also @ TechSpot: Building a Thin Mini-ITX PC: Small and Silent Performance

Need assistance with Hijack This log

Discussion in 'Virus and Malware Removal' started by livetoski, Dec 30, 2004.

  1. livetoski Newcomer, in training

    Hey my computer has been running extremly slow. I've ran mutli spyware removal programs and i ran norton several times and i think things are getting better. I read on a website that I should run highjack this to finish the job but to get a pro to help decide which files should go and which should stay
    I don't know if you want the log file attached or not but here it is
    livetoski, Dec 30, 2004
    #1

  2. RealBlackStuff Newcomer, in training Posts: 8,165

    Reboot in safe mode

    Uninstall anything to do with this rubbish:
    C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
    See this article: http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note

    Uninstall anything to do with this rubbish (if it lets you):
    C:\Program Files\eDonkey2000\eDonkey2000.exe
    C:\Program Files\NewDotNet\newdotnet6_38.dll
    C:\Program Files\MTS\EnterNet 300\app\EnterNet.exe

    Kill these running processes first with Task Manager, if you can:
    wetwork.exe
    internat.exe
    Userinit.exe

    With NO other programs open, run HJT and let it FIX:
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://kwas.mainpage.net
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://kwas.mainpage.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://kwas.mainpage.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
    O2 - BHO: C:\WINNT\lbbho.dll - {E2C29567-1040-4A91-AFCC-6ABCC5AD5FC7} - C:\WINNT\lbbho.dll
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
    O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] wetwork.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - Startup: MTS DSL.lnk = C:\Program Files\MTS\EnterNet 300\app\EnterNet.exe
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2033030bde2f96a71e05/netzip/RdxIE2.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O23 - Service: Winkwb - Unknown - C:\WINNT\System32\Winkwb.exe (file missing)

    When done, delete the crap, whatever is left:
    C:\Program Files\eDonkey2000\ (anything in this DIR including the DIR itself)
    C:\Program Files\NewDotNet\ (anything in this DIR including the DIR itself)
    C:\Program Files\MTS\ (anything in this DIR including the DIR itself)
    C:\Program Files\Acceleration Software\ (anything in this DIR including the DIR itself)
    C:\WINNT\lbbho.dll
    C:\Program Files\Winamp\winampa.exe
    loadqm.exe (wherever it is)
    wetwork.exe (wherever it is)
    internat.exe (wherever it is)
    Userinit.exe (wherever it is)
    RealBlackStuff, Dec 31, 2004
    #2
Topic Status:
Not open for further replies.

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.