TechSpot

Need assistance with Hijack This log

By livetoski
Dec 30, 2004
  1. Hey my computer has been running extremly slow. I've ran mutli spyware removal programs and i ran norton several times and i think things are getting better. I read on a website that I should run highjack this to finish the job but to get a pro to help decide which files should go and which should stay
    I don't know if you want the log file attached or not but here it is
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Reboot in safe mode

    Uninstall anything to do with this rubbish:
    C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
    See this article: http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note

    Uninstall anything to do with this rubbish (if it lets you):
    C:\Program Files\eDonkey2000\eDonkey2000.exe
    C:\Program Files\NewDotNet\newdotnet6_38.dll
    C:\Program Files\MTS\EnterNet 300\app\EnterNet.exe

    Kill these running processes first with Task Manager, if you can:
    wetwork.exe
    internat.exe
    Userinit.exe

    With NO other programs open, run HJT and let it FIX:
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://kwas.mainpage.net
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://kwas.mainpage.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://kwas.mainpage.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
    O2 - BHO: C:\WINNT\lbbho.dll - {E2C29567-1040-4A91-AFCC-6ABCC5AD5FC7} - C:\WINNT\lbbho.dll
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
    O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] wetwork.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - Startup: MTS DSL.lnk = C:\Program Files\MTS\EnterNet 300\app\EnterNet.exe
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2033030bde2f96a71e05/netzip/RdxIE2.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O23 - Service: Winkwb - Unknown - C:\WINNT\System32\Winkwb.exe (file missing)

    When done, delete the crap, whatever is left:
    C:\Program Files\eDonkey2000\ (anything in this DIR including the DIR itself)
    C:\Program Files\NewDotNet\ (anything in this DIR including the DIR itself)
    C:\Program Files\MTS\ (anything in this DIR including the DIR itself)
    C:\Program Files\Acceleration Software\ (anything in this DIR including the DIR itself)
    C:\WINNT\lbbho.dll
    C:\Program Files\Winamp\winampa.exe
    loadqm.exe (wherever it is)
    wetwork.exe (wherever it is)
    internat.exe (wherever it is)
    Userinit.exe (wherever it is)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...