| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 45920 | 2004-06-07 06:22:00 | rogue dialer or not | luckysmum (1528) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 242550 | 2004-06-07 09:27:00 | Always a useful program to have and very small d/l. | zqwerty (97) | ||
| 242551 | 2004-06-07 09:31:00 | I just downloaded it. | luckysmum (1528) | ||
| 242552 | 2004-06-07 09:44:00 | Like I said don't delete anything until you know what you are doing. | zqwerty (97) | ||
| 242553 | 2004-06-07 09:48:00 | Good Luck luckysmum. | zqwerty (97) | ||
| 242554 | 2004-06-07 09:52:00 | Once again is it worth running now that everything is running ok. and thanks everybody | luckysmum (1528) | ||
| 242555 | 2004-06-07 10:26:00 | Well I guess not, but if you want to, then do so and post back here and I will see if there is anything I don't like the look of. | zqwerty (97) | ||
| 242556 | 2004-06-07 10:37:00 | Ok this is what I got StartupList report, 7/06/2004, 9:36:00 p.m. StartupList version: 1.52 Started from : C:\Documents and Settings\Owner\My Documents\HijackThis.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\windows\system\hpsysdrv.exe C:\Program Files\USB Storage RW\shwicon.exe C:\Windows\system32\HpSrvUI.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\HP\KBD\KBD.EXE C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\System32\S3tray2.exe c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\ICQPlus\vplus.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\SpywareGuard\sgmain.exe C:\WINDOWS\webshots.scr C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\System32\cidaemon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Owner\My Documents\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Owner\Start Menu\Programs\Startup] SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe Webshots.lnk = C:\Program Files\Webshots\Launcher.exe Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] hp psc 1000 series.lnk = ? hpoddt01.exe.lnk = ? MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run hpsysdrv = c:\windows\system\hpsysdrv.exe IgfxTray = C:\WINDOWS\System32\igfxtray.exe HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe KYE_Showicon = "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW" hp Silent Service = C:\Windows\system32\HpSrvUI.exe hpScannerFirstBoot = c:\hp\drivers\scanners\scannerfb.exe Share-to-Web Namespace Daemon = c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe CamMonitor = c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe KBD = C:\HP\KBD\KBD.EXE StorageGuard = "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r WCOLOREAL = "C:\Program Files\Coloreal\coloreal.exe" Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE nwiz = nwiz.exe /install PS2 = C:\WINDOWS\system32\ps2.exe mmtask = c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe Microsoft Works Update Detection = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe S3TRAY2 = S3tray2.exe updater = C:\Program Files\Common files\updater\wupdater.exe SAHBundle = C:\DOCUME~1\Owner\LOCALS~1\Temp\bundle.exe VTPreset = VTPreset.exe New.net Startup = rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup MyWebSearch Email Plugin = C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run PopUpStopperFreeEdition = "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" ICQ Plus = "C:\Program Files\ICQPlus\vplus.exe" MyWebSearch Email Plugin = C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\webshots.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - c:\Program Files\Microsoft Money\System\mnyside.dll - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} SpywareGuard Download Protection - C:\Program Files\SpywareGuard\dlprotect.dll - {4A368E80-174F-4872-96B5-0B27DDD11DB2} NavErrRedir Class - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872} (no name) - (no file) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -------------------------------------------------- Enumerating Task Scheduler jobs: FRU Task #Hewlett-Packard#hp psc 1200 series#1064873909.job Norton AntiVirus - Scan my computer.job Symantec NetDetect.job -------------------------------------------------- Enumerating Download Program Files: [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll CODEBASE = download.macromedia.com [MSSecurityAdvisor Class] InProcServer32 = C:\WINDOWS\System32\mssecadv.dll CODEBASE = download.microsoft.com [{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}] CODEBASE = ak.imgfarm.com [Symantec AntiVirus scanner] InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll CODEBASE = security.symantec.com [YInstStarter Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll CODEBASE = download.yahoo.com [WSDownloader Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\WSDOWN~1.OCX CODEBASE = www.webshots.com [Symantec RuFSI Registry Information Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll CODEBASE = security.symantec.com [ActiveDataInfo Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\SymAData.dll CODEBASE = www-secure.symantec.com [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx CODEBASE = fpdownload.macromedia.com [ActiveDataObj Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveData.dll CODEBASE = www-secure.symantec.com -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #4: C:\Program Files\NewDotNet\newdotnet6_22.dll Protocol #1: C:\Program Files\NewDotNet\newdotnet6_22(2)(2).dll Protocol #2: C:\Program Files\NewDotNet\newdotnet6_22(2)(2).dll Protocol #18: C:\Program Files\NewDotNet\newdotnet6_22(2)(2).dll Protocol #19: C:\Program Files\NewDotNet\newdotnet6_22(2)(2).dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 9,350 bytes Report generated in 0.453 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only |
luckysmum (1528) | ||
| 242557 | 2004-06-07 10:40:00 | I dont know what this netdotnet is it came up the other day and I ttried to delete it and it said i could not | luckysmum (1528) | ||
| 242558 | 2004-06-07 10:41:00 | sorry newdotnet | luckysmum (1528) | ||
| 242559 | 2004-06-07 10:49:00 | Yup and is probably your problem: What is SaveNow and/or New.Net? SaveNow is a add-on product distributed by Bearshare, DivX player, Imesh, and a few other downloadable programs. Its a product made by a company called WhenU. It tracks what websites a person visits and then pops up separate browser windows with targeted advertisements and special offers. It continuously is downloading updated information about new offers and collects a variety of information. Go here to read more: www.pchell.com Don't do anything hasty I don't think it is too serious. Gather information before attempting to purge it. |
zqwerty (97) | ||
| 1 2 3 4 5 6 | |||||