Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My friEnds hijack log , PLease help diagnose!


  • This topic is locked This topic is locked
1 reply to this topic

#1 tareland31

tareland31

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 04 October 2004 - 06:53 AM

Logfile of HijackThis v1.98.2
Scan saved at 7:44:22 PM, on 10/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\windows\system32\qttask.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking3.exe
C:\WINDOWS\System32\NotifyPhoneBook.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\qzzwzq.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\PROGRA~1\Save\Save.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Common Files\GMT\GMT.exe
C:\DOCUME~1\ADMINI~1\MYDOCU~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\WINDOWS\System32\SahAgent.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\Program Files\Hotbar\bin\Hbinst.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\PROGRA~1\ezula\mmod.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Administrator\Application Data\belh.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Administrator\My Documents\PERL programming\OpenPerlIDE\OpenPerlIDE\PerlIDE.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [uuwvgobovpf] C:\WINDOWS\System32\qzzwzq.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll

BC AdBot (Login to Remove)

 


#2 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:07:41 PM

Posted 04 October 2004 - 08:40 AM

Hi tareland31

Please Download LSPFix from: here. Use this program only if you can not connect to the Internet after removing New(Dot)Net.

Follow these steps to remove NewDotNet:
A. Go to Start -> Control Panel.
B. Uninstall NewDotNet (New.Net) from Add/Remove Programs

If there is no uninstall program listed then do the following:
Go to http://www.newdotnet.com/removal.html ; scroll down to Procedure 4 and follow the removal instructions.

If you can not connect to the Internet after removing New(Dot)Net, please run the LSP-Fix program downloaded earlier, and click on the "Finish" button.

Reboot and post a new log please.

Edited by cryo, 04 October 2004 - 08:40 AM.

Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users