A Hijack Log

Opeongo · 04-02-2005, 09:35 AM

I just ran my first Hijack This! log. Basically, I've been frustrated by
Peopleonpage and trying to remove it. Getting rid of spyware is taking
over my life... Spybot/LavaSoft/PestPatrol/Spyhunter etc...

Can anyone help?

Logfile of HijackThis v1.99.1
Scan saved at 9:35:02 AM, on 4/2/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\Mixer.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINNT\system32\wsxsvc\wsxsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINNT\system32\inddeb.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\ifmptnet.exe
C:\lotus\organize\easyclip6.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\Netscape\Navigator\Program\netscape.exe
C:\Documents and Settings\matt\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} -
C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Selector StartApp] C:\RCS\V14\StartApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program
Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Dvx] C:\WINNT\system32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program
Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Uninstall_TBPS] C:\WINNT\Temp\TBuninst.exe /remove
O4 - HKLM\..\Run: [farmmext] C:\WINNT\farmmext.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program
Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [pF4U33V] inddeb.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Yov8RTZni] ifmptnet.exe
O4 - Startup: Lotus Organizer EasyClip.lnk =
C:\lotus\organize\easyclip6.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} -
c:\lotus\organize\bandobjs.dll
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} -
C:\WINNT\system32\shdocvw.dll (HKCU)
O12 - Plugin for .avi: C:\Program
Files\Netscape\Navigator\Program\PLUGINS\NPAVI32.D LL
O15 - Trusted Zone: *.media-motor.net
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control)
- http://www.ipix.com/download/ipixx.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client
Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.real.com/16c08fc4...p/RdxIE601.cab
O16 - DPF: {64A6114F-2976-4634-BE36-134BF84D369C}
(eWebEditProLibCtl4.eWebEditPro) -
http://backend.standardradio.com/ewe...ebeditpro4.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10...o.cab32846.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} -
http://cabs.media-motor.net/cabs/alien.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -
http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation -
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) -
Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation
- C:\WINNT\system32\nvsvc32.exe
O23 - Service: SBHookSvc - Unknown owner -
C:\PROGRA~1\NETASS~1\SMARTB~1\SBHookSvc.exe (file missing)

Beauregard T. Shagnasty · 04-02-2005, 09:56 AM

Opeongo wrote:
> Getting rid of spyware is taking over my life...

When you reach the point of no return:
http://home.rochester.rr.com/bshagnasty/tips.html

--
-bts
-This space intentionally left blank.

Sharky · 04-02-2005, 02:01 PM

In <424EADCB.1D71@sympatico.ca>, Opeongo wrote:

>I just ran my first Hijack This! log. Basically, I've been frustrated by
>Peopleonpage and trying to remove it. Getting rid of spyware is taking
>over my life... Spybot/LavaSoft/PestPatrol/Spyhunter etc...
>
>Can anyone help?

>C:\WINNT\system32\wsxsvc\wsxsvc.exe

The above loaded process is adware.

>O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)

Remove (no file) entries when you find them.

>O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} -
>C:\Program Files\CxtPls\cxtpls.dll

Another adware variant - http://vil.nai.com/vil/content/v_101223.htm

>O4 - HKLM\..\Run: [Dvx] C:\WINNT\system32\wsxsvc\wsxsvc.exe

This is where the critter from the running programs section gets
loaded at boot time:

http://vil.mcafeesecurity.com/vil/content/v_101802.htm

>O4 - HKLM\..\Run: [Uninstall_TBPS] C:\WINNT\Temp\TBuninst.exe /remove

More adware related garbage
http://vil.mcafeesecurity.com/vil/content/v_100767.htm

>O4 - HKLM\..\Run: [farmmext] C:\WINNT\farmmext.exe

The above is a Trojan known by some as Stubby - here's a thread that
describes its removal -
http://www.dslreports.com/forum/rema...4804~mode=flat

>O4 - HKLM\..\Run: [AutoUpdater] "C:\Program
>Files\AutoUpdate\AutoUpdate.exe"

The above is PeopleOn foistware. Removal instructions are here -
http://www.pchell.com/support/peopleonpage.shtml

I can certainly see why you're having so many problems.

Opeongo · 04-15-2005, 10:37 PM

Sharky wrote:

> I can certainly see why you're having so many problems.

Just a note to say thank you for your help... everything is running
great now.

Tokakeke · 04-02-2005, 02:14 PM

www.turnofftheinternet.com

:

--
Tokakek

-----------------------------------------------------------------------
Tokakeke's Profile: http://www.iamnotageek.com/member.php?userid=712
View this thread: http://www.iamnotageek.com/showthread.php?t=181905641

Thread: A Hijack Log

Thread Tools

Display

Hybrid View

A Hijack Log

Re: A Hijack Log

Re: A Hijack Log

Re: A Hijack Log

Re: A Hijack Log

Thread Information

Users Browsing this Thread

Posting Permissions