HijackThis- can anyone tell me what to delete just to mention his is in safe mode

C

CMCSS03

Logfile of HijackThis v1.99.1
Scan saved at 3:21:25 PM, on 6/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565}
- (no file)
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program


Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -


C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {657F7EDA-1C20-446E-BDF3-C6AE839F0EDD} -

C:\WINDOWS\system32\twext32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program

files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {7CBBB3F1-0E68-43FA-B034-4D3EC394D085} - (no
file)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe"

/startintray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunasDtServ] C:\Program Files\Sunbelt
Software\CounterSpy

Client\sunasDtServ.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32

C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare
Solutions\FreeRAM XP

Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\LAVASOFT\AD-AWA~3\Ad-Watch.exe"
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program
Files\Trend

Micro\Tmas\Tmas.exe
O4 - Global Startup: Spy Sweeper Fix.lnk = C:\Program Files\Webroot\Spy


Sweeper\SpySweeperFix.bat
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System,
DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://c:\program

files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program

files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://c:\program

files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program

Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Spyware Doctor -
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program

Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}
-

C:\WINDOWS\System32\shdocvw.dll (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage

Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download
Control Class)

- http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -

http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE
Class) -

http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class)
-

http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -
C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner -
C:\Program

Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
(file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner -

C:\WINDOWS\runservice.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown
owner -

C:\Program Files\Common Files\Softwin\BitDefender Update
Service\livesrv.exe" /service

(file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network
Associates, Inc. -

C:\Program Files\Network Associates\Common
Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network
Associates, Inc. -

C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) -
Network Associates,

Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research
Pty Ltd -

C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot
Software, Inc. -

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) -
TuneUp Software

GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner -
C:\Program

Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: WLTRYSVC - Unknown owner -
C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner -
C:\Program

Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe"
/service (file

missing)
 
F

Frank Saunders, MS-MVP OE

G

Guest

Please do not post copies of your hijack this log on this forum.
as the replay noted, there is a correct forum for these logs with loads of
experts to offer advice, by the way, you have newdotnet this is a bad thing,
it needs to be removed

CMCSS03 said:
Logfile of HijackThis v1.99.1
Scan saved at 3:21:25 PM, on 6/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565}
- (no file)
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program


Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -


C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {657F7EDA-1C20-446E-BDF3-C6AE839F0EDD} -

C:\WINDOWS\system32\twext32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program

files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {7CBBB3F1-0E68-43FA-B034-4D3EC394D085} - (no
file)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe"

/startintray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunasDtServ] C:\Program Files\Sunbelt
Software\CounterSpy

Client\sunasDtServ.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32

C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare
Solutions\FreeRAM XP

Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\LAVASOFT\AD-AWA~3\Ad-Watch.exe"
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program
Files\Trend

Micro\Tmas\Tmas.exe
O4 - Global Startup: Spy Sweeper Fix.lnk = C:\Program Files\Webroot\Spy


Sweeper\SpySweeperFix.bat
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System,
DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://c:\program

files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program

files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://c:\program

files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program

Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Spyware Doctor -
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program

Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}
-

C:\WINDOWS\System32\shdocvw.dll (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage

Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download
Control Class)

- http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -

http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE
Class) -

http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class)
-

http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -
C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner -
C:\Program

Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
(file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner -

C:\WINDOWS\runservice.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown
owner -

C:\Program Files\Common Files\Softwin\BitDefender Update
Service\livesrv.exe" /service

(file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network
Associates, Inc. -

C:\Program Files\Network Associates\Common
Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network
Associates, Inc. -

C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) -
Network Associates,

Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research
Pty Ltd -

C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot
Software, Inc. -

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) -
TuneUp Software

GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner -
C:\Program

Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: WLTRYSVC - Unknown owner -
C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner -
C:\Program

Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe"
/service (file

missing)
Click to expand...
 
P

PA Bear

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.**
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org

Logfile of HijackThis v1.99.1
Scan saved at 3:21:25 PM, on 6/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Click to expand...
<snip>
 
P

PA Bear

OK, I'm bored, so for illustrative purposes only:
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565}
- (no file)
Click to expand...

See http://www.symantec.com/avcenter/venc/data/spyware.isearch.html
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
See
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_GEDZA.A&VSect=T

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program
Files\NewDotNet\newdotnet7_22.dll
O4 - HKLM\..\Run: [New.net Startup] rundll32
C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
Click to expand...

See http://www.symantec.com/avcenter/venc/data/adware.ndotnet.html
O3 - Toolbar: (no name) - {7CBBB3F1-0E68-43FA-B034-4D3EC394D085} - (no
file)
Click to expand...

See http://www.symantec.com/avcenter/venc/data/spyware.ietoolbar.html
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: Spy Sweeper Fix.lnk = C:\Program Files\Webroot\Spy
Sweeper\SpySweeperFix.bat
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot
Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Click to expand...

SpySweeper's useless if you've not subscribed or it's not fully updated.
Uninstall it or update it and scan in Safe Mode.
O4 - HKLM\..\Run: [sunasDtServ] C:\Program Files\Sunbelt
Software\CounterSpy Client\sunasDtServ.exe
Ditto.

O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\LAVASOFT\AD-AWA~3\Ad-Watch.exe"
Click to expand...

You won't be able to fix anything with Ad-Watch enabled. Consult your
handler in an appropriate forum.
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program
Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
Click to expand...

Your Sun Java runtimes are outdated, leaving you vulnerable to hijackware!
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}
- C:\WINDOWS\System32\shdocvw.dll (HKCU)
Click to expand...

Spyware: uninstall it.
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner -
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe"
/service
(file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown
owner - C:\Program Files\Common Files\Softwin\BitDefender Update
Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner -
C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner -
C:\Program Files\Common Files\Softwin\BitDefender
Communicator\xcommsvr.exe"
/service (file missing)
Click to expand...

If BitDefender is your anti-virus app, there's a chance it's not working
properly. If it's not your anti-virus app, it didn't uninstall cleanly so
McAfee VirusScan may not be working properly either.

NB: Having HijackThis "fix" any of the both entries will NOT rid the machine
of the hijackware!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Hijackthis scan 11
Problems with pops ups 6
SVC host problem 3
Item in system configuration utility lacks information (???) 5
PLEASE HELp.. i can not get rid of this bug on my computer 2
IE redirection problem 2
Computer Keeps Hanging & Screen Goes Wonky 4
sharedobj.dll errors 1

Top