Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

HiJack This Log - Help Needed Please :)

  • This topic is locked This topic is locked



    New Member

  • Member
  • Pip
  • 2 posts
I've gotten rid of everything off of this friend's infested computer, with the exception of a - a "Warning You're In Danger" desktop, and b - a system try app that continues to warn me I'm infested with spyware...

Any help would be appreciated! Thanks

Logfile of HijackThis v1.99.1
Scan saved at 10:44:02 PM, on 3/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nod32 Antivirus\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Nod32 Antivirus\nod32kui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJack This\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Nod32 Antivirus\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\HOTSYNC.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {20353146-D175-42FC-A40C-5D297E04E019} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {20353146-D175-42FC-A40C-5D297E04E019} - (no file) (HKCU)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akama...iTunesSetup.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Trace network connections (ACCRA) - Unknown owner - C:\WINDOWS\System32\mocih.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\System32\cmdtel.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbscoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Nod32 Antivirus\nod32krn.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
  • 0




    Visiting Staff

  • Visiting Consultant
  • 363 posts
Hi bigred

Sorry for the delay in response. The forum has been very busy lately.

Please do an online virus scan here

Trend Housecall - http://housecall.tre.../start_corp.asp

Run the free online virus scan (tick the "Auto Clean" checkbox). Reboot your computer.

Download the free 30 trial of TDS-3 from here http://www.geekstogo...=download&id=45
Install the program and manually install the latest radius updates manually from here http://tds.diamondcs.com.au/ - the page describes how to do this. Open the program. it will run through some prelimary scans. When they are complete, go to System on the menu bar and select Full System scan.

Reboot after TDS-3 completes its scan.

Do a new HijackThis log and post it back so we can see what is happening on your computer.

If you have already fixed your machine or received help elsewhere please post back and let us know.
  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thanks for the reply ilago,
I was able to solve my problems. There were a few files I didn't recognize, and so I made a ghost image as a backup, and then took my best guess as to what to delete. It worked out perfectly.
But thanks for the reply :tazz:
  • 0



    Visiting Staff

  • Visiting Consultant
  • 363 posts
That's good to hear bigred :tazz:

This topic will be closed as the issue is resolved. If you need it re-opened for any reason please contact a moderator.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP