Dave beat me to it ;) ......
     
  4. ecordle

    ecordle Registered Member

    Joined:
    Mar 12, 2004
    Posts:
    21
    Location:
    Scarva
    Hi All

    Thanks a Bunch for the welcome and the good Ad-vice!!!

    You are really the Best!!
    If I get any more problems, I know where to come!!

    I am in your debt!!
    Yours Gratefully

    Ed Cordle
     
  5. ecordle

    ecordle Registered Member

    Joined:
    Mar 12, 2004
    Posts:
    21
    Location:
    Scarva
    Hi, another question,

    I have since found two trojans so I assume these cannot be identified in a hijack this log, the question is, what is the surest way to tell if there are any unwanted parasitic files on your computer, and is there any way to tell if a trojan or the like is being downloaded to your computer?

    sorry, thats two questions, please excuse my ignorance, :p we all had to start learning somewhere!! ;)

    Thanks Ed
     
  6. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi ecordle,

    To answer your first question, some trojan's can be identified in a HijackThis log. It may show up in the top part of the log where the Running Processes are listed, and it may also show up in the 04 lines in HijackThis since these are the run keys for autoloading programs.

    To answer your second question, spyware removal programs like Spybot Search & Destroy, and Ad-Aware, may detect some files as trojans when you scan with them. The same goes for some antivirus programs. But just like Spybot S&D and Ad-Aware are for detecting spyware and removing them, antivirus programs are for detecting viruses, worms, etc. and not really meant for detecting and removing trojans. For those you should have a dedicated anti-trojan program.

    You can check out more information on anti-trojan programs here:: http://www.wilders.org/anti_trojans.htm

    You said you found two trojans. What program alerted you that you had these trojans, and do you remember what the names of the trojans were?

    If you want more information on how to better secure and protect your computer from a trojan infection or other malware from being installed onto your computer. You can start a new Topic over on this forum: http://www.wilderssecurity.com/index.php?board=18

    It has been a week since you posted your log. If you would like to post another here in this thread, we can check it to see if anything suspicious is running.

    Regards,

    snap
     
Thread Status:
Not open for further replies.