buhbye1 Posted April 7, 2005 Share Posted April 7, 2005 Logfile of HijackThis v1.99.1 Scan saved at 9:35:58 PM, on 04/06/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe[Caution: ExecutableFile] C:\WINDOWS\System32\tcpsvcs[Caution: ExecutableFile] C:\WINDOWS\System32\snmp[Caution: ExecutableFile] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg[Caution: ExecutableFile] C:\Documents and Settings\All Users\Documents\aim[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Program Files\BearShare\BearShare[Caution: ExecutableFile] C:\Program Files\BearShare\BearShare[Caution: ExecutableFile] C:\Program Files\Windows Media Player\wmplayer[Caution: ExecutableFile] C:\Documents and Settings\aaron1\Desktop\HijackThis[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\aaron1\Application Data\Mozilla\Profiles\default\v5vple8l.slt\prefs.js) O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\system32\eegtjqze.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1AED5E93-BAAA-D14B-482E-616AAFAA553C} - C:\WINDOWS\System32\goxfqqqg.dll O2 - BHO: (no name) - {1FC014C8-543C-839C-F8CB-47B001439587} - C:\WINDOWS\system32\eouzbvpr.dll O2 - BHO: (no name) - {33B8B7E7-EE07-A319-9E3F-59A3273F745E} - C:\WINDOWS\System32\urnffrpj.dll O2 - BHO: (no name) - {34C7E9F9-7B5C-DFA6-DA67-BA3B5E832DDA} - C:\WINDOWS\System32\kfcszbli.dll (file missing) O2 - BHO: (no name) - {3919724B-DD28-7D6C-FEE9-359C7EF06817} - C:\WINDOWS\System32\xsalcshu.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing) O2 - BHO: (no name) - {6992D13F-2C5E-DBF6-B0D0-884D40D68342} - C:\WINDOWS\System32\iqdrbrcp.dll (file missing) O2 - BHO: (no name) - {69CF9159-54C3-9063-58A5-B3FE6D616611} - C:\WINDOWS\system32\nmdwoaln.dll O2 - BHO: (no name) - {6C7497B8-3D23-5238-A1F3-746F9E30D66E} - C:\WINDOWS\system32\llmaowrf.dll O2 - BHO: (no name) - {7C913563-137E-07AA-7E22-7A0D0FE28E35} - C:\WINDOWS\System32\tydobpgi.dll (file missing) O2 - BHO: (no name) - {AC66ECEF-E572-FB9A-682B-A83A113C7112} - C:\WINDOWS\system32\ssatryrv.dll O2 - BHO: (no name) - {AE3E2C69-C4CA-47ED-F815-26AAF3667B30} - C:\WINDOWS\System32\anjndldg.dll O2 - BHO: (no name) - {B3B4B788-8678-E8E1-0DA7-9D63F2E0D5BF} - C:\WINDOWS\System32\ifmmrcni.dll (file missing) O2 - BHO: (no name) - {C03E26AA-18A6-EE10-FEA2-59D16117958A} - C:\WINDOWS\system32\yacorkqa.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O3 - Toolbar: Get Anonymous - {8892C699-6978-4DD9-8EB2-951C93DB4F62} - C:\Program Files\GetAnonymous 2.1 Professional\IEToolBar.dll O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray[Caution: ExecutableFile] O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray[Caution: ExecutableFile] O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile] O4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare[Caution: ExecutableFile]" /pause O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched[Caution: ExecutableFile] O4 - HKCU\..\Run: [AIM] C:\Documents and Settings\All Users\Documents\aim[Caution: ExecutableFile] -cnetwait.odl O4 - HKCU\..\Run: [WeatherCast] "C:\Program Files\WeatherCast\Weather[Caution: ExecutableFile]" /q O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]" /Q O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\The Weather Channel[Caution: ExecutableFile] O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor[Caution: ExecutableFile] O4 - HKCU\..\Run: [uninstallAbility] "C:\PROGRA~1\UNINST~2\uability[Caution: ExecutableFile]" /AUTO O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\All Users\Documents\aim[Caution: ExecutableFile] O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker[Caution: ExecutableFile] O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promot ... WebSWK.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe[Caution: ExecutableFile] O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc[Caution: ExecutableFile] (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc[Caution: ExecutableFile] O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg[Caution: ExecutableFile] Link to comment Share on other sites More sharing options...
Mercifull Posted April 7, 2005 Share Posted April 7, 2005 Oh dear :( Theres a lot wrong here. Have you scanned with Ad Aware SE and Spybot S&D? For a start save HJT to a perminant location and NOT (C:\Documents and Settings\aaron1\Desktop\) When HJT is run in a temporary folder of the desktop it will NOT create backups. I suggest you save it to C:\Program Files\HJT or something similar. I am also going to take a well informed guess that C:\Program Files\BearShare\BearShare[Caution: ExecutableFile] is the cause of all your spyware Can you also download this program before you fix anything. You have got some spyware which has got in between the internet and you. INTERNET ----> NEW.NET ----> YOUR PC By removing the spyware you break the link INTERNET ----/ (broken) /---- YOUR PC meaning your internet connection will not work. The LSP fixes the stack and corrects your net connection if the spyware removers break the link. If you could run all those programs as well as CWShredder just to be safe and then post a new log please. Thanks Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
Mercifull Posted April 7, 2005 Share Posted April 7, 2005 You can also access the uninstaller for New.net here However for legal reasons I cannot directly link to the uninstaller program The company New.net is (in my opinion) fraudulent and seriously misleading in the way it does its "business" and should never be installed on a single persons pc. Click here for an article explaining New.net in detail. Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now