Is my computer safe?

[SearchEnDie]

Logfile of HijackThis v1.99.1
Scan saved at 5:31:00 PM, on 2/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msnsgr.exe
C:\WINDOWS\system32\msnmser.exe
C:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\User.NGUYEN-22\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sympatico.ca/iesearchpane.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sympatico.ca/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Microsoft Corporate MSN] msnsgr.exe
O4 - HKLM\..\Run: [Microsoft MSN messenger 7.x] msnmser.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunServices: [Microsoft Corporate MSN] msnsgr.exe
O4 - HKLM\..\RunServices: [Microsoft MSN messenger 7.x] msnmser.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123441755082
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Unknown owner - C:\Program Files\GhostSurf 2005\DeleteSvc.exe (file missing)

 

[Buzz1927]

Run Hijackthis and select "Do a system scan only", place a check by the following entries.

O4 - HKLM\..\Run: [Microsoft Corporate MSN] msnsgr.exe
O4 - HKLM\..\Run: [Microsoft MSN messenger 7.x] msnmser.exe
O4 - HKLM\..\RunServices: [Microsoft Corporate MSN] msnsgr.exe
O4 - HKLM\..\RunServices: [Microsoft MSN messenger 7.x] msnmser.exe
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Close all open windows and browsers, and hit "Fix Checked".

Delete these files.

C:\WINDOWS\system32\msnsgr.exe
C:\WINDOWS\system32\msnmser.exe

Then get a firewall and anti-virus program.
http://www.computerforum.com/showthread.php?t=17717

 

[AcrossAndi]

No, your computer is not safe.

You have Windows, Internet Explorer, MSN, Winamp, HijackThis...

All these are Spyware. If you wish to use Windows, keep Windows and IE, but get rid of the rest. ESPECIALLY Winamp!!! That is the biggest piece of spyware around, apart from Microsoft Products.

 

[Dr Studly]

No, your computer is not safe.

You have Windows, Internet Explorer, MSN, Winamp, HijackThis...

All these are Spyware. If you wish to use Windows, keep Windows and IE, but get rid of the rest. ESPECIALLY Winamp!!! That is the biggest piece of spyware around, apart from Microsoft Products.

dude...? r u trying 2 help?

ignore this guy

 

[AcrossAndi]

dude...? r u trying 2 help?

ignore this guy

I am helping, more than you know. I know what is and isn't spyware. And I am merely telling him what his spyware is that hasn't yet been told to them.

Regards,
The Ignored One.

 

[Altanore]

I would ignore him too.. winamp is not spyware at all, same with MSN... no clue what he is talking about. However, I do recommend switching from internet explorer to firefox as firefox has better protection.

 

[AcrossAndi]

I would ignore him too.. winamp is not spyware at all, same with MSN... no clue what he is talking about. However, I do recommend switching from internet explorer to firefox as firefox has better protection.

I would tend to disagree with you.

Winamp IS Spyware. If you look at the detailed logs of your Gateway, then you will see that Winamp sends data from your PC to the Winamp server quite often.

My father noticed this one day when he was looking through the logs and found out what was going on with the internet connection.

And MSN uses a port which make it much easier for hackers to get access to your machine. Ones that work for Microsoft as well.

Regards,
Andrew.

 

[Motoxrdude]

Winamp and msn arent potentially dangerous, but can lead to other dangerous as AcrossAndi stated that it does open ports.

 

[Geoff]

I would tend to disagree with you.

Winamp IS Spyware. If you look at the detailed logs of your Gateway, then you will see that Winamp sends data from your PC to the Winamp server quite often.

My father noticed this one day when he was looking through the logs and found out what was going on with the internet connection.

And MSN uses a port which make it much easier for hackers to get access to your machine. Ones that work for Microsoft as well.

Regards,
Andrew.

HijackThis isnt spyware, and WinAmp is not spyware. When you read and accept the agreements, you are saying that you allow winamp to send info to their server. Spyware is when that happens without your consent.

 

[AcrossAndi]

HijackThis isnt spyware, and WinAmp is not spyware. When you read and accept the agreements, you are saying that you allow winamp to send info to their server. Spyware is when that happens without your consent.

Winamp sends more than what they say it sends. I have monitored this many times, and it always sends more than the info it says it will.

And HijackThis is another Trojan, well, it used to be, if they have changed it, then it is my mistake, for I have not used those products because they used to be spyware, and may still be.

Regards,
Andrew.

 

[Geoff]

Hijack This is a program used to scan your registry and startup files. As far as i know its not spyware, buzz would know for sure though.

 

[AcrossAndi]

Hijack This is a program used to scan your registry and startup files. As far as i know its not spyware, buzz would know for sure though.

Why not use a good program? One that scans itself aas well, incase it gets infected?

 

[Geoff]

Why not use a good program? One that scans itself aas well, incase it gets infected?

well hijack this is mainly used to prepare a process, startup and registry key list, and it's the only program i know of that does that.

 

[AcrossAndi]

Oh, okay, interesting.. They have changed it since I used it last.

Maybe I'll have to check it out again.

Regards,
Andrew.

 

[SearchEnDie]

Yes, I agree with 0mega buzz would know. thanks.

 

[Buzz1927]

And HijackThis is another Trojan

I think you're referring to the problems McAfee has had with Hijackthis. I think it was something to do with the compression method used in Hijackthis, which caused McAfee to flag it as a trojan. Hijackthis is a tool used for finding malware, it has never been anything else.

However, I do recommend switching from internet explorer to firefox as firefox has better protection.

They're already using Firefox.