Forum     

Go Back   Digit Technology Discussion Forum > Portables, Peripherals and Electronics > QnA (read only)
Spyware woes !! Spyware woes !!
Register FAQ Calendar Mark Forums Read

QnA (read only) Mods please help transfer the contents of this forum to proper sections. :)


 
 
LinkBack Thread Tools Search this Thread Display Modes
Old 07-06-2005, 04:56 PM   #1 (permalink)
The Hardware Labs
 
mohit's Avatar
 
Join Date: Feb 2005
Location: Raipur, India.
Posts: 1,546
Default Spyware woes !!

hey guyz ... i also faced my share of spyware probs when i got affected unknowingly by some spyware ... i have done a copmplete scan with nav 2005 , ms antispyware and ad-aware and removed all the crap. i am posting my hijack this log file just to be sure that i am free of spyware. plz check it. thanx in advance. also if anything is found plz tell me how shud i fix it with hjt.

Logfile of HijackThis v1.99.1
Scan saved at 4:51:43 PM, on 6/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\vsnphv71.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RConnect\RConnectDialer.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Essentials\GENERAL\SECURITY TOOLS\System Security suite\HIJACK THIS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SNPHV71] C:\WINDOWS\vsnphv71.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC932323-8822-4D93-A6D2-49569E0ADC04}: NameServer = 202.138.103.100 202.138.96.2
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
mohit is offline  
Advertisements. Register and be a member of the community to get rid of them.
Advertisement

Old 07-06-2005, 11:14 PM   #2 (permalink)
In The Zone
 
anomit's Avatar
 
Join Date: Mar 2005
Location: Kharagpur
Posts: 252
Default
Nothing found. But you would be better off using a firewall if u dont have.
__________________
Don\'t SYN me, I'll SYN you. :p
anomit is offline  
Old 07-06-2005, 11:23 PM   #3 (permalink)
In The Zone
 
anomit's Avatar
 
Join Date: Mar 2005
Location: Kharagpur
Posts: 252
Default
See if there are any registry keys like these:

Quote:
HKEY_USERS\S-1-5-18\Software\LQ
HKEY_USERS\.DEFAULT\Software\LQ

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Polic ies\Amep
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Policies\Amep
If present, delete them
__________________
Don\'t SYN me, I'll SYN you. :p
anomit is offline  
Old 08-06-2005, 11:51 AM   #4 (permalink)
Davislav Ivanuiz!!!
 
Kl@w-24's Avatar
 
Join Date: Apr 2004
Location: Pune
Posts: 1,396
Default
Check this file :

C:\WINDOWS\vsnphv71.exe

and this registry entry :

O4 - HKLM\..\Run: [SNPHV71]C:\WINDOWS\vsnphv71.exe
__________________
I was here when the forum's swear filter kept bleeping out the word 'FUNK'. :crazy::censored::eeksign:

www.abhi247.com | The Photohblog A Little Lunacy! [v3]

Flickr!
Kl@w-24 is offline  
Old 08-06-2005, 02:06 PM   #5 (permalink)
The Hardware Labs
 
mohit's Avatar
 
Join Date: Feb 2005
Location: Raipur, India.
Posts: 1,546
Default
@Kl@w-24
hey that file is something called snap shot viewer ... is it spyware ? it doenst get detected though and i dont knw which program installed it ..

swatkat are u there ??? plz go thru my log and temme if my sys is clean or not. thanx.
mohit is offline  
Old 08-06-2005, 02:22 PM   #6 (permalink)
Davislav Ivanuiz!!!
 
Kl@w-24's Avatar
 
Join Date: Apr 2004
Location: Pune
Posts: 1,396
Default
That file IS spyware. Run HijackThis again, then put a checkmark against it and fix it.
__________________
I was here when the forum's swear filter kept bleeping out the word 'FUNK'. :crazy::censored::eeksign:

www.abhi247.com | The Photohblog A Little Lunacy! [v3]

Flickr!
Kl@w-24 is offline  
Old 11-06-2005, 08:55 AM   #7 (permalink)
Distinguished Member
 
anandk's Avatar
 
Join Date: Mar 2005
Location: Pune
Posts: 3,783
Default
also run spybot and spywaredoctor to remove any registry keys or location which may have been missed out by ms antispy or adaware.
__________________
> www.TheWindowsClub.com <
= www.WinVistaClub.com =
Microsoft® MVP
anandk is offline  
 

Bookmarks

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
Latest Threads
Must Watch Movies Recommended By Digitians
- by ~Phenom~
Kingdom of Amalur: Reckoning discussion
- by vamsi_krishna
Your Gaming Backlog/Progress Report!
- by Ethan_Hunt
The LG Optimus One Thread
- by noobdroid
Poor Jokes Thread
- by rezurect007
Letsbuy.com now integrated with Flipkart.com
- by Terabyte
Battlefield 3 Multiplayer Discussion
- by Charan
Battlefield 3 discussion!
- by cyborg47
How to disable Airtel Missed Call Alerts
- by Charan
Diablo III Discussion
- by Gaurav Bhattacharjee

Advertisement




All times are GMT +5.5. The time now is 03:53 AM.

Contact Us - Thinkdigit.com - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2012, vBulletin Solutions, Inc.

Search Engine Optimization by vBSEO 3.3.2