User Name Password Register
DaniWeb IT Discussion Community
Home
Forums
Tutorials
Blogs
Link Directory
All
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 370,604 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,043 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Join our community!
Please support our Viruses, Spyware and other Nasties advertiser:
Views: 5741 | Replies: 37
Reply
Page 1 of 4 1 23 > Last »
Join Date: Mar 2006
Posts: 33
Reputation: robbo_the_hood is an unknown quantity at this point 
Rep Power: 3
Solved Threads: 0
robbo_the_hood robbo_the_hood is offline Offline
Light Poster

Hijackthis report, I just don't know

  #1  
Mar 30th, 2006
My hijackthis gave me this

Logfile of HijackThis v1.99.1
Scan saved at 10:10:34 PM, on 3/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Azureus\Azureus.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccVScan.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Monty\My Documents\Anti Malware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com//0seenus/saos01
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134239878750
O18 - Protocol: bw+0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

can someone tell me if there's anything malicious in here?
AddThis Social Bookmark Button
Reply With Quote  
Join Date: Jan 2006
Location: Tennessee
Posts: 1,567
Reputation: 'Stein is on a distinguished road 
Rep Power: 6
Solved Threads: 102
Colleague
'Stein's Avatar
'Stein 'Stein is offline Offline
Lapsed Skeptic

Re: Hijackthis report, I just don't know

  #2  
Mar 30th, 2006
Hey, welcome to Daniweb. To begin, I see several things wrong with the log. Start by first uninstalling MessengerPlus3 using the Add/Remove programs list.

Then, follow this by checking the following in HJT:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)

After fixing these, reboot into safe mode. While in safe mode, find and delete this folder if it is there:

C:\Program Files\MessengerPlus! 3

After doing this, reboot into normal mode, and download CCleaner and Ewido (links for both can be found in my sig. below). After updating definitions for both, run scans with each, saving the Ewido log.

After doing this, be sure everything is set to startup in the startup list (if ya dont understand what I mean, don't worry about it). Restar the computer.

After doing this, post back with the saved ewido log and a new HJT log.

Lastly, are ya having any problems, or do ya just want us to go over your log? (either one is ok, im jus curious heh)

Thanks
Now if ya like the help ya could always raise our reputation...
Reply With Quote  
Join Date: Jul 2005
Location: FL.
Posts: 1,536
Reputation: tayspen is on a distinguished road 
Rep Power: 7
Solved Threads: 98
Colleague
tayspen's Avatar
tayspen tayspen is offline Offline
<Insert title here>

Re: Hijackthis report, I just don't know

  #3  
Mar 31st, 2006
You don't need to worry about downloading ewido as it seems you already have it installed .
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes

Member - Alliance of Security Analysis Professionals - Since 2006
Reply With Quote  
Join Date: Mar 2006
Posts: 33
Reputation: robbo_the_hood is an unknown quantity at this point 
Rep Power: 3
Solved Threads: 0
robbo_the_hood robbo_the_hood is offline Offline
Light Poster

Re: Hijackthis report, I just don't know

  #4  
Mar 31st, 2006
Yeah I'm having problems. My windows firewall can't open, my system restore won't work, and my firefox quits if I have bittorrent running on high volume.
Reply With Quote  
Join Date: Mar 2006
Posts: 33
Reputation: robbo_the_hood is an unknown quantity at this point 
Rep Power: 3
Solved Threads: 0
robbo_the_hood robbo_the_hood is offline Offline
Light Poster

Re: Hijackthis report, I just don't know

  #5  
Mar 31st, 2006
Logfile of HijackThis v1.99.1
Scan saved at 7:45:44 PM, on 3/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Monty\My Documents\Anti Malware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com//0seenus/saos01
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134239878750
O18 - Protocol: bw+0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {71249463-0626-4838-8E60-381C9CE2F3EA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

and ewido didn't find anything.
Reply With Quote  
Join Date: Feb 2006
Location: NC
Posts: 238
Reputation: D3m3nt3d is an unknown quantity at this point 
Rep Power: 3
Solved Threads: 11
D3m3nt3d's Avatar
D3m3nt3d D3m3nt3d is offline Offline
Posting Whiz in Training

Re: Hijackthis report, I just don't know

  #6  
Mar 31st, 2006
I would uninstall Logitech Desktop Messenger if you do not use it.

Download ISeeYou
http://forum.networktechs.com/attach...4&d=1143686508
-Reboot to Safe Mode
-double click ISeeYou.bat
-Save and attach the notepad
Proud Member of ASAP (Alliance of Security Analysis Professionals)
Reply With Quote  
Join Date: Mar 2006
Posts: 33
Reputation: robbo_the_hood is an unknown quantity at this point 
Rep Power: 3
Solved Threads: 0
robbo_the_hood robbo_the_hood is offline Offline
Light Poster

Re: Hijackthis report, I just don't know

  #7  
Apr 2nd, 2006
Here's my ISeeYou.bat report

****PLEASE NOTE THAT MOST (if not ALL) OF THE ITEMS BELOW ARE NOT BADDIES!
****PLEASE CONSULT A KNOWLEDGEABLE PERSON BEFORE TAKING ANY ACTION.


Microsoft Windows XP [Version 5.1.2600]
Sun 04/02/2006
12:41 PM


--------------------------------------------------------------------------
Items Found in ZoneMap\Domains:
--------------------------------------------------------------------------

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
@=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msn.com]
@=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msn.com\related]
"http"=dword:00000004


--------------------------------------------------------------------------
STARTUP ITEMS DISABLED VIA MSCONFIG:
--------------------------------------------------------------------------

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000000


--------------------------------------------------------------------------
LOG for Microsoft® Windows® Malicious Software Removal Tool:
--------------------------------------------------------------------------

Microsoft Windows MRT Log NOT Found!

--------------------------------------------------------------------------
Select RunOnce Registry Key Items:
--------------------------------------------------------------------------

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]


----------------------------------------------

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]


--------------------------------------------------------------------------
Shared Task Scheduler Registry Items:
--------------------------------------------------------------------------

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"


--------------------------------------------------------------------------
ENUMERATING SCHEDULED TASKS:
--------------------------------------------------------------------------

Volume in drive C has no label.
Volume Serial Number is C4CB-6820

Directory of C:\WINDOWS\tasks

03/31/2006 08:47 PM <DIR> .
03/31/2006 08:47 PM <DIR> ..
07/16/2003 04:36 PM 65 desktop.ini
04/01/2006 03:17 AM 370 MP Scheduled Scan.job
04/02/2006 12:40 PM 6 SA.DAT
3 File(s) 441 bytes

Total Files Listed:
3 File(s) 441 bytes
2 Dir(s) 23,257,673,728 bytes free
HR C:\WINDOWS\tasks\desktop.ini
A H C:\WINDOWS\tasks\MP Scheduled Scan.job
A H C:\WINDOWS\tasks\SA.DAT

--------------------------------------------------------------------------
CHECKING SELECT POLICIES KEYS:
--------------------------------------------------------------------------

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091


----------------------------------------------

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001


----------------------------------------------

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"="0"
"NoAdminPage"="0"


--------------------------------------------------------------------------
ENUMERATING RECENT DOWNLOADED PROGRAM FILES:
--------------------------------------------------------------------------

C:\WINDOWS\DOWNLOADED PROGRAM FILES

01/25/2006 10:14 PM <DIR> ..
01/25/2006 10:14 PM <DIR> .
12/07/2005 02:11 AM 65 desktop.ini
11/04/2005 12:24 AM 495 LegitCheckControl.inf
08/27/2005 05:30 PM 5,065 swflash.inf
05/26/2005 08:19 AM 293 muweb.inf

--------------------------------------------------------------------------
CHECKING RECENTLY ADDED DRIVERS:
--------------------------------------------------------------------------

C:\WINDOWS\system32\drivers

03/11/2006 02:47 PM <DIR> ..
03/11/2006 02:47 PM <DIR> .
03/11/2006 02:01 PM <DIR> etc
01/19/2006 02:11 AM 223,128 dtscsi.sys
01/19/2006 02:02 AM 642,560 sptd.sys
01/19/2006 02:02 AM 96,256 sptd7533.sys
01/12/2006 10:28 PM 359,808 tcpip.sys
03/11/2006 02:01 PM 681 hosts
03/11/2006 02:01 PM <DIR> ..
03/11/2006 02:01 PM <DIR> .
12/10/2005 04:06 AM 3,536,768 nv4_mini.sys
12/06/2005 05:19 PM <DIR> disdn
12/05/2005 01:12 AM 20,640 pxhelp20.sys
11/09/2005 09:34 PM 190,480 tmxpflt.sys
11/09/2005 09:34 PM 31,248 tmpreflt.sys
11/09/2005 09:07 PM 1,022,432 VsapiNT.sys
06/10/2005 12:09 AM 139,528 rdpwd.sys
05/09/2005 08:17 PM 332,544 srv.sys
02/02/2005 05:21 AM 14,408 GEARAspiWDM.sys
01/31/2005 06:20 AM 211,712 LV561AV.SYS
01/31/2005 06:12 AM 22,016 LVUSBSta.sys
01/31/2005 06:04 AM 2,180,096 lvsvf2.sys
01/28/2005 05:44 PM 18,944 wpdusb.sys
01/19/2005 12:26 AM 451,584 mrxsmb.sys
01/18/2005 09:05 PM 35,456 tmtdi.sys
01/18/2005 09:03 PM 838,870 TM_CFW.sys
12/06/2005 05:19 PM <DIR> ..
12/06/2005 05:19 PM <DIR> .

--------------------------------------------------------------------------
CHECKING SYSTEM.INI:
--------------------------------------------------------------------------

; for 16-bit app support
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
woafont=dosapp.FON
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON

--------------------------------------------------------------------------
CHECKING WIN.INI:
--------------------------------------------------------------------------

; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
CMCDLLNAME32=mapi32.dll
CMCDLLNAME=mapi.dll
CMC=1
MAPIX=1
MAPIXVER=1.0.0.1
OLEMessaging=1
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo2
asx=MPEGVideo2
au=MPEGVideo
m1v=MPEGVideo
m3u=MPEGVideo2
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo2
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo2
wm=MPEGVideo2
wma=MPEGVideo2
wmv=MPEGVideo2
wmx=MPEGVideo2
wvx=MPEGVideo2
wpl=MPEGVideo
[CDWINSETUP]
AUTOUNLOAD=No

--------------------------------------------------------------------------
MISCELLANEOUS DETECTIONS:
--------------------------------------------------------------------------

*** i386p.* Stealthing Agent NOT Found by this tool! ***

*** erssdd.* (ErrorSafe) Stealthing Agent NOT Found by this tool! ***

*** DP.* (VUNDO?) Stealthing Agent NOT Found by this tool! ***

*** msctl32.dll SpamBot NOT Found by this tool! ***

*** ibm000*.* KeyLogger NOT Found by this tool! ***

--------------------------------------------------------------------------
CHECKING FOR SDBOT-TYPE WORMS:
--------------------------------------------------------------------------

**** LOOKING FOR W32/Sdbot-AMA Worm ****
*** W32/Sdbot-AMA Worm NOT Found by this tool! ***

--------------------------------------------------------------------------
CHECKING FOR VISIBLE ROOTKIT-TYPE REGISTRY KEYS:
--------------------------------------------------------------------------

**** LOOKING FOR AVPE Haxdoor Reg Keys ****

---------- HKLMSYSKEYS.TXT
*** avpe Keys NOT Found by this tool! ***

**** LOOKING FOR MEMLOW Haxdoor Reg Keys ****

---------- HKLMSYSKEYS.TXT
*** memlow Keys NOT Found by this tool! ***

**** LOOKING FOR VDMT Haxdoor Reg Keys ****

---------- HKLMSYSKEYS.TXT
*** vdmt Keys NOT Found by this tool! ***

**** LOOKING FOR DP1112 Vundo Rootkit Reg Keys ****

---------- HKLMSYSKEYS.TXT
*** DP1112 Keys NOT Found by this tool! ***

**** LOOKING FOR SYSBUS32 Rootkit Driver Reg Keys ****

---------- HKLMSYSKEYS.TXT
*** sysbus32 Keys NOT Found by this tool! ***

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"


**** LOOKING FOR I386P Rootkit Driver Reg Keys ****

--------------------------------------------------------------------------

---------- HKLMSYSKEYS.TXT

*** i386p Keys NOT Found by this tool! ***
C:\WINDOWS\system32\drivers

03/11/2006 02:47 PM <DIR> ..
03/11/2006 02:47 PM <DIR> .
03/11/2006 02:01 PM <DIR> etc
01/19/2006 02:11 AM 223,128 dtscsi.sys
01/19/2006 02:02 AM 642,560 sptd.sys
01/19/2006 02:02 AM 96,256 sptd7533.sys
01/12/2006 10:28 PM 359,808 tcpip.sys
03/11/2006 02:01 PM 681 hosts
03/11/2006 02:01 PM <DIR> ..
03/11/2006 02:01 PM <DIR> .
12/10/2005 04:06 AM 3,536,768 nv4_mini.sys
12/06/2005 05:19 PM <DIR> disdn
12/05/2005 01:12 AM 20,640 pxhelp20.sys
11/09/2005 09:34 PM 190,480 tmxpflt.sys
11/09/2005 09:34 PM 31,248 tmpreflt.sys
11/09/2005 09:07 PM 1,022,432 VsapiNT.sys
06/10/2005 12:09 AM 139,528 rdpwd.sys
05/09/2005 08:17 PM 332,544 srv.sys
02/02/2005 05:21 AM 14,408 GEARAspiWDM.sys
01/31/2005 06:20 AM 211,712 LV561AV.SYS
01/31/2005 06:12 AM 22,016 LVUSBSta.sys
01/31/2005 06:04 AM 2,180,096 lvsvf2.sys
01/28/2005 05:44 PM 18,944 wpdusb.sys
01/19/2005 12:26 AM 451,584 mrxsmb.sys
01/18/2005 09:05 PM 35,456 tmtdi.sys
01/18/2005 09:03 PM 838,870 TM_CFW.sys
12/06/2005 05:19 PM <DIR> ..
12/06/2005 05:19 PM <DIR> .


**** LOOKING FOR ERSSDD (ErrorSafe) Rootkit Driver Reg Keys ****
--------------------------------------------------------------------------
CHECKING SYSTEM.INI:

---------- HKLMSYSKEYS.TXT
*** erssdd Keys NOT Found by this tool! ***

**** LOOKING FOR GencTurK RootKit Reg Keys ****

---------- HKLMSYSKEYS.TXT
*** GencTurK Keys NOT Found by this tool! ***


#####################################################################################################


-- All DONE!

~ PhilliePhan ~
Reply With Quote  
Join Date: Feb 2006
Location: NC
Posts: 238
Reputation: D3m3nt3d is an unknown quantity at this point 
Rep Power: 3
Solved Threads: 11
D3m3nt3d's Avatar
D3m3nt3d D3m3nt3d is offline Offline
Posting Whiz in Training

Re: Hijackthis report, I just don't know

  #8  
Apr 2nd, 2006
Ok - nothing showing in that log, but your 023 service is still there because it has to be Disabled and deleted.

Fixing it in HijackThis does not solve the problem.

Go to Start>Run and type Services.msc
-Right click System Restore Service and choose Stop if its not greyed out
-Now choose Properties and change the Startup Type to disabled

Open HijackThis
-Choose Open Misc Tools
-Choose Delete an NT Service
-Enter System Restore Service and delete it.

Now scan and check the following line in HijackThis if it exists
O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)

Let me know if your problem still persists...
Proud Member of ASAP (Alliance of Security Analysis Professionals)
Reply With Quote  
Join Date: Mar 2006
Posts: 33
Reputation: robbo_the_hood is an unknown quantity at this point 
Rep Power: 3
Solved Threads: 0
robbo_the_hood robbo_the_hood is offline Offline
Light Poster

Re: Hijackthis report, I just don't know

  #9  
Apr 2nd, 2006
That line doesn't show on my hijackthis report, also, system restore was already stopped when I opened services.msc, it wasn't disabled so I did that. Then in hijackthis, System Restore ervice was not found when I used the NT Service deleting tool.
Reply With Quote  
Join Date: Feb 2006
Location: NC
Posts: 238
Reputation: D3m3nt3d is an unknown quantity at this point 
Rep Power: 3
Solved Threads: 11
D3m3nt3d's Avatar
D3m3nt3d D3m3nt3d is offline Offline
Posting Whiz in Training

Re: Hijackthis report, I just don't know

  #10  
Apr 2nd, 2006
Can you please attach a new HijackThis log then?
Proud Member of ASAP (Alliance of Security Analysis Professionals)
Reply With Quote  
Reply
Page 1 of 4 1 23 > Last »

Only community members can participate in forum threads. You must register or log in to contribute.

Register
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 

DaniWeb Viruses, Spyware and other Nasties Marketplace
Thread Tools Display Modes
Linear Mode Linear Mode

adware antivirus complete information defender development exploit im internet kaspersky legal malware mcafee microsoft new folder new viruses news nhatquanglan reliability report search security software spyware survey svchost vendor virus viruses vista web windows
Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum

Advertising Opportunities on DaniWeb
Contact Us - Newsletter Archive - Sitemap - Privacy Statement
All times are GMT -4. The time now is 6:29 am.
Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC