HiJackThis Log--Virus Infection

Discussion in 'adware, spyware & hijack cleaning' started by killian_sh, Jul 10, 2004.

Thread Status:
Not open for further replies.
  1. killian_sh

    killian_sh Registered Member

    Joined:
    May 5, 2004
    Posts:
    26
    Location:
    Virginia
    I was just infected with a virus and I removed it,but I'd like one of you skilled guys to look at my HiJack This log.There's something on there I'm questioning myself about.

    This is the one I'm not sure about...
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

    Logfile of HijackThis v1.98.0
    Scan saved at 12:21:53 PM, on 7/10/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\NECUSBDC.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\SPRINT VIRTUAL ASSISTANT\SMARTBRIDGE\MOTIVESB.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\STARTER.EXE
    C:\WINDOWS\GWHOTKEY.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\MY DOWNLOAD FILES\FRAMXPRO\FREERAM XP PRO 1.40.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
    C:\PROGRAM FILES\SPRINT VIRTUAL ASSISTANT\BIN\MPBTN.EXE
    C:\HIJACK THIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sprint.earthlink.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Sprint FastConnect
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\MY DOWNLOAD FILES\FRAMXPRO\FREERAM XP PRO 1.40.EXE" -win
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
    O4 - Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
    O12 - Plugin for .pdf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppdf32.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
     
  2. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi killian_sh

    There's good dll's and bad dll's, but this one is a good one.

    C:\WINDOWS\SYSTEM\MSJAVA.DLL is a System DLL and needed.
    See here for more information: http://www.liutilities.com/products/wintaskspro/dlllibrary/msjava/

    The reason you are seeing it now is because the newer version of Hijackthis now reveals the entire path to the file in areas it hadn't before.

    Your log is clean. :)

    Regards,

    snap
     
Thread Status:
Not open for further replies.