Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » Please help me decipher my Hijack This Log (RESOLVED)

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

Please help me decipher my Hijack This Log (RESOLVED)

Reply
Page 1 of 2 1 2
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 16-03-2006, 03:09 AM
Ria Ria is offline
Newbie
D-A-L Newbie
  
Join Date: Mar 2006
Posts: 9
Ria Is a beginner here at D-A-L
Please help me decipher my Hijack This Log (RESOLVED)
Hi,

We have broadband internet connection that gets high usage between me, my husband & our children. We have Norton Internet Security installed, as well as Ad-aware & Spybot Search & Destroy.

Recently we've developed a problem with some sort of malignant file -- whenever the parental controls are disabled we receive constant messages from Norton that a "Remote System is trying to access our computer" -- this is very disruptive. I've run a full system scan with the antivirus, deleted a number of adware files and quarantined 4 that wouldn't let me delete them. I have also run Ad-aware & Spybot, fixing the problems picked up by them.

Unfortunately, the messages continue to occur - again only when the parental controls are disabled. I've now run Hijack This but do not know enough about computers to know which entries to pay attention to. If someone could read my log file & point me in the right direction, I would be most appreciative. It follows: -

Logfile of HijackThis v1.97.7
Scan saved at 11:28:19 AM, on 16/03/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\System32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\sistray.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Plaxo\2.3.4.2\InstallStub.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\webshots.scr
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\Brian Vining\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.qut.edu.au:3128
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.3.4.2\InstallStub.exe -a
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O10 - Unknown file in Winsock LSP: c:\progra~1\aventail\connect\asnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\aventail\connect\aslsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\aventail\connect\aslsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\aventail\connect\aslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c3.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.13.14/ttinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildAppNonUS.cab

Thanking you in advance.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 16-03-2006, 04:32 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Please help me decipher my Hijack This Log
Quote:
Logfile of HijackThis v1.97.7
You are running an outdated version of HJT. Latest version is 1.99.1.

Please read over all instruction here and load the latest HJT tool to the recommended FOLDER area:
Read This First - IMPORTANT Instructions


You can THEN fix the following items in HJT for now.


SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

R3 - Default URLSearchHook is missing

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildAppNonUS.cab

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.



POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 17-03-2006, 08:31 AM
Ria Ria is offline
Newbie
D-A-L Newbie
  
Join Date: Mar 2006
Posts: 9
Ria Is a beginner here at D-A-L
Re: Please help me decipher my Hijack This Log
OK ...

I installed the updated version of HJT, ran a scan & then checked & fixed the items you listed.

Unfortunately the problem still seems to be occurring.

I've rerun HJT & my logfile follows: -

Logfile of HijackThis v1.99.1
Scan saved at 5:35:20 PM, on 17/03/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\System32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\sistray.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Plaxo\2.3.4.2\InstallStub.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\webshots.scr
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.qut.edu.au:3128
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.3.4.2\InstallStub.exe -a
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\aventail\connect\asnsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\aventail\connect\aslsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\aventail\connect\aslsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\aventail\connect\aslsp.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.13.14/ttinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\System32\Tablet.exe


Thanks for your help.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 17-03-2006, 02:16 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Please help me decipher my Hijack This Log
Try running the following scans:

Please download, install, update and scan your system with the free (trial) version of Ewido trojan scanner:
  1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  3. From the main ewido screen, click on update in the left menu, then click the Start update button.
  4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
  5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.


REBOOT.


Please do an online scan (scan only tool) with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      - Extended (if available otherwise Standard)
    • Scan Options:
      - Scan Archives
      - Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 17-03-2006, 04:04 PM
Ria Ria is offline
Newbie
D-A-L Newbie
  
Join Date: Mar 2006
Posts: 9
Ria Is a beginner here at D-A-L
Re: Please help me decipher my Hijack This Log
I've installed & run the Ewido trojan scanner -- what a great program!

Unfortunately I panicked after the scan was partially complete because I realised I'd told the program to "remove" rather than "clean" as you'd stated (of course I realised later it was the same -- but it's late here & my brain was a bit fuzzy), so I stopped the scan & then reran it -- so now I have two logfiles to paste (basically Part 1 & Part 2). Here they are: -

Part 1

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:18:22 AM, 18/03/2006
+ Report-Checksum: 8D0AA50C

+ Scan result:

HKLM\SOFTWARE\WildMedia -> Adware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\WildMedia\LicenseStores -> Adware.MidAddle : Cleaned with backup
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc hive.jar-4235d44a-510debca.zip/BlackBox.class -> Dropper.Beyond.g : Error during cleaning
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv74.jar-170b188f-1d23e9f5.zip/Matrix.class -> Downloader.OpenStream.c : Error during cleaning
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@aotgroup.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@cz5.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@cz9.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@download.com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@e-2dj6wjlyoodzsgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@free.wegcash[1].txt -> TrackingCookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@image.masterstats[2].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@incredifind[2].txt -> TrackingCookie.Incredifind : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@vip.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@vip2.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@webstat[3].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@www.belstat[3].txt -> TrackingCookie.Belstat : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@y-1shz2prbmdj6wvny-1sez2pra2d...ure[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Brian Vining\Local Settings\Temp\C27D8FEF-D7AE-42c0-82E6-F30598265639.exe -> Trojan.KillFiles.im : Cleaned with backup
C:\Documents and Settings\Brian Vining\Local Settings\Temp\Cookies\greg boylan@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Brian Vining\Local Settings\Temp\Cookies\greg boylan@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Brian Vining\Local Settings\Temp\Cookies\greg boylan@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian Vining\Local Settings\Temp\Cookies\greg boylan@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian Vining\Local Settings\Temp\Cookies\greg boylan@cz6.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian Vining\Local Settings\Temp\Cookies\greg boylan@cz8.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian Vining\Local Settings\Temp\Cookies\greg boylan@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Brian Vining\Local Settings\Temp\Cookies\greg boylan@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Brian Vining\Local Settings\Temp\Cookies\greg boylan@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Brian Vining\Local Settings\Temp\Cookies\greg boylan@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup
C:\Documents and Settings\Brian Vining\Local Settings\Temp\Cookies\greg boylan@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Brian Vining\Local Settings\Temp\Cookies\greg boylan@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Brian Vining\Local Settings\Temp\Cookies\greg boylan@vip.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Brian Vining\Local Settings\Temp\Cookies\greg boylan@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned with backup


::Report End

Part 2

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:02:48 AM, 18/03/2006
+ Report-Checksum: AAD5E7CE

+ Scan result:

C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc hive.jar-4235d44a-510debca.zip/BlackBox.class -> Dropper.Beyond.g : Cleaned with backup
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv74.jar-170b188f-1d23e9f5.zip/Matrix.class -> Downloader.OpenStream.c : Cleaned with backup
C:\Downloads\CoffeeTycoon_Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\Downloads\GoldMinerJoe-AMSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\Downloads\LipssySetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\Downloads\ToEESetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\Downloads\Tradewinds2Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\Program Files\Ahead\Crazy Chewer Demo\setup_incredifind_ArcadeTown.exe -> Downloader.Keenval : Cleaned with backup
C:\Program Files\Fox Jones Demo\setup_incredifind_ArcadeTown.exe -> Downloader.Keenval : Cleaned with backup
C:\Program Files\HijackThis\backups\backup-20060317-172831-755.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
C:\Program Files\Turbo Tanks\setup_incredifind_ArcadeTown.exe -> Downloader.Keenval : Cleaned with backup
C:\WINNT\Downloaded Program Files\MediaTicketsInstaller.ocx -> Adware.MediaTickets : Cleaned with backup


::Report End


I am now going to reboot as instructed & run the other scan. Will post the results when I have them.
Thanks again.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 17-03-2006, 05:55 PM
Ria Ria is offline
Newbie
D-A-L Newbie
  
Join Date: Mar 2006
Posts: 9
Ria Is a beginner here at D-A-L
Re: Please help me decipher my Hijack This Log
It's 2.30 in the morning ... I've just finished running the Kaspersky scan. Here are the results: -

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, March 18, 2006 2:52:52 AM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 17/03/2006
Kaspersky Anti-Virus database records: 182959
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 103492
Number of viruses found: 10
Number of infected objects: 26
Number of suspicious objects: 0
Duration of the scan process: 01:02:42

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\om fg.class-3e5ae470-3c43a381.class Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3 .jar-4a9df386-47cda8b5.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3 .jar-4a9df386-47cda8b5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc hive.jar-293343c1-46acb9d0.zip/binny/binny.class Infected: Trojan-Dropper.Java.Beyond.d skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc hive.jar-293343c1-46acb9d0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr 3.jar-13b40b84-5df44e75.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr 3.jar-13b40b84-5df44e75.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr 3.jar-57a31885-62f0aa91.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr 3.jar-57a31885-62f0aa91.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr 3.jar-6f6c11cb-1b147ad8.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr 3.jar-6f6c11cb-1b147ad8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr 3.jar-7858cb4a-67a4dbc2.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr 3.jar-7858cb4a-67a4dbc2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr 3.jar-7dc37009-27fee312.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr 3.jar-7dc37009-27fee312.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv201.jar-280e5f12-5325f5cd.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv201.jar-280e5f12-5325f5cd.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv237.jar-2d8175f5-2511140b.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv237.jar-2d8175f5-2511140b.zip ZIP: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\655273A6 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6D632BAD Infected: not-a-virusialer.Win32.E-Group.a skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74AE5B07 Infected: not-a-virus:AdWare.Win32.MediaTickets.d skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\75B45A7A Infected: not-a-virus:AdWare.Win32.VirtualBouncer.d skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\75B70476 Infected: Trojan-Dropper.Win32.Mudrop.k skipped
C:\WINNT\mssys.com/DROP.EXE Infected: Trojan-Dropper.DOS.Rute skipped
C:\WINNT\mssys.com Mail: infected - 1 skipped

Scan process completed.

-- that's a lot of stuff, I hope it's fixable. Unfortunately the original problem is still occurring ...
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 17-03-2006, 10:47 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Please help me decipher my Hijack This Log
Clean out your Norton Quarantine area when appropriate.



Many Kaspersky found items are JAVA based items. These should disappear with the use of the following cleaner:

Please download ATF Cleaner http://www.atribune.org/ccount/click.php?id=1 by Atribune.
This program is for XP and Windows 2000 only

It does not require any installation and uses minimal system resources. It is set up to clean IE, FireFox and Opera, and detects the browsers you have and grays out the other(s).
  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Recommend UNCHECKING COOKIES if you rely on system remembered passwords.
    Click the Empty Selected button.

If you use Firefox browser
  • Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
  • Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
    Click the Empty Selected button.


Click Exit on the Main menu to close the program.




Delete the following FOLDER:
C:\WINNT\mssys.com




Verify that Kaspersky now runs clean. Please provide any current observations.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 19-03-2006, 05:58 PM
Ria Ria is offline
Newbie
D-A-L Newbie
  
Join Date: Mar 2006
Posts: 9
Ria Is a beginner here at D-A-L
Re: Please help me decipher my Hijack This Log
Right-o I cleaned out the Norton Quarantine, downloaded & ran the ATF Cleaner, & deleted the folder you suggested to. Sad to say, the problem is still occurring.

The Kaspesky Log is as follows: -

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, March 20, 2006 2:44:29 AM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 19/03/2006
Kaspersky Anti-Virus database records: 182877
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 101304
Number of viruses found: 8
Number of infected objects: 23
Number of suspicious objects: 0
Duration of the scan process: 01:16:28

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\om fg.class-3e5ae470-3c43a381.class Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3 .jar-4a9df386-47cda8b5.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3 .jar-4a9df386-47cda8b5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc hive.jar-293343c1-46acb9d0.zip/binny/binny.class Infected: Trojan-Dropper.Java.Beyond.d skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc hive.jar-293343c1-46acb9d0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr 3.jar-13b40b84-5df44e75.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr 3.jar-13b40b84-5df44e75.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr 3.jar-57a31885-62f0aa91.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr 3.jar-57a31885-62f0aa91.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr 3.jar-6f6c11cb-1b147ad8.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr 3.jar-6f6c11cb-1b147ad8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr 3.jar-7858cb4a-67a4dbc2.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr 3.jar-7858cb4a-67a4dbc2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr 3.jar-7dc37009-27fee312.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr 3.jar-7dc37009-27fee312.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv201.jar-280e5f12-5325f5cd.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv201.jar-280e5f12-5325f5cd.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv237.jar-2d8175f5-2511140b.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\Brian Vining\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv237.jar-2d8175f5-2511140b.zip ZIP: infected - 1 skipped
C:\RECYCLER\S-1-5-21-448539723-1644491937-725345543-1000\Dc2 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
C:\RECYCLER\S-1-5-21-448539723-1644491937-725345543-1000\Dc3 Infected: not-a-virusialer.Win32.E-Group.a skipped
C:\RECYCLER\S-1-5-21-448539723-1644491937-725345543-1000\Dc4 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.d skipped
C:\RECYCLER\S-1-5-21-448539723-1644491937-725345543-1000\Dc5 Infected: Trojan-Dropper.Win32.Mudrop.k skipped

Scan process completed.

(since running the scan, I deleted the files from the recycle bin -- these had been put there when I deleted them from quarantine, without emptying the bin)

The last warning that came up also had "permit" as the default action on the pop-up, rather than"block" -- almost like it's getting more determined ...

Thanks again for all of your time -- it's sure keeping me up late at night (it's the only time I can get good access)
Ria
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 19-03-2006, 06:05 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Please help me decipher my Hijack This Log
You need to empty the cache in your Java Plugins control panel or remove the jar cache:



From the Start button, click Settings > Control Panel
(Note: It may be necessary to select the “Switch to Classic View’ option.)

In the Control Panel, open the "Java Plug-in Control Panel"
Select the Cache Tab
Click the Clear button inside the Cache Tab, which will clear your JRE cache directory


Or


Start > Settings > Control panel > Java Plugin [version number] > Choose Cache and click remove JAR Cache.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 20-03-2006, 12:25 PM
Ria Ria is offline
Newbie
D-A-L Newbie
  
Join Date: Mar 2006
Posts: 9
Ria Is a beginner here at D-A-L
Re: Please help me decipher my Hijack This Log
I've now emptied the cache in the Java plugins control panel, and for good measure, I reran Adaware, Spybot & Eiwdo.

The Ewido report is below: -

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:54:34 AM, 20/03/2006
+ Report-Checksum: 459F9339

+ Scan result:

C:\Documents and Settings\Brian Vining\Cookies\greg boylan@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@vip.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup


::Report End

After this I ran Kapersky, which told me my computer is clean .... yet I am still experiencing these constant intrusion attempts when the parental controls are turned off!
I'm hoping you have some ideas because it doesn't make any sense to me.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Error Code to decipher ? Napper Windows XP Help 1 29-08-2005 03:34 AM
Hijack This Log (Resolved) John B Spyware, Adware, Viruses and HijackThis Logs 13 05-11-2004 10:33 PM
HIJACK THIS log (Resolved) Monkman Spyware, Adware, Viruses and HijackThis Logs 12 05-11-2004 10:01 PM
hijack this log....help please (Resolved) Aussielle Spyware, Adware, Viruses and HijackThis Logs 22 06-09-2004 07:17 PM
Another Hijack Log (Resolved) shaund Spyware, Adware, Viruses and HijackThis Logs 10 03-08-2004 08:54 PM


All times are GMT +1. The time now is 02:53 AM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav