1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Would someone please look at this for me? Thanks.

Discussion in 'Virus & Other Malware Removal' started by JayJay00, Apr 12, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. JayJay00

    JayJay00 Thread Starter

    Joined:
    Jan 23, 2004
    Messages:
    93
    My computer is going really slow and I do not have any anti-virus protection so I ran a HiJackThis thing and this is what came up.

    Logfile of HijackThis v1.97.7
    Scan saved at 4:57:11 PM, on 4/12/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\Smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NASDAK\OmniMouse Driver\2.1.23\MOUSE32A.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\unzipped\hijackthis[1]\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\2.1.23\MOUSE32A.EXE
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) -
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37613.3968287037
    O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10.hotmail.msn.com/activex/HMAtchmt.ocx

    Anything wrong with it and anything there that I do not need? I don't know if I have any keyloggers, viruses, or trojans so can anyone help me?Thanks. (y)
     
  2. JayJay00

    JayJay00 Thread Starter

    Joined:
    Jan 23, 2004
    Messages:
    93
    Anyone know anything that can find out if you have keyloggers, trojans, or viruses?
    Thanks for the help.
     
  3. JayJay00

    JayJay00 Thread Starter

    Joined:
    Jan 23, 2004
    Messages:
    93
    Hey I just did an online Virus Scan. I dont know is this is serious or not.
     

    Attached Files:

  4. JayJay00

    JayJay00 Thread Starter

    Joined:
    Jan 23, 2004
    Messages:
    93
    How come no one is replying? :(

    Anyways I did an online Trojan Test and it said:
    Trojan 5000 OPEN Bubbel, Back Door Setup, Sockets de Troie

    Can anyone tell me what that is? Thanks.
     
  5. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
  6. JayJay00

    JayJay00 Thread Starter

    Joined:
    Jan 23, 2004
    Messages:
    93
    Ok thanks. Here is some other info. Thanks for the help.

    Service - Ports - Status. Additional Information
    FTP DATA - 20 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    FTP - 21 - BLOCKED. This port has not responded to any of our probes. It appears to be completely stealthed.
    SSH - 22 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    TELNET - 23 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    SMTP - 25 - BLOCKED . This port has not responded to any of our probes. It appears to be completely stealthed.
    DNS - 53 - BLOCKED. This port has not responded to any of our probes. It appears to be completely stealthed.
    DCC - 59 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    FINGER - 79 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    WEB - 80 - BLOCKED. This port has not responded to any of our probes. It appears to be completely stealthed.
    POP3 - 110 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    IDENT - 113 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    Location Service - 135 - BLOCKED. This port has not responded to any of our probes. It appears to be completely stealthed.
    NetBIOS - 139 - BLOCKED. This port has not responded to any of our probes. It appears to be completely stealthed.
    HTTPS - 443 - BLOCKED. This port has not responded to any of our probes. It appears to be completely stealthed.
    Server Message Block - 445 - BLOCKED. This port has not responded to any of our probes. It appears to be completely stealthed.
    SOCKS PROXY - 1080 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    UPnP - 5000 - OPEN. This is the port used by Universal Plug and Play (UPnP). If this port is open anyone on the Internet may be able to use your computer and run any malicious code on your computer.
    WEB PROXY - 8080 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.


    Service Ports Status Possible Trojans
    Trojan - 1243 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    Trojan - 1999 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    Trojan - 6776 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    Trojan - 7789 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    Trojan - 12345 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    Trojan - 31337 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    Trojan - 54320 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    Trojan - 54321 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.



    Protocol Type Status Additional Information
    ICMP - 8 - BLOCKED. An ICMP ping request is usually used to test Internet access. However, an attacker can use it to determine if your computer is available and what OS you are running. This gives him valuable information when he is determining what type of attack to use against you.


    Service Ports Status Additional Information
    FTP DATA - 20 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    FTP - 21 - BLOCKED. This port has not responded to any of our probes. It appears to be completely stealthed.
    SSH - 22 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    TELNET - 23 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    SMTP - 25 - BLOCKED. This port has not responded to any of our probes. It appears to be completely stealthed.
    DNS 53 - BLOCKED. This port has not responded to any of our probes. It appears to be completely stealthed.
    DCC 59 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    FINGER - 79 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    WEB 80 - BLOCKED. This port has not responded to any of our probes. It appears to be completely stealthed.
    POP3 110 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    IDENT 113 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    NetBIOS - 139 - BLOCKED. This port has not responded to any of our probes. It appears to be completely stealthed.
    HTTPS - 443 - BLOCKED. This port has not responded to any of our probes. It appears to be completely stealthed.
    Server Message Block - 445 - BLOCKED. This port has not responded to any of our probes. It appears to be completely stealthed.
    SOCKS PROXY - 1080 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    SOURCE PORT - 1888 - CLOSED. This is the port you are using to communicate to our Web Server. A firewall that uses Stateful Packet Inspection will show a 'BLOCKED' result for this port.
    WEB PROXY - 8080 - CLOSED. This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.

    DNS - 53 - OPEN. Domain Name Services are used to resolve host names to IP addresses.
    Location Service - 135 - OPEN. Microsoft relies upon DCE Locator service (RPC) to remotely manage services like DHCP server, DNS server and WINS server.
    NetBIOS-NS - 137 - OPEN. Windows/Samba file and print sharing.
    NetBIOS-DGM - 138 - OPEN. Windows/Samba file and print sharing.
    NetBIOS - 139 - OPEN. NetBios is used to share files through your Network Neighborhood. If you are connected to the internet with this open, you could be sharing your whole hard drive with the world! This is a very dangerous port to have open.
    Server Message Block - 445 - OPEN. In Windows 2000, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NBT.
    UPnP - 1900 - OPEN. This is the port used by Universal Plug and Play (UPnP). If this port is open anyone on the Internet may be able to



    Umm... :confused: (n)
     
  7. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
    run these on-line scans:
    http://housecall.trendmicro.com/housecall/start_corp.asp

    http://www.pandasoftware.com/activescan/com/activescan_principal.htm

    checkmark the auto-clean boxes.

    GET SOME Anti-virus protection!

    http://www.grisoft.com/us/us_dwnl_free.php

    AVG's the most recommended on this forum for free anti-virus.

    Also get a firewall. ZoneAlarm's free.

    http://www.zonelabs.com/store/content/company/products/znalm/comparison.jsp?lid=ho_za

    it says "ZoneAlarm"...that's the one to download. Not the other two...they're pay versions. Not that there's anything wrong with that, but you need some protection.
     
  8. JayJay00

    JayJay00 Thread Starter

    Joined:
    Jan 23, 2004
    Messages:
    93
    ok Thanks Alot, I did the scans.
    I also downloaded Sygate Personal Firewall a couple of hours ago.
    Is that any good?
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/219699

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice