1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

I'm in need of help with this hijack this log

Discussion in 'Security and Privacy' started by wildkatz, 2004/08/27.

Thread Status:
Not open for further replies.
Page 1 of 2
  1. 2004/08/27
    wildkatz

    wildkatz Inactive Thread Starter

    Joined:
    2004/08/27
    Messages:
    12
    Likes Received:
    0
    I'm in need of some help and I was told you all are the best. I am a beginner when it comes to computers. I bought Norton anti-virus in March, and recently the virus defintions wouldn't update. I uninstalled Norton and re-installed it and ran a virus scan. I came up with 5 viruses but Norton could only get rid of one. I now have 4 viruses I can't get rid of. When I go where I'm told by Norton to go to get rid of the viruses manually, they aren't there. I have scanned with Spybot and came up clean. I have scanned with trend micro and came up clean. When I do a Symantec security check, no viruses are found but I'm told I have open ports. I am copying and pasting my HJT log and hopefully someone will know what it means. Thanks in advance for all your help!!!

    Logfile of HijackThis v1.98.2
    Scan saved at 1:59:30 PM, on 8/27/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Greetings Workshop\GWREMIND.EXE
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Ingrid\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midco.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=cache-sio.midco.net:3128;gopher=cache-sio.midco.net:3128;http=cache-sio.midco.net:3128
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe "
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Help - {673DEC23-60DE-42EB-8E3C-D13B363768D7} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
    O9 - Extra button: Support - {6EBC6D8D-AB1D-4FEB-8794-2526B5137E08} - http://www.comcastsupport.com (file missing) (HKCU)
    O9 - Extra button: ComcastHSI - {BF688E97-A042-44E2-9EA2-70C08FA91CF1} - http://www.comcast.net (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/Ud3rT0n5.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20c0bc89769a659b8401/netzip/RdxIE601.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v3123/cpbrkpie.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
     
    wildkatz,
    #1
  2. 2004/08/27
    Newt

    Newt Inactive

    Joined:
    2002/01/07
    Messages:
    10,974
    Likes Received:
    2
    Hi wildkatz and welcome to the forum.

    Leaving aside your Hijackthis log for the moment (and in hopes that someone else will beat me to it, I'll just deal with the parts in the quote above.

    Norton & virus things
    It is not unusual for your antivirus program to find things it is unable to clean or delete. Almost always the problem is an infected file inside of a larger compressed file wrapper like a .zip or .cab file whose contents can be from 1 to several hundred files. The bad news is your AV program will be unable to do anything with them. The good news is the virus can't function (so can't hurt anything) while it's compressed.

    These things are often located in a temp folder and dumping your temp folders gets rid of it completely. Other times the file can be part of the system restore and will only go away by stopping system restore and restarting it after a reboot.

    Basically, when you see Norton find things and say it was unable to deal with them, write down the full path to the critter.

    Spybot, Ad-aware, and similar
    These applications are specifically designed to locate and deal with a variety of spyware/malware that may well be trying to control parts of your PC by changing around your home page or sending information out to the internet or similar but aren't really classed as virus files. It's really hit or miss if a regular AV program will see most of these or not but the two apps above will deal with most of it.

    Hijackthis
    Designed to report quite a few malware generated problems not seen by any of the above items and to deal with some of it - but only when you tell it exactly what to remove. Mostly good for creating reports that can tell an expert what to recommend to you. Not a good idea for most users to make the changes since Hijackthis does not make any value judgements and will happily remove an essential item if you tell it to.
     
    Newt,
    #2


  3. to hide this advert.

  4. 2004/08/27
    wildkatz

    wildkatz Inactive Thread Starter

    Joined:
    2004/08/27
    Messages:
    12
    Likes Received:
    0
    Thank you for the welcome and your reply.
    It's good to know that the viruses can't do anything to my computer. Is it ok just to leave them or will I need to do something else about them???
     
    wildkatz,
    #3
  5. 2004/08/27
    Newt

    Newt Inactive

    Joined:
    2002/01/07
    Messages:
    10,974
    Likes Received:
    2
    If an online virus scan comes back clean, you almost certainly are rid of any virus infected files. Otherwise, post back with the specific locations and file names.

    There are a few things in your hijackthis log that will need to be dealt with.

    First off, if these are sites you want as home page and so on, they are fine. Otherwise either or both can be fixed.
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midco.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net

    Next, you need to move hijackthis to a folder of it's own. Maybe what I use, c:\hjt, but in any case not a temp folder and not directly on the desktop.
     
    Newt,
    #4
  6. 2004/08/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midco.net/
    Looking at: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = ftp=cache-sio.midco.net:3128;gopher=cache-sio.midco.net:3128;http=cache-sio.midco.net:3128
    I assume, that MIDCO is your ISP. If so, above entry is OK.
    Now...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
    Did Comcast was your prior ISP? If so, you may fix above entry, as well as:
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net

    Fix:
    R3 - Default URLSearchHook is missing


    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    Associated with the newer versions of nVidia graphics cards drivers. Allows you to immensely improve desktop layouts by setting preferences and optimizations. However, this isn't necessary for the operation of your system
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    Not needed at startup. C-Media Mixer - C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See HERE for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    Not needed at startup. Checks with Sun's Java updates site to see if newer Java versions are available. Visit http://java.sun.com or just run the Java Plug-In Control Panel
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    Windows Messenger utility. If you don't use Windows Messenger, this can be annoying. Available via Start -> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts "

    Have you ever downloaded something from http://www.addictivetechnologies.net/
    If not, fix this:
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.ne...ab/Ud3rT0n5.cab
     
    broni,
    #5
  7. 2004/08/27
    wildkatz

    wildkatz Inactive Thread Starter

    Joined:
    2004/08/27
    Messages:
    12
    Likes Received:
    0
    You are right, Comcast was my previous ISP. Do I put a check next to all the stuff from Comcast and delete it? How do I fix all the things you are telling me to fix? I'm new to all these hijack logs so if I'm a little slow please bare with me. :eek:
     
    wildkatz,
    #6
  8. 2004/08/28
    wildkatz

    wildkatz Inactive Thread Starter

    Joined:
    2004/08/27
    Messages:
    12
    Likes Received:
    0
    I rescanned my computer with Symantec Virus Detection and it says there's no viruses but the security check found the following open ports:

    ICMP Ping Ping. Ping is a network troubleshooting utility. It asks your computer to acknowledge its existence. If your computer responds positively to a ping, hackers are more likely to target your computer.

    23 Telnet. Telnet can be used to log into your computer from a terminal anywhere in the world. This port should be open only if you're running a Telnet server.

    80 HTTP (Hypertext Transfer Protocol). HTTP is used to transfer Web pages over the Internet. Port 80 should be open only if you're running a Web server.

    I don't think these are suppose to be open, are they???? How do I close them? :eek:
     
    wildkatz,
    #7
  9. 2004/08/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You'll run HijackThis again, put checkmarks next to:
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    R3 - Default URLSearchHook is missing
    and click on "Fix it" button.

    As for all O4 entries, you go Start>Run, type: MSCONFIG, go to Startup tab, and you uncheck unnecessary entries, unless my instructions say otherwise in O4 section.

    Don't worry a bit about it.

    I'll close this post to look at your second reply.
     
    broni,
    #8
  10. 2004/08/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Those open ports are not OK, but since it's getting late, I'll have to push this question until tomorrow, but....there are other people around here, who live in a different time zones...they may come up with some answers
     
    broni,
    #9
  11. 2004/08/28
    wildkatz

    wildkatz Inactive Thread Starter

    Joined:
    2004/08/27
    Messages:
    12
    Likes Received:
    0
     
    wildkatz,
    #10
  12. 2004/08/28
    Newt

    Newt Inactive

    Joined:
    2002/01/07
    Messages:
    10,974
    Likes Received:
    2
    Run Hijackthis again and post the new log file.
     
    Newt,
    #11
  13. 2004/08/28
    wildkatz

    wildkatz Inactive Thread Starter

    Joined:
    2004/08/27
    Messages:
    12
    Likes Received:
    0
    Here's my current hijackthis log.

    Logfile of HijackThis v1.98.2
    Scan saved at 8:08:54 PM, on 8/28/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Greetings Workshop\GWREMIND.EXE
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Ingrid\Local Settings\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midco.net/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=cache-sio.midco.net:3128;gopher=cache-sio.midco.net:3128;http=cache-sio.midco.net:3128
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe "
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Help - {673DEC23-60DE-42EB-8E3C-D13B363768D7} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
    O9 - Extra button: Support - {6EBC6D8D-AB1D-4FEB-8794-2526B5137E08} - http://www.comcastsupport.com (file missing) (HKCU)
    O9 - Extra button: ComcastHSI - {BF688E97-A042-44E2-9EA2-70C08FA91CF1} - http://www.comcast.net (file missing) (HKCU)
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20c0bc89769a659b8401/netzip/RdxIE601.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v3123/cpbrkpie.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
     
    wildkatz,
    #12
  14. 2004/08/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It looks safe, and clean to me.
     
    broni,
    #13
  15. 2004/08/28
    wildkatz

    wildkatz Inactive Thread Starter

    Joined:
    2004/08/27
    Messages:
    12
    Likes Received:
    0
    Do you have any idea how to close the open ports???
     
    Last edited: 2004/08/28
    wildkatz,
    #14
  16. 2004/08/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I know nothing about Norton, since I don't use it, because I don't like it.
    Maybe some Norton person will chime in. Norton is a garbage to me.
     
    broni,
    #15
  17. 2004/08/29
    Newt

    Newt Inactive

    Joined:
    2002/01/07
    Messages:
    10,974
    Likes Received:
    2
    wildkatz - if you are in a position to get SP2 for XP, the firewall that comes with it should automatically do the deed for you. From what I'm reading and what I know of the way firewalls operate, it should play nice with any other software/hardware firewall you might happen to have.
     
    Newt,
    #16
  18. 2004/08/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go to ShieldsUp, and it'll tell you, if your computer is secured
     
    broni,
    #17
  19. 2004/08/30
    wildkatz

    wildkatz Inactive Thread Starter

    Joined:
    2004/08/27
    Messages:
    12
    Likes Received:
    0
    Thanks so much for all the help you all have given me! Broni, I went to the site you posted and it said my computer is safe!!! Thanks again!!! :D

    edited to add: I just scanned with Symantec's Security Scan and it still says the 3 ports are open. I guess I'm not safe afterall. :(
     
    Last edited: 2004/08/30
    wildkatz,
    #18
  20. 2004/08/30
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    If ShieldsUp said you're safe, no open ports, then you're safe. If any ports were shown as open, click for more info. Most likely a legitimate program has it open, and shutting it down will close the port. ICQ is one that will open port 80.
     
    noahdfear,
    #19
  21. 2004/08/30
    wildkatz

    wildkatz Inactive Thread Starter

    Joined:
    2004/08/27
    Messages:
    12
    Likes Received:
    0
    I don't use ICQ, I don't use any instant messanger. :confused:
     
    wildkatz,
    #20
Page 1 of 2
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...