and remember to disconnect from internet and close all browser and explorer windows before fixing anything with hijackhtis!
and after fixing post back if you are having any kind of problem in your system or not! :)
Main Topics
Browse All TopicsHi All,
New to this forum. I have been down for a week due to all sorts of spyware issues. Beleive it or not I tink I solved them.. I hope. But checking in here to make sure. I see a lot of you depend upon hijackthis log files. So.. here is my hijackthis log file.
Please take a look and let me know if there are still things here I should be concerned about. I have had a lot of bugs from trojan horse to Umonitor which I think I just xnayed off of my pc.
I have Spyware Slayer on here now and NIS2005 installed. I;m open to make this thing very rock solid as I do not want to go through what I went through over the past week again.
Logfile of HijackThis v1.99.0
Scan saved at 8:47:26 PM, on 1/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCE
C:\WINDOWS\system32\spools
C:\WINDOWS\system32\LEXPPS
C:\WINDOWS\System32\driver
C:\PROGRA~1\Symantec\NORTO
C:\WINDOWS\System32\hpb2ks
C:\WINDOWS\System32\hpbhks
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
d:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\snmp.e
d:\PROGRA~1\NORTON~1\SPEED
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\WINDOWS\system32\rundll
C:\WINDOWS\system32\fxssvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\yywqiw
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Norton Password Manager\AcctMgr.exe
D:\Program Files\Spyware Slayer\SpywareSlayer.Exe
C:\WINDOWS\system32\ctfmon
C:\Program Files\Plaxo\2.0.3.16\Insta
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.e
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Documents and Settings\Norman Taylor\My Documents\Download\HiJackT
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-
R3 - URLSearchHook: (no name) - _{6E6DD93E-1FC3-4F43-8AFB-
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-7
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: (no name) - {57E69D5A-6539-4d7d-9637-7
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] D:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Spyware Slayer] D:\Program Files\Spyware Slayer\SpywareSlayer.Exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.0.3.16\Insta
O6 - HKCU\Software\Policies\Mic
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsear
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToo
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToo
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToo
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToo
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToo
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\T
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-0
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O15 - Trusted Zone: http://*.hp.com
O16 - DPF: DigiChat Applet - http://chat.universalclass
O16 - DPF: Yahoo! Pool 2 - http://download.games.yaho
O16 - DPF: {00000EF1-0786-4633-87C6-1
O16 - DPF: {0878B424-1F95-4E26-B5AB-F
O16 - DPF: {08BEF711-06DA-48B2-9534-8
O16 - DPF: {15C3C7A4-9676-11D3-9799-0
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {1DF36010-E276-11D4-A7C0-0
O16 - DPF: {205FF73B-CA67-11D5-99DD-4
O16 - DPF: {2B323CD9-50E3-11D3-9466-0
O16 - DPF: {60EFC337-15C2-4369-B2A0-3
O16 - DPF: {7411047A-48E1-4EC9-8AC1-0
O16 - DPF: {79849612-A98F-45B8-95E9-4
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-E
O16 - DPF: {94B82441-A413-4E43-8422-D
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-0
O16 - DPF: {A17E30C4-A9BA-11D4-8673-6
O16 - DPF: {BE5431D2-0F30-11D4-89D9-0
O16 - DPF: {C68AE9C0-0909-4DDC-B661-C
O16 - DPF: {CE185270-53A5-11D9-9669-0
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0
O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-6
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0
O18 - Filter: text/html - (no CLSID) - (no file)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\driver
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTO
O23 - Service: HP Status - Hewlett-Packard Company - C:\WINDOWS\System32\hpb2ks
O23 - Service: HP Status Print - Unknown - C:\WINDOWS\System32\hpbhks
O23 - Service: ISSvc - Symantec Corporation - D:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCE
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - d:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMAN
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - d:\PROGRA~1\NORTON~1\SPEED
O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
BTW you may like to try out this new MS Antispyware tool.... its results are good so far! :)
http://www.microsoft.com/a
Hi!
You should probably check out Option^Explicit's fix here:
http://www.lavasoftsupport
You seem to be showing evidence of the VX2 variant that it deals with.
HijackThis cannot fix it.
Good luck!
RF
Spyware Slayer
aggressive advertising (1); false positives work as goad to purchase; questionable EULA/Privacy Policy (1, 2, 3); variant of NoSpyX, SpyVest, Spyware Stormer, & X-Spyware (1); Ad-aware knockoff [A: 10-10-04 / U: 12-6-04]
From
Rogue/Suspect Anti-Spyware Products & Web Sites
http://www.spywarewarrior.
Zee
Hi All,
Great answers.
I ran Hijack this and it did find more adware type viruses. Despite its efforts it couldn't remove them all.
I then had to revert to using the MS Antispyware tool which worked to get rid of some of the bugs but wouldn't work on Vx2.
So I had to resort to using the method RF outlined using dllcompare, kill box, and vx2 finder. Interesting as it was I got rid of it on the first pass using those tools. I am clean now. As well I have switched to a different browser.. Opera.. and have locked down IE to avoid further intrusions. I still have Spyware Slayer runnning as wellas Norton IS 2005, and now the MS Antispyware tool.
Thanks for your help.
Regards,
Norm
glad your system is clean now! congrats ^_^
but there is something which i want to tell you or rather ask you :)
when there are two experts whom suggestions help you to solve the problem.... you are supposed to split the points between two experts..... using the Split Points link you can find above the box where you type your comments!
and gving a B grade means...... you are not satisfied with the help..... you didn't get a solution but just a workaround...... do you agree that you really didn't get the solution and just a workaround? :)
here are our Closing Question rules >> http://www.experts-exchang
please go through them ones..... and let us know what do you think about this question!
thanks :)
Business Accounts
Answer for Membership
by: SheharyaarSaahilPosted on 2005-01-10 at 20:50:58ID: 13010546
Hello ntistnt =)
r.php
Now you can Post that log at this site >> http://www.hijackthis.de
and it will automatically analyse it for u,,, Fix the entries which it labels as Nasty :)
To Fix, check the lines in Hijackthis scan and click on Fix Checked !!
HJT Log Tutoriol >> http://aumha.org/a/hjttuto
CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)