Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bloodhound.w32.ep


  • Please log in to reply

#1
splitgirl

splitgirl

    Member

  • Member
  • PipPip
  • 10 posts
I have tried to remove this through Norton and it cannot- I am running a stinger right now that is detecting some stuff. What else do i need to do? I have ad-ware SE.

Please help!
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Feel free to post a HijackThis log:
http://home.planet.n...xplanation.html

Someone will look it over for you to see if anything remains to be done.

Regards,

Pieter
  • 0

#3
splitgirl

splitgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is what came back on Hijackthis- please help!!!


Logfile of HijackThis v1.98.2
Scan saved at 11:38:51 AM, on 12/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\crss.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jenn\Local Settings\Temporary Internet Files\Content.IE5\VPR7YBTN\stinger[1].exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\Jenn\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [System CPL manager] gzotxgt.exe
O4 - HKLM\..\Run: [WinSecured32] ssmr.exe
O4 - HKLM\..\Run: [Microsoft Relay Manager] rmwiun.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Win32 Network Driver] crss.exe
O4 - HKLM\..\RunServices: [System CPL manager] gzotxgt.exe
O4 - HKLM\..\RunServices: [WinSecured32] ssmr.exe
O4 - HKLM\..\RunServices: [Microsoft Relay Manager] rmwiun.exe
O4 - HKLM\..\RunServices: [Win32 Network Driver] crss.exe
O4 - HKLM\..\RunOnce: [Win32 Network Driver] crss.exe
O4 - HKCU\..\Run: [System CPL manager] avwmvfz.exe
O4 - HKCU\..\Run: [Win32 Network Driver] crss.exe
O4 - HKCU\..\RunOnce: [Win32 Network Driver] crss.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102202995680
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.c...es/PROFILER.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.skibanff....sCamControl.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtange...soft/wtinst.cab
  • 0

#4
splitgirl

splitgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I have also disabled the system restore setting to do the scans
  • 0

#5
splitgirl

splitgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Any ideas on what i should remove from the hijackThis report? Please help, I am trying to study for university exams!!!
  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Had to eat. Sorry we have private lifes too. :tazz:

Go to Add/Remove Software and see if you can remove NewDotNet aka New.Net (Domains) there, either way continue with the following.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [System CPL manager] gzotxgt.exe
O4 - HKLM\..\Run: [WinSecured32] ssmr.exe
O4 - HKLM\..\Run: [Microsoft Relay Manager] rmwiun.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe

O4 - HKLM\..\Run: [Win32 Network Driver] crss.exe
O4 - HKLM\..\RunServices: [System CPL manager] gzotxgt.exe
O4 - HKLM\..\RunServices: [WinSecured32] ssmr.exe
O4 - HKLM\..\RunServices: [Microsoft Relay Manager] rmwiun.exe
O4 - HKLM\..\RunServices: [Win32 Network Driver] crss.exe
O4 - HKLM\..\RunOnce: [Win32 Network Driver] crss.exe
O4 - HKCU\..\Run: [System CPL manager] avwmvfz.exe
O4 - HKCU\..\Run: [Win32 Network Driver] crss.exe
O4 - HKCU\..\RunOnce: [Win32 Network Driver] crss.exe

O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtange...soft/wtinst.cab

Reboot after doing so, preferably into safe mode and delete:
C:\Program Files\Windows ControlAd <= entire folder

Do an online virusscan as soon as you can make time, you will find several listed here: http://www.wilders.o..._services_m.htm
Or better yet, install an AV and do a full system scan.

Regards,

Pieter
  • 0

#7
splitgirl

splitgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
thanks for your help...
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtange...soft/wtinst.cab

the link is not working. any ideas?
  • 0

#8
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi

Try this link

http://wildtangent.c...ated=1100796336

kc :tazz:
  • 0

#9
splitgirl

splitgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
i tried the link but it said my current security settings do not allow this to be downloaded. I checked my internet settings and for normal websites it is set to enable downloads... help!
  • 0

#10
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
I wanted you to fix that line in HijackThis. Not visit the site.

Regards,

Pieter
  • 0

Advertisements


#11
splitgirl

splitgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ok- sorry!
I did run the fix and it said that it could not fix a file, and referred me to
http://www.cexx.org/lspfix.htm
where i can't download the right thing to do it (security settings message again)

Should i just go ahead and remove the folder you mentioned ?[C:\PgmFiles\Windows ControlAd]
  • 0

#12
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
For LSPfix please follow these directions.

Download LSPfix here: http://www.cexx.org/lspfix.htm
Launch the application, and click the "I know what I'm doing" checkbox.
Check all instances of NewDotNet (and nothing else), and move them to the "Remove" pane.
Then click Finish.

Regards,

Pieter
  • 0

#13
splitgirl

splitgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I have tried to do that but I cannot download the file- my computer will not accept it- i get a message that my security settings will not allow for this to be downloaded. I have checked them for regular internet pages and it is set to enable downloads.
  • 0

#14
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Does this link work for you:
http://www.cexx.org/LSPFix.exe

If not PM me your email address and I will send you a copy.

Regards,

Pieter
  • 0

#15
splitgirl

splitgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ok- that one worked. It has ran (lsp fix) and has not come back with anything NewDotNet. I have:

mswsock.dll
winrnr.dll
rsvpsp.dll

What next?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP