Re: Help reading a HijackThis log

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Rick (Notevenme_at_nowhere.com)
Date: 11/16/04 

Date: Tue, 16 Nov 2004 17:27:55 -0500

Might try removing these ( at your own risk of course).
You do know that you have MALWARE ON THERE don't oyu?? You definitely need
to get rid of the NEW DOT NET... It is not easy to get rid of sometimes
either.........
Rick
ric(dot)eve at Gmail ( dot ) com.........

"Ricky" <rsjoiner@no_spambellsouth.net> wrote in message
news:_udmd.17048$jE2.12212@bignews4.bellsouth.net...
> Go here:
> http://mjc1.com/mirror/hjt/
> For instructions on how to use hijack this
>
>
>
> You have to post the log it
> produces here:
> http://www.spywareinfo.com/forums/
> so experts tell you what is good and what is malware
>
> "Jim" <Jim@discussions.microsoft.com> wrote in message
> news:CE302EB8-3588-4BD1-9A78-4A7C2E3D7351@microsoft.com...
>> Hi:
>> I ran hijack this and I was wondering is an MVP could help me know what
>> to
>> delete from the log file
>>
>> Logfile of HijackThis v1.98.2
>> Scan saved at 8:55:42 PM, on 11/15/2004
>> Platform: Windows XP SP2 (WinNT 5.01.2600)
>> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>>
>> Running processes:
>> C:\WINDOWS\System32\smss.exe
>> C:\WINDOWS\system32\winlogon.exe
>> C:\WINDOWS\system32\services.exe
>> C:\WINDOWS\system32\lsass.exe
>> C:\WINDOWS\system32\svchost.exe
>> C:\WINDOWS\System32\svchost.exe
>> C:\WINDOWS\system32\spoolsv.exe
>> C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
>> C:\WINDOWS\system32\cisvc.exe
>> C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
>> C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
>> c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
>> C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
>> C:\WINDOWS\System32\nvsvc32.exe
>> C:\WINDOWS\System32\svchost.exe
>> C:\WINDOWS\wanmpsvc.exe
>> C:\WINDOWS\system32\svchost.exe
>> C:\WINDOWS\system32\fxssvc.exe
>> c:\PROGRA~1\mcafee.com\vso\mcshield.exe
>> C:\WINDOWS\Explorer.EXE
>> C:\WINDOWS\BCMSMMSG.exe
>> C:\WINDOWS\System32\DSentry.exe
>> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
>> C:\PROGRA~1\mcafee.com\agent\mcagent.exe
>> C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
>> C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
>> C:\Program Files\Common Files\Dell\EUSW\Support.exe
>> c:\progra~1\mcafee.com\vso\mcvsescn.exe
>> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
>> C:\Program Files\QuickTime\qttask.exe
>> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
>> C:\WINDOWS\system32\rundll32.exe
>> C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
>> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
>> C:\WINDOWS\system32\rundll32.exe
>> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
>> C:\WINDOWS\system32\RUNDLL32.EXE
>> C:\Program Files\Digital Line Detect\DLG.exe
>> C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
>> C:\Program Files\MSN Messenger\msnmsgr.exe
>> c:\progra~1\mcafee.com\vso\mcvsftsn.exe
>> C:\Program Files\Messenger\msmsgs.exe
>> C:\WINDOWS\system32\cidaemon.exe
>> C:\WINDOWS\system32\cidaemon.exe
>> C:\Program Files\MSN\MSNCoreFiles\msn.exe
>> C:\Program Files\Internet Explorer\iexplore.exe
>> C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
>> C:\DOCUME~1\JIM&CA~1\LOCALS~1\Temp\Temporary Directory 1 for
>> hijackthis.zip\HijackThis.exe
>>
>> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
>> http://www.dellnet.com/
>> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
>> http://g.msn.com/0SEENUS/SAOS01
>> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
>> http://www.ewtn.com/news/index.asp
>> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
>> http://www.dellnet.com/
>> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
>> Settings,AutoConfigURL = windowsupdate.microsoft.com
>> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
>> Settings,ProxyOverride = http://localhost
>> R3 - Default URLSearchHook is missing
>> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
>> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
>> O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
>> C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
>> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
>> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
>> O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -
>> c:\progra~1\mcafee.com\vso\mcvsshl.dll
>> O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
>> C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
>> O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
>> C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
>> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
>> C:\WINDOWS\System32\NvCpl.dll,NvStartup
>> O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
>> O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
>> O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
>> Jukebox\mm_tray.exe
>> O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
>> O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
>> O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD
>> Creator
>> 5\DirectCD\DirectCD.exe"
>> O4 - HKLM\..\Run: [VirusScan Online]
>> "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
>> O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common
>> Files\Dell\EUSW\Support.exe
>> O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
>> O4 - HKLM\..\Run: [VSOCheckTask]
>> "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe"
>> /checktask
>> O4 - HKLM\..\Run: [pmr] C:\Program Files\Common Files\Presentia\pmr.exe
>> O4 - HKLM\..\Run: [EPSON Stylus CX5200]
>> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON
>> Stylus
>> CX5200" /O6 "USB001" /M "Stylus CX5200"
>> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
>> Files\QuickTime\qttask.exe"
>> -atboottime
>> O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
>> C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
>> O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
>> Jukebox\mmtask.exe
>> O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
>> O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
>> Manager\ViewMgr.exe
>> O4 - HKLM\..\Run: [New.net Startup] rundll32
>> C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
>> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
>> Files\Real\Update_OB\realsched.exe" -osboot
>> O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
>> C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
>> O4 - Global Startup: Digital Line Detect.lnk = ?
>> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
>> Office\Office\OSA9.EXE
>> O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
>> (no
>> file)
>> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
>> C:\Program Files\Messenger\msmsgs.exe
>> O9 - Extra 'Tools' menuitem: Windows Messenger -
>> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
>> Files\Messenger\msmsgs.exe
>> O10 - Hijacked Internet access by New.Net
>> O10 - Hijacked Internet access by New.Net
>> O10 - Hijacked Internet access by New.Net
>> O10 - Hijacked Internet access by New.Net
>> O10 - Hijacked Internet access by New.Net
>> O12 - Plugin for .pdf: C:\Program Files\Internet
>> Explorer\PLUGINS\nppdf32.dll
>> O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup
>> Class)
>> - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
>> O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client
>> Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
>> O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com
>> Download+Installer Class) -
>> http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,56/mcinsctl.cab
>> O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj
>> Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
>> O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
>> System Class) -
>> http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
>> O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
>> http://207.188.7.150/0312cff0cbd8d5564e02/netzip/RdxIE601.cab
>> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
>> Class) -
>> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
>> O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) -
>> https://www.gamespyid.com/alaunch.cab
>> O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) -
>> https://cs7b.instantservice.com/jars/customerxsigned42.cab
>> O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
>> Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
>> O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
>> http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
>> O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) -
>> http://viewers.multicastmedia.com/common/mbrowser/MINIBrowser.CAB
>> O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
>> http://download.abacast.com/download/files/abasetup141.cab
>>
>>
>
>

Quantcast