1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Just downloaded HJ.

Discussion in 'Virus & Other Malware Removal' started by Hugo, Oct 11, 2004.

Thread Status:
Not open for further replies.
  1. Hugo

    Hugo Thread Starter

    Joined:
    Oct 11, 2004
    Messages:
    1
    Hey.
    I have had some problems with my computer, and know I have tried my best. Someone told me to download Hijack and then post my log here. Could someone please take a look at it-, If there's something more to be done, please let me know.

    Thanks

    Logfile of HijackThis v1.98.2
    Scan saved at 21:57:56, on 11.10.2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
    C:\Programfiler\Norton AntiVirus\navapsvc.exe
    C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Programfiler\Nokia\Nokia PC Suite 5\DataLayer.exe
    C:\Programfiler\Fellesfiler\Nokia\NCLTools\NclTray.exe
    C:\PROGRA~1\ELEKTR~1\OPTISK~1\Amoumain.exe
    C:\Programfiler\Elaborate Bytes\CloneCD\CloneCDTray.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
    C:\Programfiler\Fellesfiler\Nokia\Services\ServiceLayer.exe
    C:\Programfiler\Musikk\MUSICMATCH Jukebox\mmtask.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\bcmwltry.exe
    C:\Programfiler\Winamp\winampa.exe
    C:\Programfiler\VVSN\VVSN.exe
    C:\WINDOWS\System32\vdphtgq.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Programfiler\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Programfiler\Home Cinema\PowerCinema\PCMService.exe
    C:\Programfiler\Messenger Plus! 3\MsgPlus.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Programfiler\Skype\Phone\Skype.exe
    C:\Programfiler\ATI Multimedia\RemCtrl\ATIRW.exe
    C:\Programfiler\CASIO\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Programfiler\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Programfiler\CASIO\Photo Loader\Plauto.exe
    C:\Programfiler\MSN Messenger\MsnMsgr.Exe
    C:\Programfiler\Internet Explorer\iexplore.exe
    C:\Programfiler\Messenger\msmsgs.exe
    C:\Programfiler\Outlook Express\msimn.exe
    C:\Programfiler\Microsoft Office\Office\WINWORD.EXE
    C:\Programfiler\Musikk\Winamp3\winamp3.exe
    c:\programfiler\grafikk\acrobat\Reader\AcroRd32.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Programfiler\wincmd\WINCMD32.EXE
    c:\Programfiler\DC++\DCPlusPlus.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\DOCUME~1\OlavS\LOKALE~1\Temp\$wc\HIJACK~1.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startsiden.no/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O1 - Hosts: 216.40.230.4 desktop.kazaa.com
    O1 - Hosts: 216.40.230.4 alpha.kazaa.com
    O1 - Hosts: 216.40.230.4 shop.kazaa.com
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll
    O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programfiler\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\programfiler\grafikk\acrobat\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programfiler\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Programfiler\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [DataLayer] C:\Programfiler\Nokia\Nokia PC Suite 5\DataLayer.exe
    O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programfiler\Fellesfiler\Nokia\NCLTools\NclTray.exe
    O4 - HKLM\..\Run: [WheelMouse] c:\PROGRA~1\ELEKTR~1\OPTISK~1\\Amoumain.exe
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programfiler\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Programfiler\Elaborate Bytes\CloneCD\CloneCDTray.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Programfiler\Fellesfiler\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [mmtask] C:\Programfiler\Musikk\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
    O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe
    O4 - HKLM\..\Run: [VVSN] C:\Programfiler\VVSN\VVSN.exe
    O4 - HKLM\..\Run: [vciwhphl] C:\WINDOWS\System32\vdphtgq.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Programfiler\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programfiler\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [UdpServices] "\\Stasjonær\Delte dokume\BWServer.exe"
    O4 - HKCU\..\Run: [ATI Remote Control] C:\Programfiler\ATI Multimedia\RemCtrl\ATIRW.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programfiler\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programfiler\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programfiler\CASIO\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Programfiler\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programfiler\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: Photo Loader supervisory.lnk = C:\Programfiler\CASIO\Photo Loader\Plauto.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\Resources\IntraLaunch.CAB
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = smvas.local
    O17 - HKLM\Software\..\Telephony: DomainName = smvas.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = smvas.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = smvas.local
     
  2. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
    Download LSP Fix

    LSP Fix download link

    It's a program that can restore your internet connection if it's lost after the NewDotNet uninstall.



    Uninstall NewDotNet via Start-Control Panel-Add or Remove Programs.

    Restart your computer.

    If that fails, then follow the instructions below:


    PROCEDURE 4 (Download Uninstall from New.net):

    From a computer that has Internet access, click on the following link:

    NewDotNet uninstaller


    Download and save uninstall6_22.exe to a 3-½ floppy disk.

    Insert the floppy disk into the floppy drive of the computer that needs to have our software uninstalled from.

    Click on Start.

    Click on Run.

    In the Open window type, A:\uninstall6_22.exe.

    Click on the OK button.

    Re-start the computer.

    http://www.newdotnet.com/




    Uninstall:

    MyWay or MyWebSearch

    Twaintech

    Restart the computer.



    Download and save these freeware/donationware programs to a permanent folder. Remember to check for updates and run them weekly.


    ***NOTE***A new version of Ad-aware has been released.


    ***ALSO***A new version of SpyBot's been released (v1.3...it's no longer in beta). If you have been using 1.2 you can install right over it. If you downloaded and used 1.3 beta it is suggested you remove it and reboot prior to installing.


    Ad-aware SE download

    Configure Ad-aware


    First in the main window look in the bottom right corner and click on "Check for updates now." then click Connect and download the latest reference files.

    From the main window, click Start then under "Select a scan Mode " select "Perform full system scan.

    Next deselect "Search for negligible risk entries.

    Click the "Next" button.

    When the scan is finished mark everything for removal and get delete the selections. (Right-click within the window and choose "Select All" from the drop down menu and click Next)

    Restart your computer.


    SpyBot Search and Destroy download

    Open SpyBot.

    Click the button to "Search for Updates" Download and install the Updates.

    Next click "Check for Problems".

    Put a check mark beside the red entries.

    Choose "Fix Selected Problems" and allow Spybot to fix the red entries.



    I also highly recommend you install and update SpywareBlaster Click the link below, in my signature, to read a tutorial on the use of SpyWareBlaster.



    Run Ad-aware and Spybot in Safe Mode.

    How to start your computer in Safe Mode


    Re-start your computer into normal mode and post another HJT log in this thread.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/283465

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice