Just in case

TrickyRic · #1 11-06-2004, 07:47 PM

I ran adaware, removed newdotnet, used xcleaner and now this system seems to be running well. However I want someone to look through the log and tell me if there is any spyware left please.Logfile of HijackThis v1.98.2
Scan saved at 8:59:17 AM, on 11/6/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMMSTASK.EXE
C:PROGRAM FILESGRISOFTAVG6AVGSERV9.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:PROGRAM FILESGRISOFTAVG6AVGCC32.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:WINDOWSDESKTOPHIJACKTHIS.EXE
C:WINDOW***PLORER.EXE

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ca/
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O4 - HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 - HKLM..Run: [TaskMonitor] C:WINDOWStaskmon.exe
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..Run: [AVG_CC] C:PROGRA~1GRISOFTAVG6avgcc32.exe /STARTUP
O4 - HKLM..Run: [New.net Startup] rundll32 C:PROGRAM FILESNEWDOTNETNEWDOTNET6_38.DLL,NewDotNetStartup -s
O4 - HKLM..Run: [P2P NETWORKING] C:WINDOWSSYSTEMP2P NETWORKINGP2P NETWORKING.EXE /AUTOSTART
O4 - HKLM..Run: [AltnetPointsManager] c

rogram filesaltnetpoints managerpoints manager.exe -s
O4 - HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..RunServices: [SchedulingAgent] C:WINDOWSSYSTEMmstask.exe
O4 - HKLM..RunServices: [Avgserv9.exe] C:PROGRA~1GRISOFTAVG6Avgserv9.exe
O9 - Extra button: GloPhone - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:WINDOWSAll UsersDesktopGlophone.lnk
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSYSTEMMSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSYSTEMMSJAVA.DLL
O10 - Broken Internet access because of LSP provider 'c

rogram filesnewdotnetnewdotnet6_38.dll' missing
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

*Mobo* · #2 11-06-2004, 07:56 PM

These need to go before calling the job done..

So first run http://www.spyware911.net/downloads/LSPFix.exe. Then rescan with hijack, insert a check next to each of the following, close all browser windows and click "fix checked"

R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

O4 - HKLM..Run: [P2P NETWORKING] C:WINDOWSSYSTEMP2P NETWORKINGP2P NETWORKING.EXE /AUTOSTART

O4 - HKLM..Run: [AltnetPointsManager] crogram filesaltnetpoints managerpoints manager.exe -s

O9 - Extra button: GloPhone - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:WINDOWSAll UsersDesktopGlophone.lnk

O10 - Broken Internet access because of LSP provider 'crogram filesnewdotnetnewdotnet6_38.dll' missing

Then reboot into safe mode and delete
C:WINDOWSSYSTEMP2P NETWORKING
c

rogram filesaltnet

TrickyRic · #3 11-06-2004, 08:05 PM

Here is the latest, I couldn't find newdotnet in lspfix but it seems gone in this log.

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMMSTASK.EXE
C:PROGRAM FILESGRISOFTAVG6AVGSERV9.EXE
C:WINDOW***PLORER.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:PROGRAM FILESGRISOFTAVG6AVGCC32.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:WINDOWSSYSTEMPSTORES.EXE
C:WINDOWSDESKTOPHIJACKTHIS.EXE

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ca/
O4 - HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 - HKLM..Run: [TaskMonitor] C:WINDOWStaskmon.exe
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..Run: [AVG_CC] C:PROGRA~1GRISOFTAVG6avgcc32.exe /STARTUP
O4 - HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..RunServices: [SchedulingAgent] C:WINDOWSSYSTEMmstask.exe
O4 - HKLM..RunServices: [Avgserv9.exe] C:PROGRA~1GRISOFTAVG6Avgserv9.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSYSTEMMSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSYSTEMMSJAVA.DLL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

*Mobo* · #4 11-06-2004, 08:09 PM

Thats clean now read this http://www.spyware911.net/forum/showthread...?s=&threadid=24 for help in the future

TrickyRic · #5 11-06-2004, 08:12 PM

Thanks my friend..[img]style_emoticons/<#EMO_DIR#>/biggrin.gif[/img]

*Mobo* · #6 11-06-2004, 08:16 PM

Anytime and glad to see ya again...

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Ex-AOL Worker Pleads Guilty in Spam Case	Mobo	The coffee shop	0	02-05-2005 08:37 PM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)