HijackThis Log

Thanks for the advice
I Ran Ad-aware which found 20 Objects, 10 reg Keys/1reg value/7 files/2 folders
Problems-
I found downloading had slowed to a crawl.
Norton alert tracker was going crazy every time i went on line - lots of unused port blocks, esp. from 'ed's desk'
The alert tracker is sitting quietly at the moment for the first time in months!! Hope this is enough.

Logfile of HijackThis v1.97.7
Scan saved at 00:02:27, on 15/03/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Program Files\Labtec\Wireless Mouse\MOUSE32A.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton Internet Security\ATRACK.EXE
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmNT.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Windows XP Fun Pack\Winter 2003\WinterPowerToy\WinterWalltoy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Edd\My Documents\My Downloads\hijackthis1977\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Labtec\Wireless Mouse\MOUSE32A.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Startup: Winter Fun Wallpaper Changer.lnk = ?
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmNT.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Researcher (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38058.7393518519
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B8638C2-B8D8-4657-9FFF-B659F6A7AE95}: NameServer = 212.67.96.129 212.67.120.148

 

It looks as if Adaware got it all! There is nothing obvious in your log.

 

Hi ecordle,

It looks like AdAware did the job!!!!

Your log is clean!!

Regards,
Kent

Edit: Ooops.... Dave beat me to it ......

 

Hi All

Thanks a Bunch for the welcome and the good Ad-vice!!!

You are really the Best!!
If I get any more problems, I know where to come!!

I am in your debt!!
Yours Gratefully

Ed Cordle

 

Hi, another question,

I have since found two trojans so I assume these cannot be identified in a hijack this log, the question is, what is the surest way to tell if there are any unwanted parasitic files on your computer, and is there any way to tell if a trojan or the like is being downloaded to your computer?

sorry, thats two questions, please excuse my ignorance, we all had to start learning somewhere!!

Thanks Ed

 

Hi ecordle,

To answer your first question, some trojan's can be identified in a HijackThis log. It may show up in the top part of the log where the Running Processes are listed, and it may also show up in the 04 lines in HijackThis since these are the run keys for autoloading programs.

To answer your second question, spyware removal programs like Spybot Search & Destroy, and Ad-Aware, may detect some files as trojans when you scan with them. The same goes for some antivirus programs. But just like Spybot S&D and Ad-Aware are for detecting spyware and removing them, antivirus programs are for detecting viruses, worms, etc. and not really meant for detecting and removing trojans. For those you should have a dedicated anti-trojan program.

You can check out more information on anti-trojan programs here:: http://www.wilders.org/anti_trojans.htm

You said you found two trojans. What program alerted you that you had these trojans, and do you remember what the names of the trojans were?

If you want more information on how to better secure and protect your computer from a trojan infection or other malware from being installed onto your computer. You can start a new Topic over on this forum: http://www.wilderssecurity.com/index.php?board=18

It has been a week since you posted your log. If you would like to post another here in this thread, we can check it to see if anything suspicious is running.

Regards,

snap