Jump to content

can someone look this over


buhbye1

Recommended Posts

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 9:35:58 PM, on 04/06/2005

 

 

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\tcpsvcs[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\snmp[Caution: ExecutableFile]

 

 

 

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\All Users\Documents\aim[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\Program Files\BearShare\BearShare[Caution: ExecutableFile]

 

 

 

C:\Program Files\BearShare\BearShare[Caution: ExecutableFile]

 

 

 

C:\Program Files\Windows Media Player\wmplayer[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\aaron1\Desktop\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/

 

 

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp

 

 

 

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\aaron1\Application Data\Mozilla\Profiles\default\v5vple8l.slt\prefs.js)

 

 

 

O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\system32\eegtjqze.dll

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

 

 

 

O2 - BHO: (no name) - {1AED5E93-BAAA-D14B-482E-616AAFAA553C} - C:\WINDOWS\System32\goxfqqqg.dll

 

 

 

O2 - BHO: (no name) - {1FC014C8-543C-839C-F8CB-47B001439587} - C:\WINDOWS\system32\eouzbvpr.dll

 

 

 

O2 - BHO: (no name) - {33B8B7E7-EE07-A319-9E3F-59A3273F745E} - C:\WINDOWS\System32\urnffrpj.dll

 

 

 

O2 - BHO: (no name) - {34C7E9F9-7B5C-DFA6-DA67-BA3B5E832DDA} - C:\WINDOWS\System32\kfcszbli.dll (file missing)

 

 

 

O2 - BHO: (no name) - {3919724B-DD28-7D6C-FEE9-359C7EF06817} - C:\WINDOWS\System32\xsalcshu.dll

 

 

 

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)

 

 

 

O2 - BHO: (no name) - {6992D13F-2C5E-DBF6-B0D0-884D40D68342} - C:\WINDOWS\System32\iqdrbrcp.dll (file missing)

 

 

 

O2 - BHO: (no name) - {69CF9159-54C3-9063-58A5-B3FE6D616611} - C:\WINDOWS\system32\nmdwoaln.dll

 

 

 

O2 - BHO: (no name) - {6C7497B8-3D23-5238-A1F3-746F9E30D66E} - C:\WINDOWS\system32\llmaowrf.dll

 

 

 

O2 - BHO: (no name) - {7C913563-137E-07AA-7E22-7A0D0FE28E35} - C:\WINDOWS\System32\tydobpgi.dll (file missing)

 

 

 

O2 - BHO: (no name) - {AC66ECEF-E572-FB9A-682B-A83A113C7112} - C:\WINDOWS\system32\ssatryrv.dll

 

 

 

O2 - BHO: (no name) - {AE3E2C69-C4CA-47ED-F815-26AAF3667B30} - C:\WINDOWS\System32\anjndldg.dll

 

 

 

O2 - BHO: (no name) - {B3B4B788-8678-E8E1-0DA7-9D63F2E0D5BF} - C:\WINDOWS\System32\ifmmrcni.dll (file missing)

 

 

 

O2 - BHO: (no name) - {C03E26AA-18A6-EE10-FEA2-59D16117958A} - C:\WINDOWS\system32\yacorkqa.dll

 

 

 

O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll

 

 

 

O3 - Toolbar: Get Anonymous - {8892C699-6978-4DD9-8EB2-951C93DB4F62} - C:\Program Files\GetAnonymous 2.1 Professional\IEToolBar.dll

 

 

 

O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare[Caution: ExecutableFile]" /pause

 

 

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot

 

 

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [AIM] C:\Documents and Settings\All Users\Documents\aim[Caution: ExecutableFile] -cnetwait.odl

 

 

 

O4 - HKCU\..\Run: [WeatherCast] "C:\Program Files\WeatherCast\Weather[Caution: ExecutableFile]" /q

 

 

 

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]" /Q

 

 

 

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background

 

 

 

O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\The Weather Channel[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [uninstallAbility] "C:\PROGRA~1\UNINST~2\uability[Caution: ExecutableFile]" /AUTO

 

 

 

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

 

 

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

 

 

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

 

 

 

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\All Users\Documents\aim[Caution: ExecutableFile]

 

 

 

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker[Caution: ExecutableFile]

 

 

 

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker[Caution: ExecutableFile]

 

 

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

O10 - Hijacked Internet access by New.Net

 

 

 

O10 - Hijacked Internet access by New.Net

 

 

 

O10 - Hijacked Internet access by New.Net

 

 

 

O10 - Hijacked Internet access by New.Net

 

 

 

O10 - Hijacked Internet access by New.Net

 

 

 

O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promot ... WebSWK.cab

 

 

 

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab

 

 

 

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

 

 

 

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe[Caution: ExecutableFile]

 

 

 

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc[Caution: ExecutableFile] (file missing)

 

 

 

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc[Caution: ExecutableFile]

 

 

 

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg[Caution: ExecutableFile]

Link to comment
Share on other sites

Oh dear :(

 

 

 

Theres a lot wrong here. Have you scanned with Ad Aware SE and Spybot S&D?

 

 

 

 

 

 

 

For a start save HJT to a perminant location and NOT (C:\Documents and Settings\aaron1\Desktop\) When HJT is run in a temporary folder of the desktop it will NOT create backups. I suggest you save it to C:\Program Files\HJT or something similar.

 

 

 

 

 

 

 

I am also going to take a well informed guess that C:\Program Files\BearShare\BearShare[Caution: ExecutableFile] is the cause of all your spyware

 

 

 

 

 

 

 

Can you also download this program before you fix anything. You have got some spyware which has got in between the internet and you.

 

 

 

INTERNET ----> NEW.NET ----> YOUR PC

 

 

 

By removing the spyware you break the link

 

 

 

INTERNET ----/ (broken) /---- YOUR PC

 

 

 

meaning your internet connection will not work. The LSP fixes the stack and corrects your net connection if the spyware removers break the link.

 

 

 

 

 

 

 

If you could run all those programs as well as CWShredder just to be safe and then post a new log please. Thanks

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

Link to comment
Share on other sites

You can also access the uninstaller for New.net here

 

 

 

However for legal reasons I cannot directly link to the uninstaller program

 

 

 

 

 

 

 

The company New.net is (in my opinion) fraudulent and seriously misleading in the way it does its "business" and should never be installed on a single persons pc. Click here for an article explaining New.net in detail.

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.