Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack log cleanup [CLOSED]


  • This topic is locked This topic is locked

#1
star3402

star3402

    New Member

  • Member
  • Pip
  • 1 posts
I need some help figuring out which files to delete. Please email me: when you get time to respond. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 5:09:19 PM, on 7/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LMSXXD.exe
C:\SCANJET\PrecisionScanPro\HPLamp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
C:\Program Files\Siemens\SpeedStream Wireless USB\SSUSBCfg.exe
C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Mark\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ucctops.com/ucc/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: HyperSearchHook - {4E1A5E2C-AA60-4538-9600-82A9518B061B} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4B29D7F2-F527-E955-D423-25422D9EBBA8} - C:\DOCUME~1\Mark\APPLIC~1\WIPEPL~1\flag skip.exe
O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - C:\Program Files\Common Files\Hyperbar\Hyperbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [LMSXXD] LMSXXD.exe
O4 - HKLM\..\Run: [HP Lamp] C:\SCANJET\PrecisionScanPro\HPLamp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [intra gram wave sign] C:\Documents and Settings\All Users\Application Data\DOWNLOADFOURINTRAGRAM\platformfour.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [slow book] C:\DOCUME~1\Mark\APPLIC~1\CLOSES~1\Film acid.exe
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - Startup: AbsoluteShield Internet Eraser.lnk = C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Global Startup: SpeedStream Wireless LAN Utility.lnk = C:\Program Files\Siemens\SpeedStream Wireless USB\SSUSBCfg.exe
O4 - Global Startup: UPS Online PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: *.homeshowexpo.com
O15 - Trusted Zone: *.ucctops.com
O16 - DPF: {00C7C2A0-8B82-11D1-8B57-00A0C98CD92B} (ActiveReports Viewer) - http://ucctops.com/ucc/arviewer.cab
O16 - DPF: {0914A6AD-B2B2-489D-9F8A-65AC0892C16F} (prjOutLoadActiveX.OutLoadOrderPick) - http://www.ucctops.c...LOADACTIVEX.CAB
O16 - DPF: {110684D6-FD55-11D4-B95D-0008C7BBC99A} (UCCCenterEmp.CenterEmployee) - http://www.ucctops.c...CCCENTEREMP.CAB
O16 - DPF: {198D7217-D4DE-4F1C-9653-67FA935BBF2E} (UCCMemberComment.MemberComment) - http://ucctops.com/u...mberComment.CAB
O16 - DPF: {37EDD7F1-F9D2-11D3-B92F-0008C7B328E7} (UCCVendorComment.VendorComment) - http://www.ucctops.c...NDORCOMMENT.CAB
O16 - DPF: {3AB35C72-FBC9-11D4-B95A-0008C7BBC99A} (UCCVendor_Center.Vendor_Center) - http://www.ucctops.c...NDOR_CENTER.CAB
O16 - DPF: {3E868D8B-D560-11D3-B8E1-0008C7B328E7} (UCCVendorContact.VendorContact) - http://www.ucctops.c...NDORCONTACT.CAB
O16 - DPF: {46F1070B-2725-4C80-8F03-4146BF337889} (Sign.ctrlSign) - http://www.ucctops.com/UCC/SIGN.CAB
O16 - DPF: {508CF561-90FD-11D3-B86B-0008C7B328E7} (UCCOrderedItems.OrderedItems) - http://ucctops.com/u...rderedItems.CAB
O16 - DPF: {5F7EF593-FD4C-11D4-B95D-0008C7BBC99A} (UCCVendorEmp.VendorEmployee) - http://www.ucctops.c...CCVENDOREMP.CAB
O16 - DPF: {6DCE5A95-534F-4589-8F34-B80BD8F86A23} (UCCFeesCenter.UCCFeesCtlCenter) - http://www.ucctops.c...CFEESCENTER.CAB
O16 - DPF: {719D6B64-25D8-11D4-B85E-0008C7BBC99A} (UCCOrderPayment.OrderPayment) - http://ucctops.com/u...rderPayment.CAB
O16 - DPF: {7BFC8554-6919-4679-8A97-6A85D51A64E5} (VSClientLogOn.UserControl1) - http://sec1.totalhom...om/VSRLogOn.CAB
O16 - DPF: {7F3AADF6-83B7-4993-92D3-5AF9AE33F0F0} (UCCDate.Date) - https://www.ucctops....abs/UCCDate.CAB
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {890D538D-BB75-11D4-B90A-0008C7BBC99A} (UCCCenterCenter.CenterVendor) - http://www.ucctops.c...ENTERVENDOR.CAB
O16 - DPF: {92AA2752-FD2D-11D4-B95D-0008C7BBC99A} (UCCEmpCenter.EmployeeCenter) - http://www.ucctops.c...LOYEECENTER.CAB
O16 - DPF: {9C2142D6-65DE-11D3-B809-0008C7B328E7} (prjLVendorFacility.LVendorFacility) - http://www.ucctops.c...DORFACILITY.CAB
O16 - DPF: {9DD2D2FB-8E09-4EB5-985C-3E2CAFF81BE8} (UCCVendorFacility.VendorFacility) - http://www.ucctops.c...DORFACILITY.CAB
O16 - DPF: {ABB987D4-3BB1-11D4-A72C-0050BAB0F843} (prjRouteLocation.RouteLocation) - http://www.ucctops.c...UTELOCATION.CAB
O16 - DPF: {AC253AD4-C8EA-425F-820A-12993CDBC5BB} (UCCVendorPayTo.VendorPayTo) - http://www.ucctops.c...VENDORPAYTO.CAB
O16 - DPF: {AECA0013-460B-4BD4-B6ED-5BCD714E8678} (UCCEFTMerch.ctlEFTMerch) - http://www.ucctops.c...UCCEFTMERCH.CAB
O16 - DPF: {B1BFC425-32F8-11D4-AD62-0050BAB0F843} (prjOrderToLoad.OrderToLoad) - http://www.ucctops.c...ORDERTOLOAD.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CD2368C8-0429-11D5-8E96-00C04F580C6F} (UCCDateControl.DateControl) - http://ucctops.com/u...DateControl.CAB
O16 - DPF: {D17D5567-5202-45C5-A7E2-CECA48101268} (UccSupplierList.SupplierList) - http://ucctops.com/u...upplierList.CAB
O16 - DPF: {DB944E32-A10B-4D97-AA5E-B7451C157B0A} (UCCDiscussionsXML.UCCPODiscussionsXML) - https://www.ucctops....cussionsXML.cab
O16 - DPF: {DED417FF-FD42-11D4-B95D-0008C7BBC99A} (UCCEmpVendor.EmployeeVendor) - http://www.ucctops.c...LOYEEVENDOR.CAB
O16 - DPF: {DF2CD7C9-D585-4E39-8A60-A7CC72801B7D} (uccAPI.clsRegistry) - http://ucctops.com/ucc/uccAPI.CAB
O16 - DPF: {EEB96741-4027-4B6A-98FE-6FE6DCE89F87} (UCCEFTMemb.EFTMemb) - http://www.ucctops.c.../UCCEFTMEMB.CAB
O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) - https://www.ucctops.com/ucc/msxml3.cab
O16 - DPF: {F6A7C954-3CD2-4B78-A56F-4C488E363035} (UCCMemberPayment.MemberPayment) - http://ucctops.com/u...mberPayment.CAB
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Moderator note: Please don't post your email address in a public forum as spambots can come here.

Edited by therock247uk, 15 July 2005 - 08:07 PM.

  • 0

Advertisements


#2
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
1. Go to Start > Settings > Control Panel > Add/Remove and uninstall the following.

New.Net

2. Then post a new Hijackthis log here in a reply.
  • 0

#3
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP