have i been hijacked?

  mercedesjb 00:20 11 Mar 2005

i seem to have alsorts of strange things happenning

every time i boot up i get the \norton alert box, also i cannot get onto certain sites. Can you look at a 'Hijack this' log for me?

part 1

Logfile of HijackThis v1.98.0
Scan saved at 00:09:49, on 11/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe
C:\Program Files\Serif\GraphicsPlus\GpStart.exe
C:\Program Files\GuruNet\GuruNet.exe
C:\Program Files\E-Color\True Internet Color\TICIcon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\john blackwood\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6

  mercedesjb 00:24 11 Mar 2005

O2 - BHO: Atomica BHO - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - C:\Program Files\Common Files\Atomica Shared\agtbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DAT

  Ironman556 01:38 11 Mar 2005
  The Sack 01:57 11 Mar 2005

Dump Norton for a start its crap

  Ironman556 01:58 11 Mar 2005

All looks ok, cult3d activex I've not seen before but it looks like that's a browser add-on you've downloaded.

What does the alert box say?

Wich sites can't you get onto?

If you're worried you've been hijacked do the following:

Do you have Norton up to date? If you've not then either update or replace it. I use Avast from click here free for home use. Schedule a boot up scan and that'll get any virus'/trojans etc you might have picked up. (You should be able to do a boot up scan with norton too)

Then download SpybotS&D free from click here once you've installed make sure it's updated.

The same with Ad-Aware click here

Cleanup with CCleaner also free click here

Clean your registry with RegSeeker free from click here

Finally if you want extra protection click here and get SpywareBlaster and Spyware Guard, and guess what... free.

If you're having problems with your home page changing in Internet Explorer click here for start page guard.

From the Hijack This log though it doesn't look like all that's necessary. But it's a god way to clean up your PC every now & then too.

  mercedesjb 10:26 11 Mar 2005

her is what i get when i boot up;-

I have done Live update and carried out a full Norton scan, but found nothing

2/ also i have now got about 14 viruses quarantined which norton cannot repair How do I get rid?

if i download another anti-virus programme like AVG etc would i have to anti-quarantine the virus's first?

  Ironman556 16:53 16 Mar 2005

Firstly have a look in your start menu, go to the startup folder and you should find that microsoftwindows.hta file. Delete it.

There should be an option in Norton to view the quarentined files, from there you'll be able to delete them.

A new anti-virus, I used to use AVG but now use Avast. You shouldn't have to anti-quarentine anything, but to be on the safe side if you do go with another anti-virus then delete all your quarentined files, download the new AV and get a registration code, make sure you're not connected to the internet (pull the phone line if you have to), uninstall norton, reboot, install new AV, reconnect to internet and update the AV.

  Yoda Knight 16:55 16 Mar 2005

try a system check from the Symantec site - it wont clean any problems but may tell you what ur dealling with:

click here

  mercedesjb 11:05 20 Mar 2005

thank u for the reply. However, i cannot find hta in start menu, could i just do a file search for anything containing 'HTA' and delete?

  Ironman556 02:01 21 Mar 2005

Try going to c:\DOCUMENTS & SETTINGS\ALLUSERS\STARTMENU\PROGRAMS\STARTUP\ from explorer you may have to type the address into the explorer location bar. Go to tools, folder options, click the view tab, and in the box below with the list in find "Hidden Files and Folders" and select Show hidden files and folders. have a look for MICROSOFTWINDOWS.HTA in there and delete it if you find it.

If you don't find it here then it's probably a program looking for it on boot up. Backup the registry by doing one of the following:

Set a restore point, Control Panel, System, System Restore Tab, and you'll find the options to set a restore point,

or go to start, run and type regedit, click my computer right at the top of the list on the left hand side. Click file, export and save the file somewhere easy to access, I use C:\ and use the date I backed up the registry as the filename. ie. C:\210305.reg

The download regseeker as above, when you run it select the clean registry tab, leave the options as they are and click OK. It will scan for a minute or two and then start to bring up old entries. Once its finished make sure the "backup before deletion" box is checked at the bottom, click select all, and then delete. Repeat scanning and deleting until no entries come up. Restart and see if the message has vanished.

  mercedesjb 09:58 02 Apr 2005

thank alot, problem solved!

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Acer Predator 21X review

These hilarious robot GIFs will be sure to make you smile

Best podcast apps for iPhone & iPad

Nokia 8 : design, caractéristiques techniques, date de sortie