 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
forest_law_ph
Newbie
Joined: 15 Aug 2004
Last Visit: 27 Oct 2004
Posts: 7
|
 Posted: Sun Sep 05, 2004 6:31 am Post subject: A MUST READ : Need your help on this please. |
 |
|
Note I moved this from the hijackthis forum since there was no malware in the log, any comments about bluetootha and pest patrol are welcome, Nick
Logfile of HijackThis v1.98.2
Scan saved at 10:21:25 PM, on 9/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\MicroStar\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Peer Guardian Lite\pglite.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Download\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: PeerGuardian Lite.lnk = C:\Program Files\Peer Guardian Lite\pglite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: MSKB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra 'Tools' menuitem: MSKB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MicroStar\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MicroStar\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
This is my hijackthis log, hope you can help me with this one out and find any resource hogging processes and trojans.
There is also a questionable action by this microstar bluetooth driver,
pestpatrol finds it as unknown trojan
file info c:\windows\system32\btncopy.dll
WIDCOMM, INC.
Bluetooth Software 1.4.3 Build 3
Certainty
Confirmed
And when i just run bttray.exe so that i can send files to my cellphone through bluetooth, Zone Alarm firewall asks that Bluetooth Stack COM Server is trying to use Sendto from Explorer Application to access the internet. After denying that, a second alert appears Bluetooth Stack Com Server is trying to access the internet. After denying that 2nd alert, another appears Bluetooth Tray Application is trying to access the internet. So after denying all that, i right-click a file and select send to in order to send that file to my cellphone, ZA alerts me that SendTo from Explorer Application is trying to access the internet. After denying all those, the file is sent to my phone thru bluetooth without any problems. |
|
| Back to top |
|
 |
forest_law_ph
Newbie
Joined: 15 Aug 2004
Last Visit: 27 Oct 2004
Posts: 7
|
| Posted: Sun Sep 05, 2004 9:42 pm Post subject: |
|
|
| anyone please? |
|
| Back to top |
|
|
Nick
Site Admin
Joined: 27 Feb 2004
Last Visit: 28 Aug 2012
Posts: 3913
Location: California
|
| Posted: Tue Sep 07, 2004 1:39 am Post subject: |
|
|
There's no malware in the log. I wouldn't worry about Pest Patrol finding your bluetooth siles as bad. Pest Patrol tends to have many false positives.
I'll, move this to a forum where more people can reply to since the Hijackthis forum is limited to those who can respond.
_________________
Nick's Security Ticker
 |
|
| Back to top |
|
|
forest_law_ph
Newbie
Joined: 15 Aug 2004
Last Visit: 27 Oct 2004
Posts: 7
|
| Posted: Tue Sep 07, 2004 6:50 am Post subject: |
|
|
Why does ZA firewall say that the bluetooth drivers and apps are trying to access the internet? Does it really need to do that? i doubt so.that's why i'm beginning to distrust this driver.
And when i just run bttray.exe so that i can send files to my cellphone through bluetooth, Zone Alarm firewall asks that Bluetooth Stack COM Server is trying to use Sendto from Explorer Application to access the internet. After denying that, a second alert appears Bluetooth Stack Com Server is trying to access the internet. After denying that 2nd alert, another appears Bluetooth Tray Application is trying to access the internet. So after denying all that, i right-click a file and select send to in order to send that file to my cellphone, ZA alerts me that SendTo from Explorer Application is trying to access the internet. After denying all those, the file is sent to my phone thru bluetooth without any problems. |
|
| Back to top |
|
|
herbalist
Warrior Addict
Joined: 28 Aug 2004
Last Visit: 25 Jun 2008
Posts: 726
Location: northern Michigan
|
| Posted: Tue Sep 07, 2004 8:53 am Post subject: |
|
|
Not being familiar with Bluetooth, I can only guess, but I'd wonder if some of that is for receiving incoming files or messages stored on their server. If Bluetooth is (to them) an unidentified remote access program, it could be shown as a trojan. If it also receives as well as sends files, that would explain much of it.
Rick |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
