Being spied on just can't figure

Computing.Net > Forums > Security and Virus > Being spied on just can't figure

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Being spied on just can't figure

Name: AndreaJ
Date: September 2, 2003 at 16:04:58 Pacific
OS: WinXP
CPU/Ram: Speed Intel(R) Pentium(R)

Comment:

I know I'm being tracked. I've checked virtually all of my .exe's .dll's and don't know how they are doing it. Can you help?
Logfile of HijackThis v1.96.4
Scan saved at 4:49:44 PM, on 9/2/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r4.attbi.com
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Andrea\Application Data\Mozilla\Profiles\default\3537m25m.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [WinTasks Traybar] C:\Program Files\LIUtilities\WinTasks\wintasks.exe traybar
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /1
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GoogleToolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GoogleToolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GoogleToolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GoogleToolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\GoogleToolbar.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: ComcastHSI (HKCU)
O9 - Extra button: Support (HKCU)
O9 - Extra button: Help (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.substance.com/save/makeover.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/09b6efa0bf9d42f31205/netzip/RdxIE601.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4290/mcfscan.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/webregtest/RegDload.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

Sponsored Link

Ads by Google

Response Number 1

Name: anonproxy
Date: September 2, 2003 at 16:41:12 Pacific

Reply:

"I know I'm being tracked."
Really, why is that? If you have some evidence, that is the best means of finding how anyone would be tracking you.
This is sort of like coming to the police and saying,"I'm being followed! I know it - heres the places I've been, the calls I've made, etc." All that still gives the police absolutely nothing to go on.

Response Number 2

Name: EC
Date: September 2, 2003 at 18:01:28 Pacific

Reply:

Just to say you are being spied on,
without evidence or manifestations of some kind, is not much to go on.
www.wilders.org and http://www.spychecker.com/software/antispy.html
has some excellent links to many FREE products that will assist you in actually determining if in fact you have been targeted.
Start with scanning for:
ADWARE, malware, trojans, data-mining cookies and key-loggers.

Response Number 3

Name: efabes
Date: September 3, 2003 at 10:02:01 Pacific

Reply:

How exactly do you know you are being tracked? Knowing this might help with the method.

Response Number 4

Name: Setter
Date: September 4, 2003 at 01:16:59 Pacific

Reply:

Hi AndreaJ,
Your HijackThis logfile is clean :-)
Mark

Response Number 5

Name: mjmcgurl
Date: September 11, 2003 at 11:49:34 Pacific

Reply:

the following process deserves closer
investigation:
C:\WINDOWS\System32\DSentry.exe
Its capabilities are fairly comprehensive.
look for it ... you may find your answer(s).

spying on coworkers data on dvd can't be read modem is not on or can't be detected	my n15235 motherboard but it just can't power on burned iso file on dvd can't be read burned iso file on dvd can't be read
See More

Response Number 6

Name: mjmcgurl
Date: September 11, 2003 at 11:55:46 Pacific

Reply:

Nix that last response ... eye glare :)

Response Number 7

Name: andreaj
Date: September 15, 2003 at 00:38:03 Pacific

Reply:

ok 8th try at post. I apologize if this is a duplicate post, but I am having difficulty with cookies ever since I secured my system down and have tried to respond to these posts several times. The response follows:
********
Just for info purposes, I have Zone Alarm (Stealth mode), Symantec, Ad Aware, Spy Checker, Spy Sites, as well as others and have run them religiously.
As it happens one of the readers here, JER1USCO1, provided me with a list of additional spyware tools including Spy Sweeper. And lo and behold on the log was SPYWARE IDENTIFIED: VNC with 11 traces.
I think it's installed when Comcast is the internet service provider utilizing their cable modem since it's located in their \\support\bin. That alone concerns me, but additionally we utilize VNC at work and the reading i did online suggests VNC is easily accessible.
To add to this, although a novice when it comes to the registry, I did find a �ForceUnlockLogon REG_DWORD" which appears to have to do with a forced logon bypassing the password hash. Perhaps this is a default register setting by Windows, but it makes me nervous.

Response Number 8

Name: andreaj
Date: September 15, 2003 at 00:47:24 Pacific

Reply:

Also I apologize for providing such limited knowledge about the problem. I had no hard and fast evidence, just weird network traffic and a baaaad gut feeling. Add to that, at work the security guys seem to have more information on me then I've ever provided. I assumed it was because of my own stupidity in opening my web e-mail at work one day. But the window of access was only 2 hours before I was home and changed the code. So that is still a possibility.
Like i told JER1USCO1, I'm very close to just bagging the whole thing and going back to the abacus!
And on a more positive note: This isn't mine, but I found it in my searches today
"The path to enlightenment is /usr / bin / enlightenment"

Sponsored Link

Ads by Google

Browser Hijacking

IE slowwwwwww to change p...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Being spied on just can't figure

can't create AVG Rescue Disks

Summary

www.computing.net/answers/security/cant-create-avg-rescue-disks/5817.html

Can't Open Windows Media Player

Summary

www.computing.net/answers/security/cant-open-windows-media-player/11022.html

Can't tell if I have a firewall

Summary

www.computing.net/answers/security/cant-tell-if-i-have-a-firewall/328.html

From the Geek Dictionary
chesk - A desk that has the chair attached to it. From ch(air)+{d}esk. Although pop...

Ask a Question!

Weekly Poll
Do you believe in Video Game Addiction?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
Why does my router ping me and test ports

HELP unmountable_boot_volume

outlook to outlook express

monitor is not working

cant connect ipod

All Awaiting Reply

Tom's News
Queues in Manhattan Form as DROID Launches

Report: $99 iPhone 3GS in Time For the Holidays

Game Boy, Ball Gets Into Toy Hall of Fame

iPhone Developer Stealing Private Info

Nintendo: There is No Wii HD

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE