Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Please go easy on me, I am still learning.
Logfile of HijackThis v1.97.3
Scan saved at 10:27:25 PM, on 11/5/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.exe
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.exe
C:\WINDOWS\SYSTEM\WF2K.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.exe
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.exe
C:\WINDOWS\LOADQM.exe
C:\WINDOWS\MSMGT.exe
C:\WINDOWS\RUNDLL32.exe
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.exe
C:\PROGRAM FILES\AIM95\AIM.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe
C:\PROGRAM FILES\CENTURYTEL\FPTOOL.exe
C:\PROGRAM FILES\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.exe
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\SYSDOC32.exe
C:\PROGRAM FILES\CALLWAVE\IAM.exe
C:\PROGRAM FILES\NIKON\NKVIEW4\NKVWMON.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\WINDOWS\SYSTEM\HPZSTATX.exe
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://categories.mygeek.com/sidecat.jsp?p=98567&id=160106209206179157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://totalinternet.snap.com:8005/channel/search/0,11,totalinternet-0,00.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centurytel.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://totalinternet.snap.com:8005/channel/search/0,11,totalinternet-0,00.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://totalinternet.snap.com:8005/channel/search/0,11,totalinternet-0,00.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://totalinternet.snap.com:8005/channel/search/0,11,totalinternet-0,00.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://categories.mygeek.com/sidecat.jsp?p=98567&id=160106209206179157
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {F8A53FBE-5846-11D2-A022-006097D2400E} - C:\PROGRAM FILES\MINDMAKER\COMMON FILES\WINDOWS\IELINK.DLL
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_48.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-DFF7-EC6BF4D5FA7D} - C:\WINDOWS\GSIM.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.exe
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [WinFast_2K] C:\WINDOWS\SYSTEM\WF2K.exe
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\NORTON~2\DEFALERT.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NORTON~2\NAVAPW32.exe /LOADQUIET
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [Total Internet] C:\PROGRAM FILES\CENTURYTEL\FPTOOL.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.exe
O4 - Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Startup: Event Minder Reminders.lnk = C:\HALLMARK\EMREMIND.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Startup: Image.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\IMAGE32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/ACTXCAB.CAB
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/r/neutral/controls/MsnPUpld.cab?4,0,1323,0
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.exe
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://www110.coolsavings.com/download/cscmv5X.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://www.iwon.com/ct/pm2/iwonpm1,0,2,3.cab
hello
these are the only suspituse ones i saw theres probley more and you may want a second opinion on the ones i found. you could do a google on the ones i found to confirm there spy ware.R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://categories.mygeek.com/sidecat.jsp?p=98567&id=160106209206179157
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_48.dll
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
http://www110.coolsavings.com/download/cscmv5X.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://www.iwon.com/ct/pm2/iwonpm1,0,2,3.cab
0 
I saw your earlier post about ZoneAlarm.
You should also run Spybot Search & Destroy,
AdAware & Spywareblaster. The first two correct many problems, the third prevents them.Run them & if you have a problem then post the HT log.
Good luck!
0
wawadave, I have already looked at the NewDotNet and if I remember right this is a really complicated one to remove. There are a lot of these files. I guess I am just hoping for something to nuturalize it even if I can't safely remove them.
Will anything here mess up my computer if I let all of these programs do their thing with them? Or can I relax with the ones I have listed?
If someone wants to give me a second apinion on this post, I would be very thankful.
Thank you wawadave for taking a look.
0
sonnysandiego, I have the Ad-ware program and the Spybot program and the HiJackThis program, and ZoneAlarm firewall and now you say I need another program? What does this Spywareblaster do that the other ones don't do? I was questing if I even needed the Ad-ware program in another post earlier?
0
Spywareblaster prevents malware from being installed on your computer via ActiveX. You need ALL of them. Update & run them weekly. Or daily. None of them catch everything.
0
Tammy:
sonnysandiego is giving you good advice about SpywareBlaster. It runs on my PC every time I start up.
Another program to consider for prevention is SpywareGuard.
Solarian
sonnysandiego
0
Thanks to you all.I will give it a shot. I have one more question, won't this be a lot of items in my startup? Won't that slow my computer down? Or is this not important? I have gotten a couple of user errors on startup this morning and I don't know what the problem is and have had trouble staying connected to the internet for the last few days. I will make another post on this later today.
0
Spyware blaster does not use any resources. It just "turns off" certain known active x codes. Popup stopper is ok, but keeping your pc spyware free is the most important thing. I would bet that having various spyware installed uses more resources than all the programs being discussed.
You also might want to consider a different browser like Mozilla, that has anti-popup settings in the browser.
0
you will never notice the overhead of these programs. As efabes said, one spyware program can waste more resouce of every type than all of these combined use in a productive manner.
0
According to their .txt file this is how to remove their junk... Proceed with CAUTION!
PROCEDURE 1 (Add/Remove Programs):1. Click on Start.
2. Click on Settings.
3. Click on Control Panel.
4. From the Control Panel, double-click on Add/Remove Programs.
5. Click on the Install/Uninstall tab in the Add/Remove Programs
Properties window.
6. Locate either New.net Application or New.net Domains and select
it.
7. Click on the Add/Remove button.
8. After removal of our software, you may be prompted to reboot.
Please reboot after removing our software.
9. If this does not fully remove our software, please proceed to
PROCEDURE 2.PROCEDURE 2 (Uninstall from Hard Drive):
1. Double-click on My Computer.
2. Double-click on the C: drive.
3. Double-click on the Program Files folder.
4. Locate and double-click on the NewDotNet folder. If there is no
folder, please proceed to PROCEDURE 3.
5. Locate and double-click on the uninstall executable; it will
be labeled uninstallX_XX.exe. (“X” represents the version
number of the uninstaller)
6. After removal of our software, you may be prompted to reboot.
Please reboot after removing our software.
7. If this does not fully remove our software, please proceed to
PROCEDURE 3.PROCEDURE 3 (Locate Backup Copy of Uninstaller and Uninstall from
Hard Drive):1. Double-click on My Computer.
2. Double-click on the C: drive.
3. Double-click on the Windows or Winnt folder.
4. Locate and double-click on the uninstall executable; it will
be labeled NDNuninstallX_XX.exe. (“X” represents the version
number of the uninstaller)
5. After removal of our software, you may be prompted to reboot.
Please reboot after removing our software.
6. If this does not fully remove our software, please proceed to
PROCEDURE 4.PROCEDURE 4 (Download Uninstall from New.net):
1. From a computer that has Internet access, click on the
following link: http://www.new.net/support/uninstall5_48.exe
2. Download and save uninstall5_48.exe to a 3-½ floppy disk.
3. Insert the floppy disk into the floppy drive of the computer
that needs to have our software uninstalled from.
4. Click on Start.
5. Click on Run.
6. In the Open window, type A:\uninstall5_48.exe.
7. Click on the OK button.
8. After removal of our software, you may be prompted to reboot.
Please reboot after removing our software.If the above 4 procedures do not fully remove our software,
please contact New.net Customer Support at (626) 405-2000 or at
support@new.net.
4. AUTO-UPDATENewDotNet has a built in auto-update feature that automatically
checks New.net's servers periodically for newer versions. If a
new version is found, it is automatically downloaded and
installed with no need for interaction by the user.New.net respects the privacy of all its users and would never
transmit any personally identifiable information from any
computer. The ONLY Auto-Update information sent from NewDotNet
to New.net servers is the version number.
5. TROUBLESHOOTINGIf you are experiencing any difficulties with NewDotNet, please
contact New.net's Customer Support Department via e-mail at
support@new.net or you may contact them via phone at
(626) 405-2000.
6. KNOWN ISSUESThere are no known issues with the current version of NewDotNet.
7. FOR MORE INFORMATIONFor the latest version of NewDotNet and and more information,
visit http://www.new.net.
8. VERSION HISTORY
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
