Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my internet connection keeps changing


  • This topic is locked This topic is locked
4 replies to this topic

#1 bukem

bukem

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 14 August 2004 - 11:59 AM

Hello all

My internet connection details keep changing. My isp phone number, my password and username. This is becoming very frustrating and I don't know if it might be costing me money as I am not sure at any time which connection I am on. With some fiddling around I can ( I think ) get the isp that I want but even then if I go to my network settings whilst online the da** thing has changed back to the hijack. Can someone please help.

Here is my hijackthis log

Logfile of HijackThis v1.97.7
Scan saved at 16:35:55, on 14/08/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\lwbwheel.exe
C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\KbdAp32A.exe
C:\WINDOWS\system32\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MARTIN\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DATABA~1\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\lwbwheel.exe
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\KbdAp32A.exe
O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\explorer.exe -go -c30 -w
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9348188D-EF04-44D4-B357-16C3E41D1599}: NameServer = 194.168.4.100 194.168.8.100

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:02:44 AM

Posted 14 August 2004 - 05:39 PM

Have you disabled anything in MsConfig? If you have, I need you to re-enable everything.

What is the Hijack taking you to?

#3 bukem

bukem
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 15 August 2004 - 05:59 AM

Hi Groovicus

I haven't disabled anything on my PC, and fortunately (I think) the hijack doesn't actually take me anywhere. The ISP phone number, username and password that keep appearing result in an error message saying that either the username or password cannot be excepted and it keeps attempting to re-dial only to get the same result.
I can reset my original ISP information and get online but if I then check the connection properties they have again been hijacked.
I have run several scans so far, Panda active scan ( on-line ), Norton, Adaware ( custom mode ) and spybot. Several things have been found and deleted and after many re-boots and scans they all come up clean. But my problem is still active.
I will post my adaware and hijackthis logs so far, I hope these are of some use.

Many thanks, Bukem


Lavasoft Ad-aware Personal Build 6.181
Logfile created on :15 August 2004 11:13:00
Created with Ad-aware Personal, free for private use.
Using reference-file :01R337 11.08.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R337 11.08.2004
Internal build : 271
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\reflist.ref
Total size : 1323662 Bytes
Signature data size : 1302518 Bytes
Reference data size : 21080 Bytes
Signatures total : 28819
Target categories : 10
Target families : 530

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:51 %
Total physical memory:196080 kb
Available physical memory:98596 kb
Total page file size:533576 kb
Available on page file:389020 kb
Total virtual memory:2097024 kb
Available virtual memory:2055204 kb
OS:

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Automatically try to unregister objects prior to deletion
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result


15-08-2004 11:13:00 - Scan started. (Custom mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 15-08-2004 09:28:49
BasePriority : Normal


#:2 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 15-08-2004 09:28:55
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 15-08-2004 09:28:55
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 15/08/2004 10:13:01
Last modified : 23/08/2001 12:00:00

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 15-08-2004 09:28:55
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 15/08/2004 10:13:01
Last modified : 23/08/2001 12:00:00

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 15-08-2004 09:28:55
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 15/08/2004 10:13:01
Last modified : 23/08/2001 12:00:00

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 15-08-2004 09:28:55
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 15/08/2004 10:13:01
Last modified : 23/08/2001 12:00:00

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 15-08-2004 09:28:56
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 15/08/2004 10:13:01
Last modified : 23/08/2001 12:00:00

#:8 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 15-08-2004 09:28:56
BasePriority : Normal
FileSize : 309 KB
FileVersion : 1.03.4
ProductVersion : 1.03.4
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 12/08/2004 18:51:48
Last accessed : 15/08/2004 10:13:01
Last modified : 17/07/2003 10:16:38

#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 15-08-2004 09:28:56
BasePriority : Normal
FileSize : 977 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 15/08/2004 09:40:36
Last modified : 23/08/2001 12:00:00

#:10 [nisum.exe]
FilePath : C:\Program Files\Norton Personal Firewall\
ThreadCreationTime : 15-08-2004 09:28:56
BasePriority : Normal
FileSize : 137 KB
FileVersion : 6.02.2003
ProductVersion : 6.02.2003
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security NISUM
InternalName : NISUM
OriginalFilename : NISUM.exe
ProductName : Norton Internet Security
Created on : 15/08/2004 09:24:27
Last accessed : 15/08/2004 09:28:56
Last modified : 03/03/2003 12:06:36

#:11 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 15-08-2004 09:28:57
BasePriority : Normal
FileSize : 53 KB
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 13/08/2004 19:34:55
Last accessed : 15/08/2004 09:28:49
Last modified : 02/12/2003 15:11:04

#:12 [lwbwheel.exe]
FilePath : C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\
ThreadCreationTime : 15-08-2004 09:28:57
BasePriority : Normal
FileSize : 419 KB
FileVersion : 9.0.2.0
ProductVersion : 9.0.0.0
Copyright : Copyright 2000 By LEE,WEI-BIN.
FileDescription : Mouse Control Application
Created on : 12/08/2004 17:51:30
Last accessed : 15/08/2004 09:28:49
Last modified : 20/04/2001 11:42:18

#:13 [kbdap32a.exe]
FilePath : C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\
ThreadCreationTime : 15-08-2004 09:28:57
BasePriority : Normal
FileSize : 362 KB
FileVersion : 2.6.1.0
ProductVersion : 1.0.0.0
Copyright : Copyright 2001 by LEE,WEI-BIN.
FileDescription : Multi-Media Keyboard Application
Created on : 12/08/2004 17:52:03
Last accessed : 15/08/2004 09:28:49
Last modified : 01/03/2002 15:38:08

#:14 [explorer.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 15-08-2004 09:28:57
BasePriority : Normal
FileSize : 36 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
FileDescription : explorer
InternalName : explorer
OriginalFilename : explorer.exe
ProductName : explorer
Created on : 13/08/2004 20:01:16
Last accessed : 15/08/2004 09:28:49
Last modified : 10/08/2004 11:31:52

#:15 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 15-08-2004 09:28:57
BasePriority : Normal
FileSize : 1052 KB
FileVersion : 4.0.0155
ProductVersion : Version 4.0
Copyright : Copyright © Microsoft Corporation 1997-2001
CompanyName : Microsoft Corporation
FileDescription : Messenger Client
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 11/08/2004 10:51:44
Last accessed : 15/08/2004 09:28:49
Last modified : 02/08/2001 06:14:34

#:16 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 15-08-2004 09:28:57
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 23/08/2001 12:00:00
Last accessed : 15/08/2004 09:28:49
Last modified : 23/08/2001 12:00:00

#:17 [ccpxysvc.exe]
FilePath : C:\Program Files\Norton Personal Firewall\
ThreadCreationTime : 15-08-2004 09:28:59
BasePriority : Normal
FileSize : 33 KB
FileVersion : 6.02.2003
ProductVersion : 6.02.2003
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security Proxy Service
InternalName : ccPxySvc
OriginalFilename : ccPxySvc.exe
ProductName : Norton Internet Security
Created on : 15/08/2004 09:24:26
Last accessed : 15/08/2004 09:55:09
Last modified : 03/03/2003 12:05:18

#:18 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ThreadCreationTime : 15-08-2004 09:28:59
BasePriority : Normal
FileSize : 264 KB
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
Copyright : Copyright © Microsoft Corp. 1997-2000
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
OriginalFilename : mdm.exe
ProductName : Microsoft Development Environment
Created on : 23/02/2001 09:07:30
Last accessed : 15/08/2004 10:13:01
Last modified : 23/02/2001 09:07:30

#:19 [navapsvc.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton AntiVirus\
ThreadCreationTime : 15-08-2004 09:28:59
BasePriority : Normal
FileSize : 113 KB
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 19/08/2002 21:35:38
Last accessed : 15/08/2004 10:13:01
Last modified : 14/11/2002 18:41:26

#:20 [nprotect.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton Utilities\
ThreadCreationTime : 15-08-2004 09:28:59
BasePriority : Normal
FileSize : 132 KB
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
Copyright : Copyright © 2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
OriginalFilename : NPROTECT.EXE
ProductName : Norton Utilities
Created on : 12/08/2004 12:49:18
Last accessed : 15/08/2004 10:13:01
Last modified : 14/08/2002 05:03:00

#:21 [nopdb.exe]
FilePath : C:\PROGRA~1\NORTON~2\SPEEDD~1\
ThreadCreationTime : 15-08-2004 09:29:00
BasePriority : Normal
FileSize : 168 KB
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
Copyright : Copyright © 2002
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
OriginalFilename : NOPDB.dll
ProductName : Norton Speed Disk
Created on : 12/08/2004 12:50:18
Last accessed : 15/08/2004 10:13:01
Last modified : 14/08/2002 05:00:00

#:22 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 15-08-2004 10:00:34
BasePriority : Normal
FileSize : 109 KB
FileVersion : 5.4.2600.0 (XPClient.010817-1148)
ProductVersion : 5.4.2600.0
CompanyName : Microsoft Corporation
FileDescription : Windows Update AutoUpdate Client
InternalName : wuauclt.exe
OriginalFilename : wuauclt.exe
ProductName : Microsoft
Created on : 11/08/2004 10:51:22
Last accessed : 15/08/2004 09:43:45
Last modified : 23/08/2001 12:00:00

#:23 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 15-08-2004 10:08:29
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 11/08/2004 10:52:53
Last accessed : 15/08/2004 10:08:31
Last modified : 23/08/2001 12:00:00

#:24 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 15-08-2004 10:12:53
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 12/08/2004 14:12:08
Last accessed : 15/08/2004 10:07:26
Last modified : 12/07/2003 20:00:20

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Disk scan result for C:\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Hosts file scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
1 entries scanned.
New objects :0
Objects found so far: 0



11:19:39 Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:06:38:140
Objects scanned :116408
Objects identified :0
Objects ignored :0
New objects :0




Logfile of HijackThis v1.97.7
Scan saved at 11:34:33, on 15/08/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\lwbwheel.exe
C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\KbdAp32A.exe
C:\WINDOWS\system32\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\MARTIN\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DATABA~1\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\lwbwheel.exe
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\KbdAp32A.exe
O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\explorer.exe -go -c30 -w
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9348188D-EF04-44D4-B357-16C3E41D1599}: NameServer = 194.168.4.100 194.168.8.100

#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:02:44 AM

Posted 15 August 2004 - 09:36 AM

I'm not really seeing anything in your log that would indicate a dialer of any knd. Did you recently change ISP's? It sounds more like something in your dial-up configuration is screwy than a malware issue.

Could I have you upgrade your version of HJT to 1.98.2? It might show me more:
http://www.downloads.subratam.org/hijackthis.zip

#5 bukem

bukem
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 15 August 2004 - 10:15 AM

Groovicus,

I have been searching other forums for advice and funnily enough I found one with some sticky's written by you ( i think ). Taking this advice I opened all my hidden files, booted in safe mode and ran adaware ( this is not exactly your advice but a combination of some). One more infection was found. It's details said it was a tracking cookie but after the delition my problem so far seems to have gone. It has only been a few hours but my hopes are high and my fingers crossed.
Thanks for your input and with all respect I hope I never have to converse with you in these forums again :thumbsup:
All the best

bukem




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users