NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  
February 13, 2012, 02:57:45 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: SMF - Just Installed!
 
   Home   Help Search Login Register  

razespyware driving me mad


AddThis Social Bookmark Button AddThis Feed Button
Pages: [1]
« previous next »
  Print  
Author Topic: razespyware driving me mad  (Read 3026 times)
roomer
Newbie
*
Posts: 3


View Profile
« on: January 15, 2006, 07:05:01 PM »
Hi
I seem to be having a common problem here I have got razespyware on my system, both on my desktop and the annoying popus warning me to do a system scan. I have tried both Xoftspy and smitRem and neither have worked, I have looked at the other posts so here is a print out from hijackthis

Please help !!!!

Logfile of HijackThis v1.99.1
Scan saved at 02:53:34 AM, on 2006/01/16
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\shell386.exe
C:\unzipped\hijackthis\HijackThis.exe
C:\WINDOWS\System32\mswinb32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/access/allinone.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Absa
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 213.159.118.228 collections.inhost.info
O1 - Hosts: 213.159.118.228 collections.inhost2.info
O1 - Hosts: 213.159.118.228 1-se.com
O1 - Hosts: 213.159.118.228 58q.com
O1 - Hosts: 213.159.118.228 aifind.cc
O1 - Hosts: 213.159.118.228 aifind.info
O1 - Hosts: 213.159.118.228 allneedsearch.com
O1 - Hosts: 213.159.118.228 approvedlinks.com
O1 - Hosts: 213.159.118.228 auto.ie.searchforge.com
O1 - Hosts: 213.159.118.228 awebfind.biz
O1 - Hosts: 213.159.118.228 best.royalsearch.net
O1 - Hosts: 213.159.118.228 cracks.am
O1 - Hosts: 213.159.118.228 default-homepage-network.com
O1 - Hosts: 213.159.118.228 find.microgirls.com
O1 - Hosts: 213.159.118.228 find4u.net
O1 - Hosts: 213.159.118.228 freshvideogals.com
O1 - Hosts: 213.159.118.228 i-lookup.com
O1 - Hosts: 213.159.118.228 ie-search.com
O1 - Hosts: 213.159.118.228 in.webcounter.cc
O1 - Hosts: 213.159.118.228 itseasy.us
O1 - Hosts: 213.159.118.228 just.find-itnow.com
O1 - Hosts: 213.159.118.228 link.startmake.com
O1 - Hosts: 213.159.118.228 mysearchnow.com
O1 - Hosts: 213.159.118.228 nativehardcore.com
O1 - Hosts: 213.159.118.228 qwertysearch123.biz
O1 - Hosts: 213.159.118.228 search.ieplugin.com
O1 - Hosts: 213.159.118.228 search.psn.cn
O1 - Hosts: 213.159.118.228 searchbar.findthewebsiteyouneed.com
O1 - Hosts: 213.159.118.228 searchcentrix.com
O1 - Hosts: 213.159.118.228 searchmyrequest.com
O1 - Hosts: 213.159.118.228 super-spider.com
O1 - Hosts: 213.159.118.228 t.rack.cc
O1 - Hosts: 213.159.118.228 teen-biz.com
O1 - Hosts: 213.159.118.228 teenhqpics.com
O1 - Hosts: 213.159.118.228 tits.hardcore4ever.net
O1 - Hosts: 213.159.118.228 webcoolsearch.com
O1 - Hosts: 213.159.118.228 wmmse.com
O1 - Hosts: 213.159.118.228 www.008i.com
O1 - Hosts: 213.159.118.228 www.2fastsearch.net
O1 - Hosts: 213.159.118.228 www.8095.com
O1 - Hosts: 213.159.118.228 www.alfa-search.com
O1 - Hosts: 213.159.118.228 www.boredlife.com
O1 - Hosts: 213.159.118.228 www.couldnotfind.com
O1 - Hosts: 213.159.118.228 www.cracks.am
O1 - Hosts: 213.159.118.228 www.daum.net
O1 - Hosts: 213.159.118.228 www.dreamwiz.com
O1 - Hosts: 213.159.118.228 www.find-itnow.com
O1 - Hosts: 213.159.118.228 www.find-itnow.com
O1 - Hosts: 213.159.118.228 www.find4u.net
O1 - Hosts: 213.159.118.228 www.firstbookmark.com
O1 - Hosts: 213.159.118.228 www.gajai.com
O1 - Hosts: 213.159.118.228 www.hand-book.com
O1 - Hosts: 213.159.118.228 www.hao123.com
O1 - Hosts: 213.159.118.228 www.hotsearchbox.com
O1 - Hosts: 213.159.118.228 www.hotwebsearch.com
O1 - Hosts: 213.159.118.228 www.hugesearch.net
O1 - Hosts: 213.159.118.228 www.iquicksearch.com
O1 - Hosts: 213.159.118.228 www.lookfor.cc
O1 - Hosts: 213.159.118.228 www.maxxxhosters.com
O1 - Hosts: 213.159.118.228 www.naver.com
O1 - Hosts: 213.159.118.228 www.nkvd.us
O1 - Hosts: 213.159.118.228 www.novafuck.com
O1 - Hosts: 213.159.118.228 www.ohcorea.com
O1 - Hosts: 213.159.118.228 www.omega-search.com
O1 - Hosts: 213.159.118.228 www.onet.pl
O1 - Hosts: 213.159.118.228 www.power-search.info
O1 - Hosts: 213.159.118.228 www.rightfinder.net
O1 - Hosts: 213.159.118.228 www.search-1.net
O1 - Hosts: 213.159.118.228 www.search-and-go.com
O1 - Hosts: 213.159.118.228 www.search-dot.com
O1 - Hosts: 213.159.118.228 www.search-space.com
O1 - Hosts: 213.159.118.228 www.searchforge.com
O1 - Hosts: 213.159.118.228 www.searching-the-net.com
O1 - Hosts: 213.159.118.228 www.searchv.com
O1 - Hosts: 213.159.118.228 www.searchxl.com
O1 - Hosts: 213.159.118.228 www.seznam.cz
O1 - Hosts: 213.159.118.228 www.slotch.com
O1 - Hosts: 213.159.118.228 www.spidersearch.com
O1 - Hosts: 213.159.118.228 www.startium.com
O1 - Hosts: 213.159.118.228 www.therealsearch.com
O1 - Hosts: 213.159.118.228 www.ttjj.com
O1 - Hosts: 213.159.118.228 www.viewpornkey.com
O1 - Hosts: 213.159.118.228 www.wazzupnet.com
O1 - Hosts: 213.159.118.228 www.websearch.com
O1 - Hosts: 213.159.118.228 www.windowws.cc
O1 - Hosts: 213.159.118.228 www.xgmm.com
O1 - Hosts: 213.159.118.228 xwebsearch.biz
O1 - Hosts: 213.159.118.228 yourbookmarks.ws
O2 - BHO: NavErrRedir Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {04971855-78DC-4D28-B950-0033F6AEC5AE} - C:\WINDOWS\System32\ijifo.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_90.dll
O2 - BHO: winapi32.MyBHO - {7A533235-A128-434B-9F8A-9300A544D191} - C:\WINDOWS\System32\winapi32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F195A1A9-4033-4E5B-B85C-848C3E31A83A} - c:\syslibie.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {D6B731D2-A6B0-4F41-B797-472723154C3D} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D6B731D2-A6B0-4F41-B797-472723154C3D} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {D6B731D2-A6B0-4F41-B797-472723154C3D} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D6B731D2-A6B0-4F41-B797-472723154C3D} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEC759B3-BFB1-4AA6-AA79-31B6202DEB95}: NameServer = 168.210.2.2 196.14.239.2
Logged
GTO
Global Moderator
Newbie
*****
Posts: 1519



View Profile
« Reply #1 on: January 17, 2006, 09:56:12 AM »
Hi, roomer. Welcome to 2-Spyware.com forums!

Users can post their HijackThis logs only in the HijackThis log analysis section, unless they were asked by the forum experts to do so in different forum sections. Your log will be moved to a more appropriate section.
Logged
GTO
Global Moderator
Newbie
*****
Posts: 1519



View Profile
« Reply #2 on: January 18, 2006, 05:34:26 AM »
Sorry for the delay :roll:. Your system is badly infected with malicious parasites. Please follow these steps in order to get rid of them:

1. Download the LSP-fix utility and the WinsockXPFix fix. You will need them later. Also download the KillBox tool.

2. Use HijackThis to fix the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 213.159.118.228 collections.inhost.info
O1 - Hosts: 213.159.118.228 collections.inhost2.info
O1 - Hosts: 213.159.118.228 1-se.com
O1 - Hosts: 213.159.118.228 58q.com
O1 - Hosts: 213.159.118.228 aifind.cc
O1 - Hosts: 213.159.118.228 aifind.info
O1 - Hosts: 213.159.118.228 allneedsearch.com
O1 - Hosts: 213.159.118.228 approvedlinks.com
O1 - Hosts: 213.159.118.228 auto.ie.searchforge.com
O1 - Hosts: 213.159.118.228 awebfind.biz
O1 - Hosts: 213.159.118.228 best.royalsearch.net
O1 - Hosts: 213.159.118.228 cracks.am
O1 - Hosts: 213.159.118.228 default-homepage-network.com
O1 - Hosts: 213.159.118.228 find.microgirls.com
O1 - Hosts: 213.159.118.228 find4u.net
O1 - Hosts: 213.159.118.228 freshvideogals.com
O1 - Hosts: 213.159.118.228 i-lookup.com
O1 - Hosts: 213.159.118.228 ie-search.com
O1 - Hosts: 213.159.118.228 in.webcounter.cc
O1 - Hosts: 213.159.118.228 itseasy.us
O1 - Hosts: 213.159.118.228 just.find-itnow.com
O1 - Hosts: 213.159.118.228 link.startmake.com
O1 - Hosts: 213.159.118.228 mysearchnow.com
O1 - Hosts: 213.159.118.228 nativehardcore.com
O1 - Hosts: 213.159.118.228 qwertysearch123.biz
O1 - Hosts: 213.159.118.228 search.ieplugin.com
O1 - Hosts: 213.159.118.228 search.psn.cn
O1 - Hosts: 213.159.118.228 searchbar.findthewebsiteyouneed.com
O1 - Hosts: 213.159.118.228 searchcentrix.com
O1 - Hosts: 213.159.118.228 searchmyrequest.com
O1 - Hosts: 213.159.118.228 super-spider.com
O1 - Hosts: 213.159.118.228 t.rack.cc
O1 - Hosts: 213.159.118.228 teen-biz.com
O1 - Hosts: 213.159.118.228 teenhqpics.com
O1 - Hosts: 213.159.118.228 tits.hardcore4ever.net
O1 - Hosts: 213.159.118.228 webcoolsearch.com
O1 - Hosts: 213.159.118.228 wmmse.com
O1 - Hosts: 213.159.118.228 www.008i.com
O1 - Hosts: 213.159.118.228 www.2fastsearch.net
O1 - Hosts: 213.159.118.228 www.8095.com
O1 - Hosts: 213.159.118.228 www.alfa-search.com
O1 - Hosts: 213.159.118.228 www.boredlife.com
O1 - Hosts: 213.159.118.228 www.couldnotfind.com
O1 - Hosts: 213.159.118.228 www.cracks.am
O1 - Hosts: 213.159.118.228 www.daum.net
O1 - Hosts: 213.159.118.228 www.dreamwiz.com
O1 - Hosts: 213.159.118.228 www.find-itnow.com
O1 - Hosts: 213.159.118.228 www.find-itnow.com
O1 - Hosts: 213.159.118.228 www.find4u.net
O1 - Hosts: 213.159.118.228 www.firstbookmark.com
O1 - Hosts: 213.159.118.228 www.gajai.com
O1 - Hosts: 213.159.118.228 www.hand-book.com
O1 - Hosts: 213.159.118.228 www.hao123.com
O1 - Hosts: 213.159.118.228 www.hotsearchbox.com
O1 - Hosts: 213.159.118.228 www.hotwebsearch.com
O1 - Hosts: 213.159.118.228 www.hugesearch.net
O1 - Hosts: 213.159.118.228 www.iquicksearch.com
O1 - Hosts: 213.159.118.228 www.lookfor.cc
O1 - Hosts: 213.159.118.228 www.maxxxhosters.com
O1 - Hosts: 213.159.118.228 www.naver.com
O1 - Hosts: 213.159.118.228 www.nkvd.us
O1 - Hosts: 213.159.118.228 www.novafuck.com
O1 - Hosts: 213.159.118.228 www.ohcorea.com
O1 - Hosts: 213.159.118.228 www.omega-search.com
O1 - Hosts: 213.159.118.228 www.onet.pl
O1 - Hosts: 213.159.118.228 www.power-search.info
O1 - Hosts: 213.159.118.228 www.rightfinder.net
O1 - Hosts: 213.159.118.228 www.search-1.net
O1 - Hosts: 213.159.118.228 www.search-and-go.com
O1 - Hosts: 213.159.118.228 www.search-dot.com
O1 - Hosts: 213.159.118.228 www.search-space.com
O1 - Hosts: 213.159.118.228 www.searchforge.com
O1 - Hosts: 213.159.118.228 www.searching-the-net.com
O1 - Hosts: 213.159.118.228 www.searchv.com
O1 - Hosts: 213.159.118.228 www.searchxl.com
O1 - Hosts: 213.159.118.228 www.seznam.cz
O1 - Hosts: 213.159.118.228 www.slotch.com
O1 - Hosts: 213.159.118.228 www.spidersearch.com
O1 - Hosts: 213.159.118.228 www.startium.com
O1 - Hosts: 213.159.118.228 www.therealsearch.com
O1 - Hosts: 213.159.118.228 www.ttjj.com
O1 - Hosts: 213.159.118.228 www.viewpornkey.com
O1 - Hosts: 213.159.118.228 www.wazzupnet.com
O1 - Hosts: 213.159.118.228 www.websearch.com
O1 - Hosts: 213.159.118.228 www.windowws.cc
O1 - Hosts: 213.159.118.228 www.xgmm.com
O1 - Hosts: 213.159.118.228 xwebsearch.biz
O1 - Hosts: 213.159.118.228 yourbookmarks.ws
O2 - BHO: NavErrRedir Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {04971855-78DC-4D28-B950-0033F6AEC5AE} - C:\WINDOWS\System32\ijifo.dll (file missing)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_90.dll
O2 - BHO: winapi32.MyBHO - {7A533235-A128-434B-9F8A-9300A544D191} - C:\WINDOWS\System32\winapi32.dll
O2 - BHO: (no name) - {F195A1A9-4033-4E5B-B85C-848C3E31A83A} - c:\syslibie.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {D6B731D2-A6B0-4F41-B797-472723154C3D} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D6B731D2-A6B0-4F41-B797-472723154C3D} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {D6B731D2-A6B0-4F41-B797-472723154C3D} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D6B731D2-A6B0-4F41-B797-472723154C3D} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)

3. Now reboot your system into Safe Mode. This step is very important!

4. Delete the following files:
C:\WINDOWS\System32\shell386.exe
C:\WINDOWS\System32\mswinb32.exe
C:\WINDOWS\System32\winapi32.dll
C:\Program Files\NewDotNet\newdotnet6_90.dll
C:\WINDOWS\SYSTEM\blank.htm

Delete the entire C:\Program Files\NewDotNet directory.

You may need to use KillBox to delete some of above files.

5. Now restart your computer. If you cannot connect on the Internet, run one of these tools (you have downloaded them earlier): LSP-Fix, WinsockXPFix. This should repair your system and allow it to access the Internet.

6. Run another HijackThis scan and post a fresh log here.


P.S. Your system is outdated! Please download and install Service Pack 2 for Microsoft Windows XP and Service Pack 2 for Microsoft Internet Explorer. You will also have to apply all latest patches and updates.
Logged
roomer
Newbie
*
Posts: 3


View Profile
« Reply #3 on: January 18, 2006, 02:31:57 PM »
Hi
Thank you for all the help
I followed all yuor steps the spyware seems to be gone, But I have run in to a couple of problems
1) The tool bar at the bottom of the screen with the start button does not respond only at all
2) when I start my system SVCHOST is in the Task manager 4 times and using most of the memory

Here is a the new log from HijackThis

Thanks Again

Logfile of HijackThis v1.99.1
Scan saved at 10:05:02 PM, on 2006/01/18
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/access/allinone.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Absa
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F195A1A9-4033-4E5B-B85C-848C3E31A83A} - c:\syslibie.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEC759B3-BFB1-4AA6-AA79-31B6202DEB95}: NameServer = 168.210.2.2 196.14.239.2
Logged
GTO
Global Moderator
Newbie
*****
Posts: 1519



View Profile
« Reply #4 on: January 19, 2006, 01:12:13 AM »
Your log is clean now.

This is the only entry you have to fix:
O2 - BHO: (no name) - {F195A1A9-4033-4E5B-B85C-848C3E31A83A} - c:\syslibie.dll (file missing)
It is not malicious, but simply is not used anymore.


As for the freezing toolbar, try terminating and restarting the explorer.exe process. You have to use the Task Manager for this. See if it works.

The svchost.exe process is a legitimate and very important system task. Do not terminate it, unless it is in a different location than normally (C:\WINDOWS\System32 is default for your sytem). I see only 2 instances of svchost.exe in your log. It could be that you have killed few processes and this has corrupted your toolbar. Let svchost.exe run. A regular computer often has more than 5-7 instances of svchost.exe running.
Logged
roomer
Newbie
*
Posts: 3


View Profile
« Reply #5 on: January 19, 2006, 07:23:58 AM »
Thanks again
I have tried ending explorer in the task manager and resarting it, it works for a few seconds than freezes again.

Thanks for the advise
Logged
GTO
Global Moderator
Newbie
*****
Posts: 1519



View Profile
« Reply #6 on: January 20, 2006, 12:40:51 AM »
Some of your system files may be damaged or missing. Please use the Windows File Checker to find this  out and repair your setup. Please follow these steps:

1. Click on the Start button and launch the Run... tool. Type in cmd.exe and press enter.

2. Invoke the command sfc /SCANNOW. This will check important system files and restore the corrupted or missing ones. Please note that you need to have the Windows XP installation CD for this.
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to:  




Recommended software:
STOPzilla
(90/100)
STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses,...
Malwarebytes Anti Malware
(88/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t...
Spyware Doctor
(87/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and...
SpyHunter
(86/100)
SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are...
XoftSpySE Anti Spyware
(84/100)
XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to...
Encyclopedia of parasites:

Spreading the knowledge:

It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.
add text box
rss feed
help other
Latest Spyware Threats: Internet Security 2012 | Win 7 Total security 2012 | System Check | Win 7 Internet Security 2012 | Win 7 Home Security 2012 | Win 7 Antivirus 2012 | Win 7 Antispyware 2012 | Vista Security 2012 | Vista Antivirus 2012 | Vista Antispyware 2012 | XP Antispyware 2012 | XP Antivirus 2012 | XP Security 2012 | XP Home Security 2012 | Security Shield
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2011 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.