Matt Posted March 20, 2005 Report Share Posted March 20, 2005 Im not sure if I'm still infected with NewDotNet. I still have the uninstall files on my machine, and MS Anti-Spyware still finds it. Here's a link to the other thread with more information on this: http://www.besttechie.net/forums/index.php?showtopic=2030Here's my HiJackThis Log:Logfile of HijackThis v1.99.1Scan saved at 6:57:09 PM, on 3/20/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Google\ggviewer67-1.exeC:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\Program Files\Support.com\bin\tgcmd.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\Program Files\QUICKENW\QAGENT.EXEC:\WINDOWS\SM1BG.EXEC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Microsoft Office\Office\OSA.EXEC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exeC:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeC:\WINDOWS\system32\mrtMngr.EXEC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\iPod\bin\iPodService.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\mIRC\mirc.exeC:\Documents and Settings\Matthew Hodges\Desktop\protection\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.besttechie.net/forumsR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dllO3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exeO4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exeO4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray /deafO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktaskO4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXEO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXEO4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeO4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXEO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htmO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dllO12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dllO16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cabO16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cabO16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1269/ftp.../v6/brix6ie.cabO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exeO16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.com/client/setup.exeO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cabO16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cabO16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cabO16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecurecare.net/rnt/rnl/java/RntX.cabO16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cabO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dllO23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exeO23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeO23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeO23 - Service: IntelĀ® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeMatt Link to post Share on other sites
Besttechie Posted March 21, 2005 Report Share Posted March 21, 2005 Taken care of in chat. B Link to post Share on other sites
Recommended Posts