Tech Support Forum - View Single Post - Help analize my HJT log pls, spyware attacks me

abonthio · 02-28-2005, 10:40 AM

<quote>
O17 -
HKLM\System\CCS\Services\Tcpip\..\{DB7D5D30-110A-4EEC-8C98-BBAD6A6BA875}:
NameServer = 69.50.176.196 195.225.176.37
</quote>

I can't find that 017, it doesn't exist anylonger.

Another strange thing, in my favorit (Iexplorer) there always appear addresses like kill spyware ... strip poker ... adult gambling ... etc. I have tried to delete them but they come again.

And here is my last result.txt

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 2/10/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 9:52:53 PM, on 2/28/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Program Files\Atheros\acu.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\abon\Application Data\Mozilla\Profiles\default\e8ab8tjd.slt\prefs.js)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll (file missing)
O4 - HKLM\..\Run: [ACU] C:\Program Files\Atheros\acu.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [WorkFlowTray] "C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe"
O4 - HKLM\..\Run: [Opware14] "C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

End of KRC HijackThis Analyzer Log.
====================================================================

02-28-2005, 10:40 AM	#5 (permalink)
abonthio Registered User Join Date: Feb 2005 Posts: 5 OS: xp	<quote> O17 - HKLM\System\CCS\Services\Tcpip\..\{DB7D5D30-110A-4EEC-8C98-BBAD6A6BA875}: NameServer = 69.50.176.196 195.225.176.37 </quote> I can't find that 017, it doesn't exist anylonger. Another strange thing, in my favorit (Iexplorer) there always appear addresses like kill spyware ... strip poker ... adult gambling ... etc. I have tried to delete them but they come again. And here is my last result.txt ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 2/10/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 9:52:53 PM, on 2/28/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\Program Files\Atheros\acu.exe C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\abon\Application Data\Mozilla\Profiles\default\e8ab8tjd.slt\prefs.js) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll (file missing) O4 - HKLM\..\Run: [ACU] C:\Program Files\Atheros\acu.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [WorkFlowTray] "C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe" O4 - HKLM\..\Run: [Opware14] "C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe" O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE End of KRC HijackThis Analyzer Log. ====================================================================