Is my computer safe?

SearchEnDie · 02-28-2006, 12:31 AM

Logfile of HijackThis v1.99.1
Scan saved at 5:31:00 PM, on 2/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msnsgr.exe
C:\WINDOWS\system32\msnmser.exe
C:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\User.NGUYEN-22\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sympatico.ca/iesearchpane.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sympatico.ca/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Microsoft Corporate MSN] msnsgr.exe
O4 - HKLM\..\Run: [Microsoft MSN messenger 7.x] msnmser.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunServices: [Microsoft Corporate MSN] msnsgr.exe
O4 - HKLM\..\RunServices: [Microsoft MSN messenger 7.x] msnmser.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123441755082
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Unknown owner - C:\Program Files\GhostSurf 2005\DeleteSvc.exe (file missing)

**Buzz1927** · 02-28-2006, 02:05 AM

Run Hijackthis and select "Do a system scan only", place a check by the following entries.

O4 - HKLM\..\Run: [Microsoft Corporate MSN] msnsgr.exe
O4 - HKLM\..\Run: [Microsoft MSN messenger 7.x] msnmser.exe
O4 - HKLM\..\RunServices: [Microsoft Corporate MSN] msnsgr.exe
O4 - HKLM\..\RunServices: [Microsoft MSN messenger 7.x] msnmser.exe
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Close all open windows and browsers, and hit "Fix Checked".

Delete these files.

C:\WINDOWS\system32\msnsgr.exe
C:\WINDOWS\system32\msnmser.exe

Then get a firewall and anti-virus program.
Basic Malware Prevention

AcrossAndi · 02-28-2006, 03:34 AM

No, your computer is not safe.

You have Windows, Internet Explorer, MSN, Winamp, HijackThis...

All these are Spyware. If you wish to use Windows, keep Windows and IE, but get rid of the rest. ESPECIALLY Winamp!!! That is the biggest piece of spyware around, apart from Microsoft Products.

Dr Studly · 02-28-2006, 03:38 AM

Quote:

Originally Posted by AcrossAndi

No, your computer is not safe.

You have Windows, Internet Explorer, MSN, Winamp, HijackThis...

All these are Spyware. If you wish to use Windows, keep Windows and IE, but get rid of the rest. ESPECIALLY Winamp!!! That is the biggest piece of spyware around, apart from Microsoft Products.

dude...? r u trying 2 help?

ignore this guy

AcrossAndi · 02-28-2006, 04:01 AM

Quote:

Originally Posted by Encore4More

dude...? r u trying 2 help?

ignore this guy

I am helping, more than you know. I know what is and isn't spyware. And I am merely telling him what his spyware is that hasn't yet been told to them.

Regards,
The Ignored One.

Altanore · 02-28-2006, 04:08 AM

I would ignore him too.. winamp is not spyware at all, same with MSN... no clue what he is talking about. However, I do recommend switching from internet explorer to firefox as firefox has better protection.

AcrossAndi · 02-28-2006, 04:19 AM

Quote:

Originally Posted by Altanore

I would ignore him too.. winamp is not spyware at all, same with MSN... no clue what he is talking about. However, I do recommend switching from internet explorer to firefox as firefox has better protection.

I would tend to disagree with you.

Winamp IS Spyware. If you look at the detailed logs of your Gateway, then you will see that Winamp sends data from your PC to the Winamp server quite often.

My father noticed this one day when he was looking through the logs and found out what was going on with the internet connection.

And MSN uses a port which make it much easier for hackers to get access to your machine. Ones that work for Microsoft as well.

Regards,
Andrew.

Motoxrdude · 02-28-2006, 04:22 AM

Winamp and msn arent potentially dangerous, but can lead to other dangerous as AcrossAndi stated that it does open ports.

[-0MEGA-] · 02-28-2006, 04:24 AM

Quote:

Originally Posted by AcrossAndi

I would tend to disagree with you.

Winamp IS Spyware. If you look at the detailed logs of your Gateway, then you will see that Winamp sends data from your PC to the Winamp server quite often.

My father noticed this one day when he was looking through the logs and found out what was going on with the internet connection.

And MSN uses a port which make it much easier for hackers to get access to your machine. Ones that work for Microsoft as well.

Regards,
Andrew.

HijackThis isnt spyware, and WinAmp is not spyware. When you read and accept the agreements, you are saying that you allow winamp to send info to their server. Spyware is when that happens without your consent.

AcrossAndi · 02-28-2006, 04:34 AM

Quote:

Originally Posted by [-0MEGA-]

HijackThis isnt spyware, and WinAmp is not spyware. When you read and accept the agreements, you are saying that you allow winamp to send info to their server. Spyware is when that happens without your consent.

Winamp sends more than what they say it sends. I have monitored this many times, and it always sends more than the info it says it will.

And HijackThis is another Trojan, well, it used to be, if they have changed it, then it is my mistake, for I have not used those products because they used to be spyware, and may still be.

Regards,
Andrew.

02-28-2006, 12:31 AM	#1 (permalink)
SearchEnDie Bronze Member Join Date: Apr 2005 Posts: 42	Is my computer safe? Logfile of HijackThis v1.99.1 Scan saved at 5:31:00 PM, on 2/27/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\msnsgr.exe C:\WINDOWS\system32\msnmser.exe C:\WINDOWS\system32\LVCOMSX.EXE D:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\DfrgNtfs.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\User.NGUYEN-22\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sympatico.ca/iesearchpane.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sympatico.ca/homepage.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [Microsoft Corporate MSN] msnsgr.exe O4 - HKLM\..\Run: [Microsoft MSN messenger 7.x] msnmser.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\RunServices: [Microsoft Corporate MSN] msnsgr.exe O4 - HKLM\..\RunServices: [Microsoft MSN messenger 7.x] msnmser.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123441755082 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Unknown owner - C:\Program Files\GhostSurf 2005\DeleteSvc.exe (file missing)

02-28-2006, 02:05 AM	#2 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 6,104	Run Hijackthis and select "Do a system scan only", place a check by the following entries. O4 - HKLM\..\Run: [Microsoft Corporate MSN] msnsgr.exe O4 - HKLM\..\Run: [Microsoft MSN messenger 7.x] msnmser.exe O4 - HKLM\..\RunServices: [Microsoft Corporate MSN] msnsgr.exe O4 - HKLM\..\RunServices: [Microsoft MSN messenger 7.x] msnmser.exe O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) Close all open windows and browsers, and hit "Fix Checked". Delete these files. C:\WINDOWS\system32\msnsgr.exe C:\WINDOWS\system32\msnmser.exe Then get a firewall and anti-virus program. Basic Malware Prevention __________________ The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight!

02-28-2006, 03:34 AM	#3 (permalink)
AcrossAndi New Member Join Date: Feb 2006 Posts: 24	No, your computer is not safe. You have Windows, Internet Explorer, MSN, Winamp, HijackThis... All these are Spyware. If you wish to use Windows, keep Windows and IE, but get rid of the rest. ESPECIALLY Winamp!!! That is the biggest piece of spyware around, apart from Microsoft Products. __________________ ---------------- Processor: Pentium 4 2.4 Ram: 256MB HDD: 2TB Drives: BlueDVD-RW Combo CD RW Drive Zip Drive Orb Drive Removable Drive 5GB Removable Flash Cards NW: GigaBit Network

02-28-2006, 04:08 AM	#6 (permalink)
Altanore Gold Member Join Date: Aug 2005 Location: Canada Age: 21 Posts: 255	I would ignore him too.. winamp is not spyware at all, same with MSN... no clue what he is talking about. However, I do recommend switching from internet explorer to firefox as firefox has better protection. __________________ Processor: AMD Athlon64 3200+ S939 Ram: 2x 1GB PC3200 Corsair DDR @dual Channel Video Card: PCI express ATI Radeon X800XL 256mb DDR3 Overclocked Motherboard: MSI K8N Neo4 Platinum Drive: LG 16x16 DL DVD±RW w/Light Scribe Hard Drive: Western Digital Sata 120GB 7200rpm, 2x Seagate 320GB 7200RPM 16MB SATA II, WD 150GB Raptor 10k RPM, SATA, 250GB Lacie External HD Sound: Sound Blaster X-Fi Fatal1ty FPS Power Supply: Enermax 535W FMA2 Cooling: Many fans, Thermaltake Bigwater SE.

02-28-2006, 04:22 AM	#8 (permalink)
Motoxrdude Diamond Member Join Date: Nov 2005 Location: Nor Cal Age: 17 Posts: 5,970	Winamp and msn arent potentially dangerous, but can lead to other dangerous as AcrossAndi stated that it does open ports. __________________ RIP Mom 9/17/55-02/22/08.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode