my Hijack This log...I have SpyFalcon...

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Wednesday 27.11.2024 / 21:43

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > my hijack this log...i have spyfalcon...

Browse by topic

Forums

Start a new thread

my Hijack This log...I have SpyFalcon...

Jump to:

Posted

Message

evhtone

Newbie

16. March 2006 @ 17:00

Link to this message

Hey, guys. Looking for any help here. My log is below...

Logfile of HijackThis v1.99.1
Scan saved at 8:54:05 PM, on 3/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp4B03.tmp
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/n...
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B52058E9-B6DD-11D3-AFDC-005004A74E81} (qqRegister Control) - http://www.qqonline.com/web/webupdates/qqRegister.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

[ + quote]

JaPK

Senior Member

16. March 2006 @ 18:56

Link to this message

Download and install Ewido, UPDATE it, but do NOT run a scan yet. -> http://www.ewido.net/en/download/

Cleaning instructions:

Donwload smitrem to your desktop >
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Doubleclick it and press Start, smitrem foder appears to the desktop.

Restart your computer to the safe mode (Press F8 button when computer is starting and choose safe mode)

Run HijackThis and fix these entries (if found): (Do a system scan only, check entries, close all other windows, press Fix checked)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp4B03.tmp

Then go to the smitrem folder on your desktop, run RunThis.bat file and follow the instructions.

Make your hidden files visible:
->On the Tools menu in Windows Explorer, click Folder Options.
->Click the View tab.
->Under Hidden files and folders, click Show hidden files and folders.

Delete this file if found:

C:\WINDOWS\system32\-->hp4B03.tmp

Empty the Recycle Bin

Make your hidden files invisible again:
->On the Tools menu in Windows Explorer, click Folder Options.
->Click the View tab.
->Under Hidden files and folders, click Do not show hidden files and folders.

Scan and clean your computer with Ewido, SAVE a log file.

Restart you computer normally.

Post a new HijackThis log, Ewido's log and log from C:\smitfiles.txt to here and we'll see if you are clean.

[ + quote]

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 16. March 2006 @ 18:57

evhtone

Newbie

17. March 2006 @ 08:47

Link to this message

The main problem I am having is that when I go into SAFE mode I cannot find the smitrem program on my desktop or anywhere for that matter. When I am not in SAFE mode it's right there on my desktop along with the FixIt program. I already tried doing some of the instructions from the bleepingcomputer site and these are the problems I have run into over and over again. I followed the steps to a T. I'm getting VERY close to formatting and starting over at this point.

Should I still try what is posted above?

[ + quote]

evhtone

Newbie

17. March 2006 @ 08:51

Link to this message

One other thing...

Do you guys use IE or Mozilla when surfing the net? My friends keep telling me I should start using Mozilla.

[ + quote]

JaPK

Senior Member

17. March 2006 @ 09:04

Link to this message

Ok. Don't format your computer =) This is just a small problem caused by the multiple accounts on your computer...

Try this:

In the normal mode:
Move smitrem to the folder C:\Cleaning\Smitrem
Move HijackThis to folder C:\Cleaning\HJT

Then try to go to the safe mode again.
-> Go to My computer
-> C:\Cleaning (From here you should now see folders smitrem and HJT)
-> Then follow my instructions (smitrem and hijackthis are now in a diiferent location...C:\Cleaning)

PS. My opinion is that Mozilla Firefox is much better/safer/quicker...

[ + quote]

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 17. March 2006 @ 09:07

evhtone

Newbie

17. March 2006 @ 10:31

Link to this message

Thanks a million for your help! I appreciate it more than you can imagine. I'm at work right now but I will try this when I get home. YOU ROCK!!!

Greg

[ + quote]

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > my hijack this log...i have spyfalcon...


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.