Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

A MUST READ : Need your help on this please.

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion
View previous topic :: View next topic  
Author Message
forest_law_ph
Newbie


Joined: 15 Aug 2004
Last Visit: 27 Oct 2004
Posts: 7

PostPosted: Sun Sep 05, 2004 6:31 am    Post subject: A MUST READ : Need your help on this please. Reply with quote

Note I moved this from the hijackthis forum since there was no malware in the log, any comments about bluetootha and pest patrol are welcome, Nick

Logfile of HijackThis v1.98.2
Scan saved at 10:21:25 PM, on 9/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\MicroStar\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Peer Guardian Lite\pglite.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Download\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: PeerGuardian Lite.lnk = C:\Program Files\Peer Guardian Lite\pglite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: MSKB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra 'Tools' menuitem: MSKB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MicroStar\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MicroStar\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

This is my hijackthis log, hope you can help me with this one out and find any resource hogging processes and trojans.

There is also a questionable action by this microstar bluetooth driver,

pestpatrol finds it as unknown trojan

file info c:\windows\system32\btncopy.dll
WIDCOMM, INC.
Bluetooth Software 1.4.3 Build 3

Certainty
Confirmed

And when i just run bttray.exe so that i can send files to my cellphone through bluetooth, Zone Alarm firewall asks that Bluetooth Stack COM Server is trying to use Sendto from Explorer Application to access the internet. After denying that, a second alert appears Bluetooth Stack Com Server is trying to access the internet. After denying that 2nd alert, another appears Bluetooth Tray Application is trying to access the internet. So after denying all that, i right-click a file and select send to in order to send that file to my cellphone, ZA alerts me that SendTo from Explorer Application is trying to access the internet. After denying all those, the file is sent to my phone thru bluetooth without any problems.
Back to top
View user's profile Send private message
forest_law_ph
Newbie


Joined: 15 Aug 2004
Last Visit: 27 Oct 2004
Posts: 7

PostPosted: Sun Sep 05, 2004 9:42 pm    Post subject: Reply with quote

anyone please?
Back to top
View user's profile Send private message
Nick
Site Admin


Joined: 27 Feb 2004
Last Visit: 11 Dec 2014
Posts: 3913
Location: California

PostPosted: Tue Sep 07, 2004 1:39 am    Post subject: Reply with quote

There's no malware in the log. I wouldn't worry about Pest Patrol finding your bluetooth siles as bad. Pest Patrol tends to have many false positives.

I'll, move this to a forum where more people can reply to since the Hijackthis forum is limited to those who can respond.
Back to top
View user's profile Send private message
forest_law_ph
Newbie


Joined: 15 Aug 2004
Last Visit: 27 Oct 2004
Posts: 7

PostPosted: Tue Sep 07, 2004 6:50 am    Post subject: Reply with quote

Why does ZA firewall say that the bluetooth drivers and apps are trying to access the internet? Does it really need to do that? i doubt so.that's why i'm beginning to distrust this driver.

And when i just run bttray.exe so that i can send files to my cellphone through bluetooth, Zone Alarm firewall asks that Bluetooth Stack COM Server is trying to use Sendto from Explorer Application to access the internet. After denying that, a second alert appears Bluetooth Stack Com Server is trying to access the internet. After denying that 2nd alert, another appears Bluetooth Tray Application is trying to access the internet. So after denying all that, i right-click a file and select send to in order to send that file to my cellphone, ZA alerts me that SendTo from Explorer Application is trying to access the internet. After denying all those, the file is sent to my phone thru bluetooth without any problems.
Back to top
View user's profile Send private message
herbalist
Warrior Addict


Joined: 28 Aug 2004
Last Visit: 25 Jun 2008
Posts: 726
Location: northern Michigan

PostPosted: Tue Sep 07, 2004 8:53 am    Post subject: Reply with quote

Not being familiar with Bluetooth, I can only guess, but I'd wonder if some of that is for receiving incoming files or messages stored on their server. If Bluetooth is (to them) an unidentified remote access program, it could be shown as a trojan. If it also receives as well as sends files, that would explain much of it.
Rick
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group