ceez Posted February 9, 2005 Share Posted February 9, 2005 Zup peeps!?I was going through my startup via the registry when i noticed the following entry:C:\windows\system32\netdaemon /vDoes anyone know what this is? I do use Daemon Tools but I doubt this has anything to do with it. I googled the issue and I find some sites that say that it kills spyware & adware detection programs! I ran MS Antispyware and it detected some junk but not this netdaemon demon! I delete it from the registry and it comes back up after I reboot or I logoff/logon. That's usually how viruses act up!Can anyone shed some light on this one?and if anyone can help with a hijackthis log, well here's mine:Logfile of HijackThis v1.98.2Scan saved at 12:18:21 AM, on 2/9/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Executive Software\Diskeeper\DkService.exeC:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXEC:\WINDOWS\System32\inetsrv\inetinfo.exeC:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exeC:\Program Files\No-IP\DUC20.exeC:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXEC:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\MICROR~1\Keyboard\Ikeymain.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\windows\system32\netdaemon.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Documents and Settings\Ceez\Desktop\hijackthis\HijackThis.exeR3 - Default URLSearchHook is missingO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Merriam-Webster Online BHO - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLLO2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dllO2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dllO2 - BHO: Picture Ace - {CC7C8206-344B-45AB-B898-78D06229268F} - C:\Program Files\UnH Solutions\Picture Ace\PictureAce.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLLO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dllO4 - HKLM\..\Run: [ccApp]"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\MICROR~1\Keyboard\Ikeymain.exeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [netdaemon] C:\windows\system32\netdaemon /vO4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htmO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Picture Ace - {1FCAD22D-3FC8-4811-A247-9EBA202F01CE} - (no file) (HKCU)O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - (no file) (HKCU)O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dllO10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dllO10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dllO10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dllO16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cabO16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.merriam-webster.com/toolbar/webinstall.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://192.168.1.103/tsweb/msrdp.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://70.147.220.221/activex/AxisCamControl.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{22DB52F8-8A6C-4E39-8E8C-11D997C1F9EC}: NameServer = 205.152.144.23,205.152.132.23O17 - HKLM\System\CCS\Services\Tcpip\..\{6BA7F960-A764-4442-BB21-7454B818D709}: NameServer = 205.152.144.23,205.152.132.23O17 - HKLM\System\CS1\Services\Tcpip\..\{22DB52F8-8A6C-4E39-8E8C-11D997C1F9EC}: NameServer = 205.152.144.23,205.152.132.23thkz a bunch! Ceez Link to comment Share on other sites More sharing options...
MCT Posted February 9, 2005 Share Posted February 9, 2005 http://www.anti-spy.info/process/netdaemon.exe.htmli WOULD really not use NAV if i were u, use something like Nod32 & DONT USE IE , instead use opera or firefox more secure Link to comment Share on other sites More sharing options...
ceez Posted February 9, 2005 Author Share Posted February 9, 2005 thkz for the link but it doesnt tell me much about it! I'll try trendmicro's housecall when i get home today and see if it picks it up. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now