sensi12002
asked on
Please look at my Hijack this log
I have an icon in my system tray and I keep getting pop ups..lots to spyfalcon.
can anyone tell me what is causing it from looking at my hijack this log?
Running processes:
D:\WINDOWS\System32\smss.e xe
D:\WINDOWS\system32\winlog on.exe
D:\WINDOWS\system32\servic es.exe
D:\WINDOWS\system32\lsass. exe
D:\WINDOWS\system32\Ati2ev xx.exe
D:\WINDOWS\system32\svchos t.exe
D:\WINDOWS\System32\svchos t.exe
D:\WINDOWS\system32\brsvc0 1a.exe
D:\WINDOWS\system32\spools v.exe
D:\WINDOWS\system32\brss01 a.exe
D:\PROGRA~1\Grisoft\AVGFRE ~1\avgamsv r.exe
D:\PROGRA~1\Grisoft\AVGFRE ~1\avgupsv c.exe
D:\WINDOWS\system32\bmwebc fg.exe
D:\WINDOWS\system32\cba\pd s.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\PROGRA~1\Symantec\SYMAN T~1\NSCTOP .EXE
D:\WINDOWS\System32\svchos t.exe
D:\Program Files\Symantec\ClientVPN\v pnservices .exe
D:\Program Files\Symantec\ClientVPN\l ogservice. exe
D:\Program Files\Symantec\ClientVPN\e mroute.exe
D:\WINDOWS\system32\ams_ii \hndlrsvc. exe
D:\WINDOWS\system32\MsgSys .EXE
D:\WINDOWS\system32\ams_ii \iao.exe
D:\WINDOWS\system32\cba\xf r.exe
D:\WINDOWS\system32\Ati2ev xx.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE ~1\avgcc.e xe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\WINDOWS\system32\ctfmon .exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\PROGRA~1\MI3AA1~1\rapim gr.exe
D:\WINDOWS\System32\svchos t.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\ezadmin.CCCINC\De sktop\New Folder\hijackthis\HijackTh is.exe
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5 e9dc70248d 0} - D:\WINDOWS\system32\hpC757 .tmp
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - d:\program files\google\googletoolbar 1.dll
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE ~1\avgcc.e xe /STARTUP
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon .exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar 1.dll/cmse arch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar 1.dll/cmwo rdtrans.ht ml
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar 1.dll/cmba cklinks.ht ml
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar 1.dll/cmca che.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2 \OFFICE11\ EXCEL.EXE/ 3000
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar 1.dll/cmsi milar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar 1.dll/cmtr ans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - D:\Program Files\Java\jre1.5.0_01\bin \npjpi150_ 01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - D:\Program Files\Java\jre1.5.0_01\bin \npjpi150_ 01.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-0 0C04FAE2D4 F} - D:\PROGRA~1\MI3AA1~1\INetR epl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-0 0C04FAE2D4 F} - D:\PROGRA~1\MI3AA1~1\INetR epl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-0 0C04FAE2D4 F} - D:\PROGRA~1\MI3AA1~1\INetR epl.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-7 8752E50CD0 C} - D:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-0 0B0D0A1DE4 5} - D:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C 7D56CB8348 7} - D:\Program Files\Hello\PicasaCapture. dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C 7D56CB8348 7} - D:\Program Files\Hello\PicasaCapture. dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - D:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O16 - DPF: {04E214E5-63AF-4236-83C6-A 7ADCBF9BD0 2} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1 DB6633D679 3} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-F CFDF33E833 C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108938417781
O16 - DPF: {6E32070A-766D-4EE6-879C-D C1FA91D2FC 3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127398014843
O16 - DPF: {6F750200-1362-4815-A476-8 8533DE61D0 C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-5 95F0A5519F F} (MsnMessengerSetupDownload Control Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\T cpip\Param eters: Domain = cccinc.com
O17 - HKLM\Software\..\Telephony : DomainName = cccinc.com
O17 - HKLM\System\CCS\Services\T cpip\..\{9 E346707-FA 18-4943-8C E4-05FC240 2B3F7}: NameServer = 192.168.0.100
O17 - HKLM\System\CS1\Services\T cpip\Param eters: Domain = cccinc.com
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8 E305202313 F} - "D:\PROGRA~1\MSNMES~1\msgr app.dll" (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - D:\Program Files\Common Files\Acronis\Schedule2\sc hedul2.exe (file missing)
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc. exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2ev xx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sg ag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE ~1\avgamsv r.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE ~1\avgupsv c.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - D:\WINDOWS\system32\bmwebc fg.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - D:\WINDOWS\system32\brsvc0 1a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - D:\Program Files\Common Files\InstallShield\Driver \11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Intel Alert Handler - Intel® Corporation - D:\WINDOWS\system32\ams_ii \hndlrsvc. exe
O23 - Service: Intel Alert Originator - Intel® Corporation - D:\WINDOWS\system32\ams_ii \iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - D:\WINDOWS\system32\cba\xf r.exe
O23 - Service: Intel PDS - Intel® Corporation - D:\WINDOWS\system32\cba\pd s.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService .exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - D:\PROGRA~1\Symantec\SYMAN T~1\NSCTOP .EXE
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm 12.exe
O23 - Service: Symantec Client VPN - Unknown owner - vpnservices.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - D:\PROGRA~1\ATIMUL~1\RemCt rl\x10nets .exe (file missing)
can anyone tell me what is causing it from looking at my hijack this log?
Running processes:
D:\WINDOWS\System32\smss.e
D:\WINDOWS\system32\winlog
D:\WINDOWS\system32\servic
D:\WINDOWS\system32\lsass.
D:\WINDOWS\system32\Ati2ev
D:\WINDOWS\system32\svchos
D:\WINDOWS\System32\svchos
D:\WINDOWS\system32\brsvc0
D:\WINDOWS\system32\spools
D:\WINDOWS\system32\brss01
D:\PROGRA~1\Grisoft\AVGFRE
D:\PROGRA~1\Grisoft\AVGFRE
D:\WINDOWS\system32\bmwebc
D:\WINDOWS\system32\cba\pd
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\PROGRA~1\Symantec\SYMAN
D:\WINDOWS\System32\svchos
D:\Program Files\Symantec\ClientVPN\v
D:\Program Files\Symantec\ClientVPN\l
D:\Program Files\Symantec\ClientVPN\e
D:\WINDOWS\system32\ams_ii
D:\WINDOWS\system32\MsgSys
D:\WINDOWS\system32\ams_ii
D:\WINDOWS\system32\cba\xf
D:\WINDOWS\system32\Ati2ev
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\WINDOWS\system32\ctfmon
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\PROGRA~1\MI3AA1~1\rapim
D:\WINDOWS\System32\svchos
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\ezadmin.CCCINC\De
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-0
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-7
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-0
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O16 - DPF: {04E214E5-63AF-4236-83C6-A
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {6F750200-1362-4815-A476-8
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-5
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CS1\Services\T
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - D:\Program Files\Common Files\Acronis\Schedule2\sc
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2ev
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sg
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - D:\WINDOWS\system32\bmwebc
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - D:\WINDOWS\system32\brsvc0
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - D:\Program Files\Common Files\InstallShield\Driver
O23 - Service: Intel Alert Handler - Intel® Corporation - D:\WINDOWS\system32\ams_ii
O23 - Service: Intel Alert Originator - Intel® Corporation - D:\WINDOWS\system32\ams_ii
O23 - Service: Intel File Transfer - Intel® Corporation - D:\WINDOWS\system32\cba\xf
O23 - Service: Intel PDS - Intel® Corporation - D:\WINDOWS\system32\cba\pd
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - D:\PROGRA~1\Symantec\SYMAN
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm
O23 - Service: Symantec Client VPN - Unknown owner - vpnservices.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - D:\PROGRA~1\ATIMUL~1\RemCt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The tool worked like a charm!
Thank you.
Thank you.
If you still have spyfalcon folder in your proram files folder delete the folder in safe mode. Also run a panda active scan to remove the remains. http://www.pandasoftware.com/activescan/com/activescan_principal.htm?sitepanda=particulares
http://www.bleepingcomputer.com/forums/topic43659.html
But "smitfraudfix" as I mentioned in my post should get rid of it.