ariez
join:2004-01-09
00000
| HJT Log - in-addr.arpa
1) lately been receiving inbound and outbound attempts to in-addr.arpa
2) scanned computer with Norton, Spybot, and Adaware using current definitions. found a few trojans, all been removed.
3) Logfile of HijackThis v1.99.1
Scan saved at 12:09:36 AM, on 12/23/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\UTILITIES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDUL2.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\UTILITIES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\CDR\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\TWAIN_32\PAPRPORT\6100B\FLATBED.EXE
C:\UTILITIES\TROJANHUNTER\THGUARD.EXE
C:\UTILITIES\TRUEIMAGE\TRUEIMAGEMONITOR.EXE
C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE
C:\UTILITIES\ZONEALARM\ZLCLIENT.EXE
C:\IOMEGATOOLS95\IMGICON.EXE
C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UTILITIES\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Utilities\Spybot\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\UTILIT~1\NORTON~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Adaptec DirectCD] c:\CDR\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [PP6100b] C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
O4 - HKLM\..\Run: [THGuard] "C:\UTILITIES\TROJANHUNTER\THGUARD.EXE"
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Utilities\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\UTILIT~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [PowerQuest Startup Utility] c:\utilities\PartitionMagic\UTILITY\MMOVER32\PQINIT.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [CSINJECT.EXE] c:\UTILIT~1\NORTON~1\NORTON~3\CSINJECT.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"
O4 - HKLM\..\RunServices: [PGPSERV] C:\WINDOWS\SYSTEM\PGPserv.exe
O4 - Startup: Iomega Watch.lnk = C:\Iomegatools95\IOWATCH.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Iomegatools95\IMGSTART.EXE
O4 - Startup: Iomega Disk Icons.lnk = C:\Iomegatools95\IMGICON.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\INTERNET\AIM5\AIM.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\INTERNET\YAHOO MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\INTERNET\YAHOO MESSENGER\YPAGER.EXE
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - »photo.walmart.com/photo/uploads/···ient.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.113.123,85.255.112.76 |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs: | »Security »I think my computer is infected or hijacked. What should I do? |
|
ariez
join:2004-01-09
00000
| reply to ariez
thanks for that tidbit but already went through that page. to reiterate, scanned with norton, spybot, adaware, trojanhunter, the cleaner, and several port scanning sites mentioned on this site. listed below are some of the ports that are attempting to make outbound connections according to ZA...
iclpv-dm 1389/udp Document Manager
iclpv-nlc 1394/udp Network Log Client
mesavistaco 1249/tcp Mesa Vista Co
dwmsgserver 3228/udp DiamondWave MSG Server
netwatcher-db 3204/udp Network Watcher DB Access
can-ferret-ssl 3661/tcp Candle Directory Services using SSL
can anyone shed some light what could be making the attempts? |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs: | reply to ariez
Here, new forum, see sticky for more info:
»Security Cleanup
--
~~~...and I miss you, like the deserts miss the rain...~~~ |
|
Wildcatboy
Premium,Mod
join:2000-10-30
Toronto, ON
Host:
Security Product V..
Security
1 edit | reply to ariez
And don't post in the new forum La Luna mentioned please until you follow every single step here:
»Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance
no picking and choosing please
--
You can catch the Devil, but you can't hold him long. |
|
