IE Prob - HiJackThis and U can save me plzzzz

Status
Not open for further replies.
T

talrejaharish

Journeyman
my problem has been discussed and attempteeed at
*www.thinkdigit.com/forum/viewtopic.php?t=13430&highlight=

now i used the Hijack this software and got this log for my prob

i kinda know the problematic lines but cannot find a solution to it

plz see if u can help


this is my log

Code: 
Logfile of HijackThis v1.98.2
Scan saved at 11:04:41 PM, on 1/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\windows\Explorer.EXE
C:\windows\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\program files\gluz\saap.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = *www.zdnetindia.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = *red.clientapps.yahoo.com/customize/ycomp/defaults/su/**www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = *in.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_64.dll
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Indiatimes Toolbar - {8755877D-4952-441a-8AAB-841D479F07FE} - C:\PROGRA~1\INDIAT~1\COMBAR.DLL
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [saap] c:\program files\gluz\saap.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)



[b][quote]O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net[/quote][/b]



O14 - IERESET.INF: START_PAGE_URL=*www.zdnetindia.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - *go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - *v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093448642375
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - *us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://I:\Content\include\msSecUcd.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - *sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab


the problem lines are in quotes/after a 3 line space within the log file ... i cannot visit ne sites

hijack this cannot fix the problem of those lines and says that this is reason for net not workin .... visit n download lspfix.zip and try solving it....

i downloaded tat but cant understand how to run this program ...

help help help plz fast .... right now im using Linux Live CD to connect to the net :D

will soon be active in the open source section coz i love LINUX now .... but need windows too ... :( :(
 
T

theraven

Technomancer
am i blind .. or there really arent any quotes in there ?
anyways manually try and delete the exe files
and ur best bet is using adaware / spybot along with it

i saw ur problem thread too
dude seriously
just run a sfc /scannow
and /or a repair installation
 
OP
T

talrejaharish

Journeyman
sorry theraven

i have edited the post n made the problem lines clearer ... dunno y the quotes not showin

and i hav already done the sfc /scannow ...

wil try the repair thing now then
 
it_waaznt_me

it_waaznt_me

Coming back to life ..
talrejaharish said:
C:\program files\gluz\saap.exe <-- That is 180 Search Assistant file .. Spyware ..
Click to expand...
Okay .. You need to first uninstall New.Net from your computer .. It should also remove QuickSearchBar .. If it doesnt, you manually uninstall New.Net and QuickSearchBar from Add Remove Programs ..

[Edit] See this page too ..
Then post a fresh log ..

And btw ... The Quote tag doesnt work within Code tag ... :D
 
swatkat

swatkat

Technomancer
If u cant uninstall New.net from Add/Remove Programs, do this to manually remove New.net.......

1]Do a file search on newdot*.dll in your Windows and Program Files directories, including subfolders. If you have New.Net, you should find one (or even more) files that look like newdotnet2_29.dll. Each file you find is a version of New.Net. (No, it doesn't delete the old versions when new ones are installed.) Do not delete the files you find yet!

2]For each file, type in the Run dialog (i.e. click Start, Run and type the following):
rundll32 c:\[path to newdotnet_dll],NewDotNetUninstall (substitute each file you found for [path to newdotnet_dll]).

Issuing the command NewDotNetUninstall to the DLL makes it remove it's hook from the Winsock stack and stop itself from loading at system startup.

3]Delete the newdot*.dll files you found.

More info here



WinSocks are possibly corrupted by this New.net, and u cannot connect to internet , so as i mentioned in ur earlier thread , it's better to run LSPFix after the removal of New.Net.
*www.cexx.org/lspfix.htm



This HijackThis really rocks......... :wink:
 
OP
T

talrejaharish

Journeyman
hey thnx pppl ... i uninstalled that crappy new.net search internet domains from Add/Remove programs .. now no newdot*.dll files on my PC .... no quicksearch bar also

but net still not working :cry: :cry:

probably coz after this uninstalation it rebooted and then ... after i ran Hijack This ...

i found sum other stuff which Hijack scanned i thot were crappy/spyware n deleted/Fixed them

so ... this is my new Log File ... tel me if sumthin possible now or only a format n reinstall can help me ??? u can compare my previous n cureent Log files to see wat all is missing n tel me a soltuoin if there is one ...


here is the new HijackThis log file :

Logfile of HijackThis v1.98.2
Scan saved at 06:48:17 PM, on 1/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\windows\Explorer.EXE
C:\windows\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{819AF1EE-A31D-4AC9-91F9-118F8991255B}: NameServer = 202.58.134.67,202.88.101.57
Click to expand...
 
swatkat

swatkat

Technomancer
Nothing suspicious there....can u connect to internet using other browsers or not?if it's specific with IE, then download and run this IEFix.
*www.majorgeeks.com/download4467.html

Have u tried LSPFix and WinSockFixXP after removal of New.net?if not then u should run it....
 
D

daj123

Journeyman
once you get rid of all the spyware, download and install firefox. its much safer ;). Also install Ms.AntiSpyware scanner its really good.
 
OP
T

talrejaharish

Journeyman
hey i had tried lspfix after removing new.net

i had all these probs coz of MSN spyware remover beta ...

and now let me tel ull one thing ....

thanks a lot for all the help .... but i dint hav the patience adn time to wait as i had to do a lot of work on the net for my college proj ... so finally formatted and reinstalled my windwso

but thanks a lot ... learnt a lot bout IE socks n stuff ... new.net etc.

so thnx a lot :D :D :D

and now waitin for Fedora Core 3 .... will b installin tat by this weekend ... to avoid these windows probs ...

thnx again to all who replied :)

and gonna install kaspersky firewall and antivirus ....

bye
 
Status
Not open for further replies.
Top Bottom