Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

NewMalware.j and other errors


  • Please log in to reply

#1
Funnysoul007

Funnysoul007

    New Member

  • Member
  • Pip
  • 1 posts
I'm having problems with a trojan I can't remove, NewMalware.j or something. But i think i also have other spyware.
Help please.

Hijackthis LOG

Logfile of HijackThis v1.99.1
Scan saved at 12:30:35 p.m., on 30/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\archivos de programa\mcafee.com\agent\mcdetect.exe
c:\ARCHIV~1\mcafee.com\agent\mctskshd.exe
C:\ARCHIV~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\ARCHIV~1\mcafee.com\agent\mcagent.exe
c:\archivos de programa\mcafee.com\vso\mcvsshld.exe
c:\archiv~1\mcafee.com\vso\mcvsescn.exe
C:\ARCHIV~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BL.EXE
C:\Archivos de programa\Messenger\msmsgs.exe
c:\archiv~1\mcafee.com\vso\mcvsftsn.exe
C:\Archivos de programa\3.0M SD DSC\Console\Watch.exe
C:\ARCHIV~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\Archivos temporales de Internet\Content.IE5\4UFQM3NJ\aswclnr[1].exe
C:\WINDOWS\Archivos temporales de Internet\Content.IE5\4UFQM3NJ\aswclnr[1].tmp
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wstdmode.exe
C:\WINDOWS\system32\brwconf.exe
C:\DOCUME~1\Compaq\CONFIG~1\Temp\Directorio temporal 2 para HijackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.mx/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presar...c...bar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mx.rd.yahoo.c...com/search?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\ARCHIVOS DE PROGRAMA\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL (file missing)
F2 - REG:system.ini: Shell=Explorer.exe,attrperf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\attrperf.exe,C:\Documents and Settings\Compaq\Datos de programa\Explorer\attrperf.exe,C:\Documents and Settings\Rubén @\Datos de programa\Explorer\attrperf.exe
O1 - Hosts: 216.127.81.112 auto.search.msn.com
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\ARCHIVOS DE PROGRAMA\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\ARCHIVOS DE PROGRAMA\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL (file missing)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Archivos de programa\NewDotNet\newdotnet7_22.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\system32\xod.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\archiv~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [CMESys] "C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [Corel Print House 513] C:\Archivos de programa\Archivos comunes\Corel\Registration\ES\Registration.exe /title="Corel Print House 5" /date=021706 serial=PH05WBS-0000035-JYF
O4 - HKLM\..\Run: [VSOCheckTask] "C:\ARCHIV~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Archivos de programa\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Archivos de programa\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\ARCHIV~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\ARCHIV~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\ARCHIV~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\ARCHIV~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BL.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB001" /M "Stylus CX3500"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ayfofnao] C:\WINDOWS\System32\ayfofnao.exe
O4 - HKCU\..\RunServices: [Ms Service Drivers] updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: GStartup.lnk = C:\Archivos de programa\Archivos comunes\GMT\GMT.exe
O4 - Global Startup: Date Manager.lnk = C:\Archivos de programa\Date Manager\DateManager.exe
O4 - Global Startup: Watch.lnk = C:\Archivos de programa\3.0M SD DSC\Console\Watch.exe
O4 - Global Startup: Recordatorios de Corel Family & Friends.LNK = C:\Archivos de programa\Corel\Print House Magic 4 Premium\cffrem.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxdm414YYMX
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~4\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\ARCHIV~1\YAHOO!\COMMON\yhexbmesmx.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\ARCHIV~1\YAHOO!\COMMON\yhexbmesmx.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Archivos de programa\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} - http://installs.hotb...rams/Hotbar.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44263A76-2F09-4256-93EF-2CD1F04A67E6}: Domain = prodigy
O17 - HKLM\System\CCS\Services\Tcpip\..\{44263A76-2F09-4256-93EF-2CD1F04A67E6}: NameServer = 200.33.148.193,200.33.148.201
O17 - HKLM\System\CS1\Services\Tcpip\..\{44263A76-2F09-4256-93EF-2CD1F04A67E6}: Domain = prodigy
O17 - HKLM\System\CS1\Services\Tcpip\..\{44263A76-2F09-4256-93EF-2CD1F04A67E6}: NameServer = 200.33.148.193,200.33.148.201
O17 - HKLM\System\CS2\Services\Tcpip\..\{44263A76-2F09-4256-93EF-2CD1F04A67E6}: Domain = prodigy
O17 - HKLM\System\CS2\Services\Tcpip\..\{44263A76-2F09-4256-93EF-2CD1F04A67E6}: NameServer = 200.33.148.193,200.33.148.201
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: e1.dll wmasvsin.dll confbrw.dll brwstat.dll
O20 - Winlogon Notify: brwmgr - C:\WINDOWS\SYSTEM32\brwmgr32.dll
O20 - Winlogon Notify: ComPlusSetup - C:\WINDOWS\system32\catsrvut.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wstdmode - C:\WINDOWS\system32\wstdmode.dll
O20 - Winlogon Notify: xod - xod.dll (file missing)
O21 - SSODL: IEFilter - {1279CEDD-074A-4F0B-9C86-13BE97F282FD} - C:\WINDOWS\system32\IEFilter.dll (file missing)
O21 - SSODL: Connection Explorer - {8415DA68-827D-42E0-8F59-DA90F3EF5DE0} - (no file)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\archivos de programa\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\ARCHIV~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\ARCHIV~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\ARCHIV~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\ARCHIV~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Unknown owner - C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe (file missing)
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Unknown owner - C:\Archivos de programa\Trend Micro\OfficeScan Client\OfcPfwSvc.exe (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Service - Unknown owner - C:\WINDOWS\System32\Service.exe (file missing)
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe (file missing)

Edited by Funnysoul007, 30 October 2006 - 12:33 PM.

  • 0

Advertisements


#2
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
DownLoad http://www.cexx.org/lspfix.htm

Add remove programs – remove newdotnet

If it will not uninstall, or is not listed there go here: http://www.newdotnet.com/removal.html
and follow procedure 4 to remove it.

Launch the LSP application, and click the "I know what I'm doing" checkbox.

Move nothing just click Finish.
==================

Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop. Note: This is NOT the Anti Virus from AVG.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.
1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
o Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
o Select "Automatically generate report after every scan"
o Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
4. AVG will now begin the scanning process. Please be patient as this may take a little time.
Once the scan is complete, do the following:
5. If you have any infections you will be prompted. Then select "Apply all actions."
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the log from AVG and a new HiJack log
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP