| HijackThis- can anyone tell me what to delete just to mention his is in safe mode |
|
| Author |
Message |
phwashington
|
 Posted: Thu Jun 01 15:20:30 CDT 2006 |
Top |
Windows XP >> HijackThis- can anyone tell me what to delete just to mention his is in safe mode
Logfile of HijackThis v1.99.1
Scan saved at 3:21:25 PM, on 6/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565}
- (no file)
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program
Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {657F7EDA-1C20-446E-BDF3-C6AE839F0EDD} -
C:\WINDOWS\system32\twext32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program
files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program
Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {7CBBB3F1-0E68-43FA-B034-4D3EC394D085} - (no
file)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe"
/startintray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunasDtServ] C:\Program Files\Sunbelt
Software\CounterSpy
Client\sunasDtServ.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32
C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare
Solutions\FreeRAM XP
Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\LAVASOFT\AD-AWA~3\Ad-Watch.exe"
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program
Files\Trend
Micro\Tmas\Tmas.exe
O4 - Global Startup: Spy Sweeper Fix.lnk = C:\Program Files\Webroot\Spy
Sweeper\SpySweeperFix.bat
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System,
DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://c:\program
files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program
Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Spyware Doctor -
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program
Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}
-
C:\WINDOWS\System32\shdocvw.dll (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download
Control Class)
- http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE
Class) -
http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class)
-
http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -
C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner -
C:\Program
Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
(file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation -
C:\Program Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner -
C:\WINDOWS\runservice.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown
owner -
C:\Program Files\Common Files\Softwin\BitDefender Update
Service\livesrv.exe" /service
(file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network
Associates, Inc. -
C:\Program Files\Network Associates\Common
Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network
Associates, Inc. -
C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) -
Network Associates,
Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research
Pty Ltd -
C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot
Software, Inc. -
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) -
TuneUp Software
GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner -
C:\Program
Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: WLTRYSVC - Unknown owner -
C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner -
C:\Program
Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe"
/service (file
missing)
Windows XP800
|
| |
|
| |
|
Frank
|
| Posted: Thu Jun 01 15:20:30 CDT 2006 |
Top |
|
| |
|
sgopus
|
| Posted: Thu Jun 01 17:29:01 CDT 2006 |
Top |
Windows XP >> HijackThis- can anyone tell me what to delete just to mention his is in safe mode
Please do not post copies of your hijack this log on this forum.
as the replay noted, there is a correct forum for these logs with loads of
experts to offer advice, by the way, you have newdotnet this is a bad thing,
it needs to be removed
"CMCSS03" wrote:
> Logfile of HijackThis v1.99.1
> Scan saved at 3:21:25 PM, on 6/1/2006
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
> C:\Program Files\Mozilla Firefox\firefox.exe
> C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
> C:\unzipped\hijackthis\HijackThis.exe
>
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> www.yahoo.com
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> www.yahoo.com
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
> R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565}
> - (no file)
> F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
> F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
> O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program
>
>
> Files\NewDotNet\newdotnet7_22.dll
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
>
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
>
>
> C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
> O2 - BHO: (no name) - {657F7EDA-1C20-446E-BDF3-C6AE839F0EDD} -
>
> C:\WINDOWS\system32\twext32.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
> c:\program
>
> files\google\googletoolbar2.dll
> O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
> C:\Program
>
> Files\Yahoo!\Companion\Installs\cpn0\yt.dll
> O3 - Toolbar: (no name) - {7CBBB3F1-0E68-43FA-B034-4D3EC394D085} - (no
> file)
> O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
> O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
> Sweeper\SpySweeper.exe"
>
> /startintray
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
>
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [sunasDtServ] C:\Program Files\Sunbelt
> Software\CounterSpy
>
> Client\sunasDtServ.exe
> O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
> Labs\ZoneAlarm\zlclient.exe
> O4 - HKLM\..\Run: [New.net Startup] rundll32
>
> C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
> O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
> Doctor\swdoctor.exe" /Q
> O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare
> Solutions\FreeRAM XP
>
> Pro\FreeRAM XP Pro.exe" -win
> O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\LAVASOFT\AD-AWA~3\Ad-Watch.exe"
> O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program
> Files\Trend
>
> Micro\Tmas\Tmas.exe
> O4 - Global Startup: Spy Sweeper Fix.lnk = C:\Program Files\Webroot\Spy
>
>
> Sweeper\SpySweeperFix.bat
> O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System,
> DisableRegedit=1
> O8 - Extra context menu item: &Google Search - res://c:\program
>
> files\google\GoogleToolbar2.dll/cmsearch.html
> O8 - Extra context menu item: &Translate English Word -
> res://c:\program
>
> files\google\GoogleToolbar2.dll/cmwordtrans.html
> O8 - Extra context menu item: Backward Links - res://c:\program
>
> files\google\GoogleToolbar2.dll/cmbacklinks.html
> O8 - Extra context menu item: Cached Snapshot of Page -
> res://c:\program
>
> files\google\GoogleToolbar2.dll/cmcache.html
> O8 - Extra context menu item: Similar Pages - res://c:\program
>
> files\google\GoogleToolbar2.dll/cmsimilar.html
> O8 - Extra context menu item: Translate Page into English -
> res://c:\program
>
> files\google\GoogleToolbar2.dll/cmtrans.html
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\Program
>
> Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
>
> - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
> O9 - Extra button: Spyware Doctor -
> {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
>
> C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
> O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
> C:\Program
>
> Files\AIM\aim.exe
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program
>
> Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
>
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}
> -
>
> C:\WINDOWS\System32\shdocvw.dll (HKCU)
> O10 - Hijacked Internet access by New.Net
> O10 - Hijacked Internet access by New.Net
> O10 - Hijacked Internet access by New.Net
> O10 - Hijacked Internet access by New.Net
> O10 - Hijacked Internet access by New.Net
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
> Advantage
>
> Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
> O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download
> Control Class)
>
> - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
> O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
>
> http://www.nick.com/common/groove/gx/GrooveAX27.cab
> O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
>
> http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
> O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE
> Class) -
>
> http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
> O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class)
> -
>
> http://fdl.msn.com/zone/datafiles/heartbeat.cab
> O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
> O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
> O23 - Service: Ati HotKey Poller - Unknown owner -
> C:\WINDOWS\System32\Ati2evxx.exe
> O23 - Service: ATI Smart - Unknown owner -
> C:\WINDOWS\system32\ati2sgag.exe
> O23 - Service: BitDefender Scan Server (bdss) - Unknown owner -
> C:\Program
>
> Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
> (file missing)
> O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
> Corporation -
>
> C:\Program Files\Common Files\InstallShield\Driver\11\Intel
> 32\IDriverT.exe
> O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
>
> Files\iPod\bin\iPodService.exe
> O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner -
>
> C:\WINDOWS\runservice.exe
> O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown
> owner -
>
> C:\Program Files\Common Files\Softwin\BitDefender Update
> Service\livesrv.exe" /service
>
> (file missing)
> O23 - Service: McAfee Framework Service (McAfeeFramework) - Network
> Associates, Inc. -
>
> C:\Program Files\Network Associates\Common
> Framework\FrameworkService.exe
> O23 - Service: Network Associates McShield (McShield) - Network
> Associates, Inc. -
>
> C:\Program Files\Network Associates\VirusScan\mcshield.exe
> O23 - Service: Network Associates Task Manager (McTaskManager) -
> Network Associates,
>
> Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
> O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research
> Pty Ltd -
>
> C:\Program Files\Spyware Doctor\sdhelp.exe
> O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot
> Software, Inc. -
>
> C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
> O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) -
> TuneUp Software
>
> GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
> O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
>
> C:\WINDOWS\system32\ZONELABS\vsmon.exe
> O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner -
> C:\Program
>
> Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
> O23 - Service: WLTRYSVC - Unknown owner -
> C:\WINDOWS\System32\WLTRYSVC.EXE
> O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner -
> C:\Program
>
> Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe"
> /service (file
>
> missing)
>
>
|
| |
|
| |
|
PA
|
| Posted: Thu Jun 01 18:51:07 CDT 2006 |
Top |
Windows XP >> HijackThis- can anyone tell me what to delete just to mention his is in safe mode
Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.**
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org
CMCSS03 wrote:
> Logfile of HijackThis v1.99.1
> Scan saved at 3:21:25 PM, on 6/1/2006
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
<snip>
|
| |
|
| |
|
PA
|
| Posted: Thu Jun 01 19:10:16 CDT 2006 |
Top |
Windows XP >> HijackThis- can anyone tell me what to delete just to mention his is in safe mode
OK, I'm bored, so for illustrative purposes only:
> R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565}
> - (no file)
See http://www.symantec.com/avcenter/venc/data/spyware.isearch.html
> F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
See
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_GEDZA.A&VSect=T
> O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program
> Files\NewDotNet\newdotnet7_22.dll
> O4 - HKLM\..\Run: [New.net Startup] rundll32
> C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
> O10 - Hijacked Internet access by New.Net
> O10 - Hijacked Internet access by New.Net
> O10 - Hijacked Internet access by New.Net
> O10 - Hijacked Internet access by New.Net
> O10 - Hijacked Internet access by New.Net
See http://www.symantec.com/avcenter/venc/data/adware.ndotnet.html
> O3 - Toolbar: (no name) - {7CBBB3F1-0E68-43FA-B034-4D3EC394D085} - (no
> file)
See http://www.symantec.com/avcenter/venc/data/spyware.ietoolbar.html
> O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
> Sweeper\SpySweeper.exe" /startintray
> O4 - Global Startup: Spy Sweeper Fix.lnk = C:\Program Files\Webroot\Spy
> Sweeper\SpySweeperFix.bat
> O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot
> Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
SpySweeper's useless if you've not subscribed or it's not fully updated.
Uninstall it or update it and scan in Safe Mode.
> O4 - HKLM\..\Run: [sunasDtServ] C:\Program Files\Sunbelt
> Software\CounterSpy Client\sunasDtServ.exe
Ditto.
> O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\LAVASOFT\AD-AWA~3\Ad-Watch.exe"
You won't be able to fix anything with Ad-Watch enabled. Consult your
handler in an appropriate forum.
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\Program
> Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
> - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
Your Sun Java runtimes are outdated, leaving you vulnerable to hijackware!
> O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}
> - C:\WINDOWS\System32\shdocvw.dll (HKCU)
Spyware: uninstall it.
> O23 - Service: BitDefender Scan Server (bdss) - Unknown owner -
> C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe"
> /service
> (file missing)
> O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown
> owner - C:\Program Files\Common Files\Softwin\BitDefender Update
> Service\livesrv.exe" /service (file missing)
> O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner -
> C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
> O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner -
> C:\Program Files\Common Files\Softwin\BitDefender
> Communicator\xcommsvr.exe"
> /service (file missing)
If BitDefender is your anti-virus app, there's a chance it's not working
properly. If it's not your anti-virus app, it didn't uninstall cleanly so
McAfee VirusScan may not be working properly either.
NB: Having HijackThis "fix" any of the both entries will NOT rid the machine
of the hijackware!
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org
|
| |
|
| |
|
| |
|