Spyware

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by lascelles hall, Jul 19, 2004.

  1. lascelles hall

    lascelles hall Private E-2

    Had problems with spyware over last copule of weeks.

    I have downloaded ad-aware, spybot and cw shredder and have finally downloaded hi-jack this.

    I am convinced that I still have some of this stuff on my system as Norton Antivirus keeps picking up odd files periodically.

    Can someone have a read through the following hijack this log, I have looked through best I can using the guide available through Major Geeks but as I am more of user than a programmer, this is a little confusing.

    Thanks

    Gary

    system info:
    SYSTEM INFORMATION 19-07-2004

    [ MY COMPUTER ]

    Computer Name: YOUR-ROBA9SI0ML
    BIOS Type: AT/AT COMPATIBLE
    BIOS Date: 08/13/02
    Memory: 255 Mb
    Drives:
    A: [DISC DRIVE]
    C: [HARD DISC] 9.3 GB "VAIO" NTFS
    D: [HARD DISC] 9.3 GB "VAIO" NTFS
    E: [COMPACT DISC]

    [ PROCESSOR ]

    Description:
    Vendor: AuthenticAMD
    Speed: 1.40 GHz
    Type: Primary
    Count: 1 CPUs found
    Features: FPU RDTSC MMX MMX+ 3DNow! 3DNow!+ iSSE

    [ OPERATING SYSTEM ]

    Description: Windows XP (official final release)
    Platform: Windows NT
    Version: 5.1 (Build: 2600)
    Title: Uniprocessor Free
    ID: 55274-OEM-0011903-00110
    Key:
    DirectX: 4.09.00.0902
    Login Name: staples
    Register Name: staples
    Company:
    Time Zone: GMT Standard Time
    Windows Path: C:\WINDOWS
    System Path: C:\WINDOWS\System32
    Temp Path: C:\DOCUME~1\staples\LOCALS~1\Temp\
    Add-On: Service Pack 1

    [ DEVICES ]

    Keyboard: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    Mouse: HID-compliant mouse
    Printers:
    Canon i560 (Default)
    Canon Bubble-Jet BJC-70
    Ports:
    Communications Port
    ECP Printer Port
    Wave Audio: VIA Audio (WAVE) v5.10
    Midi Audio: Microsoft GS Wavetable SW Synth v5.10
    Audio Mixer: VIA Audio (WAVE) v5.10
    Media:
    VIA AC'97 Audio Controller (WDM)
    Media Control Devices
    Video Codecs
    Audio Codecs
    Legacy Video Capture Devices
    Legacy Audio Drivers
    Microsoft Streaming Clock Proxy
    Microsoft Kernel System Audio Device
    Microsoft Kernel Wave Audio Mixer
    Microsoft WINMM WDM Audio Compatibility Driver
    Microsoft Streaming Service Proxy
    Microsoft Kernel DLS Synthesizer
    Microsoft Streaming Quality Manager Proxy
    Microsoft Kernel GS Wavetable Synthesizer
    Microsoft Kernel Acoustic Echo Canceller
    Microsoft Kernel DRM Audio Descrambler
    Microsoft Kernel Audio Splitter
    Closed Caption Decoder
    NABTS/FEC VBI Codec
    World Standard Teletext Codec
    BDA Slip De-Framer
    BDA IPSink
    Microsoft Streaming Tee/Sink-to-Sink Converter
    Microsoft Streaming Tee/Sink-to-Sink Converter
    Sony MVDVCR Device



    Logfile of HijackThis v1.98.0
    Scan saved at 22:22:03, on 19/07/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\System32\atiptaxx.exe
    C:\WINDOWS\System32\ICO.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
    F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [adiras] adiras.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: GetMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\GetMP3 (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
    O15 - Trusted Zone: *.sony-europe.com
    O15 - Trusted Zone: *.sonystyle-europe.com
    O15 - Trusted Zone: *.vaio-link.com
    O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/aplicacion.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://212.50.188.245/c/msrdp.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
     
    lascelles hall, Jul 19, 2004
    #1

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds