I Got Bad Bugs Help!!!!!

[Ronda L.]

Hi my name is Ronda Southernlady recommended you to me can you help me. I GOT BAD BULogfile of HijackThis v1.98.2
Scan saved at 12:22:17 AM, on 11/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOW***plorer.EXE
C:WINDOWSsystem32spoolsv.exe
c:PROGRA~1mcafee.comvsomcvsrte.exe
c:PROGRA~1mcafee.comvsomcshield.exe
C:windowssystemhpsysdrv.exe
C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe
C:Program FilesHewlett-PackardDigital ImagingUnloadhpqcmon.exe
C:HPKBDKBD.EXE
c:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnf.exe
C:WINDOWSSystem32RUNDLL32.exe
C:Program FilesWeb_RebatesWebRebates0.exe
C:WINDOWSSystem32rundll32.exe
C:PROGRA~1MYWEBS~1bar2.binmwsoemon.exe
C:PROGRA~1mcafee.comagentmcagent.exe
C:PROGRA~1McAfee.comAgentmcregwiz.exe
C:PROGRA~1mcafee.comvsomcvsshld.exe
C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe
crogra~1mcafee.comvsomcvsescn.exe
C:WINDOWSSystem32P2P NetworkingP2P Networking.exe
C:Program FilesCommon filesSearchUpgraderSearchUpgrader.exe
C:Program FilesCommon FilesCMEIICMESys.exe
C:Program FilesWeb_RebatesWebRebates1.exe
C:Program FilesAWSWeatherBugWeather.exe
C:Program FilesCommon FilesGMTGMT.exe
C:PROGRA~1Webshotswebshots.scr
crogra~1mcafee.comvsomcvsftsn.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesMSNMSNCoreFilesMSN6.EXE
C:Program FilesMSN Messengermsnmsgr.exe
C:Program FilesInternet Exploreriexplore.exe
Cocuments and SettingsOwner.YOUR-6JNHHU0520.000My DocumentsHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:Program FilesMyWebSearchSrchAstt2.binMWSSRCAS.DLL
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:PROGRA~1PERFEC~1BHOPERFEC~1.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:Program FilesMyWebSearchSrchAstt2.binMWSSRCAS.DLL
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:PROGRA~1PERFEC~1BHOPERFEC~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:PROGRA~1Yahoo!COMPAN~1Installscpn3ycomp5_5_7_0.d ll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:Program FilesMyWaymyBar1.binMYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:Program FilesMyWebSearchbar2.binMWSBAR.DLL
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:Program FilesZero KnowledgeFreedompkR.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:Program FilesNewDotNetnewdotnet6_38-1.dll
O2 - BHO: InstaFinder - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - C:WINDOWSDOWNLO~1instafin.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:Program FilesZero KnowledgeFreedomFreeBHOR.dll
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:Program FilesQuickSearchQuickSearchBar1_27.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:HPEXPLOREBARHPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:PROGRA~1Yahoo!COMPAN~1Installscpn3ycomp5_5_7_0.d ll
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:Program FilesQuickSearchQuickSearchBar1_27.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:Program FilesMyWebSearchbar2.binMWSBAR.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - crogra~1mcafee.comvsomcvsshl.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:Program FilesMyWaymyBar1.binMYBAR.DLL
O4 - HKLM..Run: [BlockTracker] c:hpbinBlockTracker.exe
O4 - HKLM..Run: [hpsysdrv] c:windowssystemhpsysdrv.exeGS LOTS OF THEM.

[Ronda L.]

O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSSystem32hkcmd.exe
O4 - HKLM..Run: [Share-to-Web Namespace Daemon] c:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe
O4 - HKLM..Run: [CamMonitor] c:Program FilesHewlett-PackardDigital ImagingUnloadhpqcmon.exe
O4 - HKLM..Run: [KBD] C:HPKBDKBD.EXE
O4 - HKLM..Run: [StorageGuard] "C:Program FilesVERITAS SoftwareUpdate Managersgtray.exe" /r
O4 - HKLM..Run: [AutoTBar] C:hpbinautotbar.exe
O4 - HKLM..Run: [Recguard] C:WINDOWSSMINSTRECGUARD.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM..Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM..Run: [Zero Knowledge Freedom] C:Program FilesZero KnowledgeFreedomAutoStarterR.exe
O4 - HKLM..Run: [PS2] C:WINDOWSsystem32ps2.exe
O4 - HKLM..Run: [VTPreset] VTPreset.exe
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb05.exe
O4 - HKLM..Run: [WildTangent CDA] RUNDLL32.exe "C:Program FilesWildTangentAppsCDAcdaEngine0400.dll",cdaEngin eMain
O4 - HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"
O4 - HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1bar2.binmwsoemon.exe
O4 - HKLM..Run: [MCUpdateExe] C:PROGRA~1mcafee.comagentMcUpdate.exe
O4 - HKLM..Run: [MCAgentExe] c:PROGRA~1mcafee.comagentmcagent.exe
O4 - HKLM..Run: [McRegWiz] C:PROGRA~1McAfee.comAgentmcregwiz.exe /autorun
O4 - HKLM..Run: [VSOCheckTask] "c:PROGRA~1mcafee.comvsomcmnhdlr.exe" /checktask
O4 - HKLM..Run: [VirusScan Online] "c:PROGRA~1mcafee.comvsomcvsshld.exe"
O4 - HKLM..Run: [MMTray] C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmm_tray.exe
O4 - HKLM..Run: [mmtask] C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe
O4 - HKLM..Run: [PrvDef3.0] C:Program FilesPrvDef3.0PrvDef3.0.exe
O4 - HKLM..Run: [DDCActiveMenu] "C:Program FilesWildTangentDDCActiveMenuDDCActiveMenu.exe" -boot
O4 - HKLM..Run: [P2P Networking] C:WINDOWSSystem32P2P NetworkingP2P Networking.exe /AUTOSTART
O4 - HKLM..Run: [SearchUpgrader] C:Program FilesCommon filesSearchUpgraderSearchUpgrader.exe
O4 - HKLM..Run: [CMESys] "C:Program FilesCommon FilesCMEIICMESys.exe"
O4 - HKCU..Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU..Run: [Yahoo! Pager] C:Program FilesYahoo!Messengerypager.exe -quiet
O4 - HKCU..Run: [AIM] C:Program FilesAIMaim.exe -cnetwait.odl
O4 - HKCU..Run: [Weather] C:Program FilesAWSWeatherBugWeather.exe 1
O4 - HKCU..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1bar2.binmwsoemon.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - Startup: MyWebSearch Email Plugin.lnk = C:Program FilesMyWebSearchbar2.binMWSOEMON.EXE
O4 - Startup: Webshots.lnk = C:Program FilesWebshotsLauncher.exe
O4 - Global Startup: GStartup.lnk = C:Program FilesCommon FilesGMTGMT.exe
O4 - Global Startup: hp center UI.lnk = C:Program Fileshp center137903ShadowShadowBar.exe
O4 - Global Startup: hp center.lnk = C:Program Fileshp center137903ProgramBackWeb-137903.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:Program FilesMyWebSearchbar2.binMWSOEMON.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:Program FilesQuickenbagent.exe
O8 - Extra context menu item: &AIM Search - res://C:Program FilesAIM ToolbarAIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html...?p=Z**dm069XXUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:Program FilesYahoo!Common/ycsrch.htm
O8 - Extra context menu item: Web Rebates - file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:Program FilesYahoo!Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:Program FilesYahoo!Common/ycdict.htm
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:Program FilesMarketBrowserlmtMarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:Program FilesMarketBrowserlmtMarketBrowser_Launch.xpy
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:Program FilesYahoo!Messengeryhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:Program FilesYahoo!Messengeryhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:PROGRA~1AWSWEATHE~1Weather.exe (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099502089484
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

Ronda L.

[southernlady]

Mobo, I 've already had her run Kazaabegone. Liz

[Ronda L.]

I ran Kazzabegone first did the deleting thing the only thing it could not get rid of was this:

Folder:[NEWDOTNET]C:Programfiles/NEWDOTNET

Then it said to restart my computer which I did and could not get on my internet at all had to restore to an earlier time to get back on line. so needless to say i still have the kazza stuff to still.
Thank's bunch's,
Ronda L.

[Mobo]

Wow you do have it bad there Rhonda..

First thing is to download lsp fix http://www.spyware911.net/downloads/WinsockxpFix.exe

then download this http://www.spyware911.net/downloads/newdot...20uninstall.exe. Open it and execute it to remove newdotnet..Then reboot again but in some instances some users will not be able to get back on the net so if that happens then open the winsockxp fix and run it..

Then Download Adaware Se from http://www.lavasoftusa.com/support/download/
In Ad-aware click the Gear to go to the Settings area.
The following items should be on a green check, not on a red X.
Under the Scanning button:Scan within archives
Under Memory & Registry, Check EVERYTHING
In Check Drives & Folders, make sure all of your hard drives are selected
Under the Advanced button, Check
Move deleted files to recycle bin
Include additional object information
Include negligible object information
Include environment information
Under the defaults button Set the homepage you wish to have set as default.
Under the tweak button
Some of these may not be an available option, depending on your version of Ad-aware and your version of Windows. Do not be concerned if you cannot select a certain item.

In Scanning Engine:Unload recognized processes during scanning
Include info about ignored objects in logfile, if detected in scan
Include basic Ad-aware settings in logfile
Include additional Ad-aware settings in logfile
Include used command line parameters in logfile
In Cleaning Engine: XP/2000: Allow unloading explorer to unload shell extensions prior to deletion
Let Windows remove files in use at next reboot
UNCHECK: Automatically try to unregister objects prior to deletion
Click Proceed to save these settings. When you would like to perform a "Full Scan," switch the scan mode from SmartScan to Custom


Reboot

Rescan with hijack and post another fresh log for me..

[southernlady]

Mobo, she's saying something about needing a credit card for these downloads???? Liz

[Mobo]

Thats not for my downloads. Its for the malware on her computer I assure you..Just have her rid newdotnet then rescan with hijack and post the log and Ill go from there.