Author Topic: spyware galore (Read 437 times)

Guest_Matt_* · « **on:** February 12, 2005, 08:36:45 PM »

my friend says that i hyave a lot of spyware on my computer so i saved a copy af hijack this, could you please have a look at it

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\David Dale\My Documents\Matthew\spy\firewall\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\David Dale\My Documents\Matthew\spy\AntiVir\AVWUPSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\David Dale\My Documents\Matthew\spy\AntiVir\AVWIN.EXE
C:\Documents and Settings\David Dale\My Documents\Matthew\spy\blaster\SpywareBlaster\spywareblaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\David Dale\My Documents\Matthew\spy\SpywareGuard\sgmain.exe
C:\Documents and Settings\David Dale\My Documents\Matthew\spy\SpywareGuard\sgbhp.exe
C:\Documents and Settings\David Dale\My Documents\Matthew\spy\WinPatrol\WinPatrol.exe
C:\Documents and Settings\David Dale\My Documents\Matthew\spy\hijack\hijackthis.exe
C:\Program Files\Messenger\msmsgs.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Documents and Settings\David Dale\My Documents\Matthew\spy\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\DAVIDD~1\MYDOCU~1\Matthew\spy\spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AdwareFilter - {1028F737-81E7-452B-A860-E50CAD90A08C} - C:\Program Files\AdwareFilterToolBar\AdwareFilter.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "c:\program files\clone cd2\ElbyCheck.exe" /L ElbyCDFL
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: ppctlcab - http://69.44.122.156/scanner/ppctlcab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://69.44.122.156/scanner/axscanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEE12291-7C9A-44AF-B0FE-5A2F0A45C92E}: NameServer = 203.96.152.4,203.96.152.12
O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: shell - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Documents and Settings\David Dale\My Documents\Matthew\spy\AntiVir\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Documents and Settings\David Dale\My Documents\Matthew\spy\AntiVir\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Documents and Settings\David Dale\My Documents\Matthew\spy\firewall\smc.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor - Unknown - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

thank you

ps my email address is specialmattATgmailDOTcom

guestolo · « **Reply #1 on:** February 13, 2005, 12:36:23 AM »

What problems are you having exactly?
I wouldn't recommend running 2 Anti-Virus software on your computer
You appear to be using AntiVir and Norton's

Choose which one your happiest with and uninstall the other
Having more than one AV can cause conflicts
And a decrease in system performance
Besides the above

There's not that much wrong with your log

It appears that you uninstalled Zone Alarm and using Sygates instead, I like Sygates too

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />
If that is the case
With all other windows closed, do another scan with Hijackthis and put a tick next to this entry

O23 - Service: TrueVector Internet Monitor - Unknown - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

FIX CHECKED

Restart your computer

This line in your log, don't fix it yet
O3 - Toolbar: AdwareFilter - {1028F737-81E7-452B-A860-E50CAD90A08C} - C:\Program Files\AdwareFilterToolBar\AdwareFilter.dll

Indicates you have SpyAssassin installed
If you haven't paid for it I would Uninstall it >> Restart your computer
SpyAssassin is on the Rogue list>>Ones not too use
Take a look
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Post back a fresh log afterwards, I want to see if those entries are gone
Could you include the whole log please
Including the top header which includes Hijackthis version
Operating system

A+Net+MCP · « **Reply #2 on:** February 13, 2005, 01:13:19 AM »

Yeh don't use 2 anti-virus or 2 firewalls, conflicts yo. Use spybot S&D and Spysweeper3.5.

TheTechGuide Forum

News:

Author Topic: spyware galore (Read 437 times)

Guest_Matt_*

spyware galore

guestolo

spyware galore

A+Net+MCP

spyware galore