PDA

View Full Version : Spyware

Gerann Gerber
08-13-2004, 10:04 AM
Hi There

Can somebody please help me with this. I've downloaded hijackthis and these
are my results:

Logfile of HijackThis v1.98.2
Scan saved at 07:54:46 PM, on 2004/08/13
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\System32\MMTray.exe
D:\WINDOWS\System32\MMTray2k.exe
D:\WINDOWS\System32\MMTrayLSI.exe
D:\WINDOWS\System32\qttask.exe
D:\WINDOWS\wovax.exe
D:\Program Files\Common Files\slmss\slmss.exe
D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
D:\WINDOWS\jawa32.exe
D:\Program Files\ClockSync\Sync.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\PROGRA~1\Altnet\DOWNLO~1\adm.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\Temp\HijackThis.exe
D:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://default-homepage-network.com/start.cgi?hkcu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://default-homepage-network.com/start.cgi?hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.seekseek.com/quicksearch.asp?keyphrase=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R3 - URLSearchHook: URLSearch Class -
{965A592F-8EFA-4250-8630-7960230792F1} - D:\WINDOWS\System32\cdsm32.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} -
D:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SDWin32 Class - {892E3C68-BF52-4073-909C-BB8AB38E2826} -
D:\WINDOWS\System32\bxopg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [P2P Networking] D:\WINDOWS\System32\P2P Networking\P2P
Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points
Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WhenUSave] D:\Program Files\Save\Save.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [QuickTime Task]
"D:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [wovax] D:\WINDOWS\wovax.exe
O4 - HKLM\..\Run: [kqxlhlqx] D:\WINDOWS\System32\wjuvsc.exe
O4 - HKLM\..\Run: [slmss] D:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [aqadcup] D:\WINDOWS\aqadcup.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] D:\Program Files\Common
Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [bxopgc] D:\WINDOWS\System32\bxopgc.exe
O4 - HKLM\..\Run: [Jawa32] D:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [stcloader] D:\WINDOWS\System32\stcloader.exe
O4 - HKCU\..\Run: [ClockSync] D:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [sp] C:\sp.exe
O4 - HKCU\..\Run: [Jawa32] D:\WINDOWS\jawa32.exe
O4 - Global Startup: GStartup.lnk = D:\Program Files\Common
Files\GMT\GMT.exe
O12 - Plugin for .spop: D:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {10000000-1000-0000-1000-000000000000} -
ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} -
http://www.whenusearch.com/WUInstSECS.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{BBA8158C-44C1-4AB7-934B-BF8E64318C28}:
NameServer = 196.43.1.11 196.25.1.11

Can somebody please tell me which is spyware that I should delete.

Best Regards
Gerann
Lew Pitcher
08-13-2004, 10:45 AM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gerann Gerber wrote:
Hi There Can somebody please help me with this. I've downloaded hijackthis and
these are my results: Logfile of HijackThis v1.98.2 Scan saved at 07:54:46 PM, on 2004/08/13 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
[snip]

I'm sorry, but your post is off-topic for the comp.windows.x.apps newsgroup.

The topic of the comp.windows.x.apps newsgroup is applications that use
the X network protocol to perform networked GUI activity, and we have
nothing to do with Microsoft Windows except for discussing X
applications implemented in that arena (very few).

I see that you have cross-posted this to several MS-Windows newsgroups.
They are your best bet for an answer. You should take
comp.windows.x.apps off your reply list.

Sorry

- --

Lew Pitcher, IT Consultant, Enterprise Application Architecture
Enterprise Technology Solutions, TD Bank Financial Group

(Opinions expressed here are my own, not my employer's)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)

iD8DBQFBHQw0agVFX4UWr64RAtmWAKC/swOcNPYhhfVoclBovX3bFX6yrgCdHVkw
O6HiS/nd9DUSP3M3yPSUKD4=
=tpVb
-----END PGP SIGNATURE-----
MartinB
09-27-2005, 08:11 PM
> I'm sorry, but your post is off-topic for the comp.windows.x.apps
newsgroup.

no wonder you don't get any traffic here

MyLounge.com Site Map
Forum: Cars, Cell Phone, Database, Games, Home Improvement, IT, Music, School, Sports, Web Design, Web Server, Weight Loss

The MyLounge.com forum is intended for informational use only and should not be relied upon and is not a substitute for any advice. The information contained on MyLounge.com are opinions and suggestions of members and is not a representation of the opinions of MyLounge.com. MyLounge.com does not warrant or vouch for the accuracy, completeness or usefulness of any postings or the qualifications of any person responding. Please consult a expert or seek the services of an attorney in your area for more accuracy on your specific situation. Please note that our forums also serve as mirrors to Usenet newsgroups. Many posts you see on our forums are made by newsgroup users who may not be members of MyLounge.com Term of Service