sensi12002
asked on
Please look at my Hijack this log
I have an icon in my system tray and I keep getting pop ups..lots to spyfalcon.
can anyone tell me what is causing it from looking at my hijack this log?
Running processes:
D:\WINDOWS\System32\smss.e
D:\WINDOWS\system32\winlog
D:\WINDOWS\system32\servic
D:\WINDOWS\system32\lsass.
D:\WINDOWS\system32\Ati2ev
D:\WINDOWS\system32\svchos
D:\WINDOWS\System32\svchos
D:\WINDOWS\system32\brsvc0
D:\WINDOWS\system32\spools
D:\WINDOWS\system32\brss01
D:\PROGRA~1\Grisoft\AVGFRE
D:\PROGRA~1\Grisoft\AVGFRE
D:\WINDOWS\system32\bmwebc
D:\WINDOWS\system32\cba\pd
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\PROGRA~1\Symantec\SYMAN
D:\WINDOWS\System32\svchos
D:\Program Files\Symantec\ClientVPN\v
D:\Program Files\Symantec\ClientVPN\l
D:\Program Files\Symantec\ClientVPN\e
D:\WINDOWS\system32\ams_ii
D:\WINDOWS\system32\MsgSys
D:\WINDOWS\system32\ams_ii
D:\WINDOWS\system32\cba\xf
D:\WINDOWS\system32\Ati2ev
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\WINDOWS\system32\ctfmon
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\PROGRA~1\MI3AA1~1\rapim
D:\WINDOWS\System32\svchos
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\ezadmin.CCCINC\De
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-0
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-7
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-0
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O16 - DPF: {04E214E5-63AF-4236-83C6-A
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {6F750200-1362-4815-A476-8
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-5
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CS1\Services\T
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - D:\Program Files\Common Files\Acronis\Schedule2\sc
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2ev
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sg
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - D:\WINDOWS\system32\bmwebc
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - D:\WINDOWS\system32\brsvc0
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - D:\Program Files\Common Files\InstallShield\Driver
O23 - Service: Intel Alert Handler - Intel® Corporation - D:\WINDOWS\system32\ams_ii
O23 - Service: Intel Alert Originator - Intel® Corporation - D:\WINDOWS\system32\ams_ii
O23 - Service: Intel File Transfer - Intel® Corporation - D:\WINDOWS\system32\cba\xf
O23 - Service: Intel PDS - Intel® Corporation - D:\WINDOWS\system32\cba\pd
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - D:\PROGRA~1\Symantec\SYMAN
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm
O23 - Service: Symantec Client VPN - Unknown owner - vpnservices.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - D:\PROGRA~1\ATIMUL~1\RemCt
can anyone tell me what is causing it from looking at my hijack this log?
Running processes:
D:\WINDOWS\System32\smss.e
D:\WINDOWS\system32\winlog
D:\WINDOWS\system32\servic
D:\WINDOWS\system32\lsass.
D:\WINDOWS\system32\Ati2ev
D:\WINDOWS\system32\svchos
D:\WINDOWS\System32\svchos
D:\WINDOWS\system32\brsvc0
D:\WINDOWS\system32\spools
D:\WINDOWS\system32\brss01
D:\PROGRA~1\Grisoft\AVGFRE
D:\PROGRA~1\Grisoft\AVGFRE
D:\WINDOWS\system32\bmwebc
D:\WINDOWS\system32\cba\pd
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\PROGRA~1\Symantec\SYMAN
D:\WINDOWS\System32\svchos
D:\Program Files\Symantec\ClientVPN\v
D:\Program Files\Symantec\ClientVPN\l
D:\Program Files\Symantec\ClientVPN\e
D:\WINDOWS\system32\ams_ii
D:\WINDOWS\system32\MsgSys
D:\WINDOWS\system32\ams_ii
D:\WINDOWS\system32\cba\xf
D:\WINDOWS\system32\Ati2ev
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\WINDOWS\system32\ctfmon
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\PROGRA~1\MI3AA1~1\rapim
D:\WINDOWS\System32\svchos
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\ezadmin.CCCINC\De
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-0
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-7
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-0
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O16 - DPF: {04E214E5-63AF-4236-83C6-A
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {6F750200-1362-4815-A476-8
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-5
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CS1\Services\T
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - D:\Program Files\Common Files\Acronis\Schedule2\sc
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2ev
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sg
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - D:\WINDOWS\system32\bmwebc
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - D:\WINDOWS\system32\brsvc0
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - D:\Program Files\Common Files\InstallShield\Driver
O23 - Service: Intel Alert Handler - Intel® Corporation - D:\WINDOWS\system32\ams_ii
O23 - Service: Intel Alert Originator - Intel® Corporation - D:\WINDOWS\system32\ams_ii
O23 - Service: Intel File Transfer - Intel® Corporation - D:\WINDOWS\system32\cba\xf
O23 - Service: Intel PDS - Intel® Corporation - D:\WINDOWS\system32\cba\pd
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - D:\PROGRA~1\Symantec\SYMAN
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm
O23 - Service: Symantec Client VPN - Unknown owner - vpnservices.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - D:\PROGRA~1\ATIMUL~1\RemCt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The tool worked like a charm!
Thank you.
Thank you.
If you still have spyfalcon folder in your proram files folder delete the folder in safe mode. Also run a panda active scan to remove the remains. http://www.pandasoftware.com/activescan/com/activescan_principal.htm?sitepanda=particulares
http://www.bleepingcomputer.com/forums/topic43659.html
But "smitfraudfix" as I mentioned in my post should get rid of it.