| | |
DNS error - please advise on HiJack log
![]() |
•
•
Join Date: Aug 2004
Posts: 3
Reputation:
Solved Threads: 0
Hello-
Here's the HiJack log, I would appreciate advise.
Thanks
Logfile of HijackThis v1.98.2
Scan saved at 7:36:32 AM, on 8/20/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\SYSTEM\CAPP.EXE
C:\WINDOWS\SYSTEM\SAHAGENT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\TECH\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\SYSTEM\CDNIEHLP.DLL
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\WINDOWS\DESKTOP\HOWARD\DOWNLOADS\MP\POP-UP STOPPER PRO\CCHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: FavoriteMan Class - {139D88E5-C372-469D-B4C5-1FE00852AB9B} - C:\WINDOWS\SYSTEM\FAVORITE.DLL
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAM FILES\DAP\DAPBHO.DLL
O2 - BHO: IPInsigtObj Class - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINDOWS\SYSTEM\IPINSIGT.DLL
O2 - BHO: BHO.clsUrlSearch - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\SYSTEM\BHO001.DLL
O2 - BHO: BHO.clsUrlSearch - {730F2451-A3FE-4A72-938C-FC8A74F15978} - C:\WINDOWS\SYSTEM\BHO.DLL
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O2 - BHO: GSIM - {4E7BD74F-2B8D-469E-DFF7-EC6BF4D5FA7D} - C:\WINDOWS\GSIM.DLL
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_30.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\WINDOWS\DESKTOP\HOWARD\DOWNLOADS\MP\POP-UP STOPPER PRO\POPUPPRO.DLL
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL
O3 - Toolbar: (no name) - {518779A5-BF8B-4A10-82FB-F408F8EA06C8} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [CApp] C:\WINDOWS\SYSTEM\capp.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe C:\PROGRA~1\AIM95\DeadAIM.ocm,ExportedCheckODLs
O4 - HKLM\..\Run: [Go!Zilla dial-up fix] "C:\WINDOWS\DESKTOP\HOWARD\DOWNLOADS\MP\GO!ZILLA\GO.EXE" /FIXRAS
O4 - HKLM\..\Run: [Soundmx] C:\WINDOWS\SYSTEM\soundmx.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\SYSTEM\SahAgent.exe
O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [MpsOn] C:\WINDOWS\SYSTEM\MpsOn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O8 - Extra context menu item: Download with Go!Zilla - file://C:\WINDOWS\DESKTOP\HOWARD\DOWNLOADS\MP\GO!ZILLA\download-with-gozilla.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: PowerWord - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\PROGRA~1\KINGSOFT\XDICT\IEPLUGIN.DLL
O9 - Extra button: Joyo - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\PROGRA~1\KINGSOFT\XDICT\IEPLUGIN.DLL
O9 - Extra button: ¤¤¤å°ì¦W - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\SYSTEM\CDNIEHLP.DLL
O9 - Extra 'Tools' menuitem: ¤¤¤å°ì¦W - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\SYSTEM\CDNIEHLP.DLL
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_22.dll' missing
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/in....30/Hiwire.cab
O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} (CNNIC_IDN) - http://cdn2.cnnic.cn/ad/china/cdn.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 4.2.2.1
O18 - Protocol hijack: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}
Here's the HiJack log, I would appreciate advise.
Thanks
Logfile of HijackThis v1.98.2
Scan saved at 7:36:32 AM, on 8/20/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\SYSTEM\CAPP.EXE
C:\WINDOWS\SYSTEM\SAHAGENT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\TECH\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\SYSTEM\CDNIEHLP.DLL
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\WINDOWS\DESKTOP\HOWARD\DOWNLOADS\MP\POP-UP STOPPER PRO\CCHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: FavoriteMan Class - {139D88E5-C372-469D-B4C5-1FE00852AB9B} - C:\WINDOWS\SYSTEM\FAVORITE.DLL
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAM FILES\DAP\DAPBHO.DLL
O2 - BHO: IPInsigtObj Class - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINDOWS\SYSTEM\IPINSIGT.DLL
O2 - BHO: BHO.clsUrlSearch - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\SYSTEM\BHO001.DLL
O2 - BHO: BHO.clsUrlSearch - {730F2451-A3FE-4A72-938C-FC8A74F15978} - C:\WINDOWS\SYSTEM\BHO.DLL
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O2 - BHO: GSIM - {4E7BD74F-2B8D-469E-DFF7-EC6BF4D5FA7D} - C:\WINDOWS\GSIM.DLL
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_30.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\WINDOWS\DESKTOP\HOWARD\DOWNLOADS\MP\POP-UP STOPPER PRO\POPUPPRO.DLL
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL
O3 - Toolbar: (no name) - {518779A5-BF8B-4A10-82FB-F408F8EA06C8} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [CApp] C:\WINDOWS\SYSTEM\capp.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe C:\PROGRA~1\AIM95\DeadAIM.ocm,ExportedCheckODLs
O4 - HKLM\..\Run: [Go!Zilla dial-up fix] "C:\WINDOWS\DESKTOP\HOWARD\DOWNLOADS\MP\GO!ZILLA\GO.EXE" /FIXRAS
O4 - HKLM\..\Run: [Soundmx] C:\WINDOWS\SYSTEM\soundmx.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\SYSTEM\SahAgent.exe
O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [MpsOn] C:\WINDOWS\SYSTEM\MpsOn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O8 - Extra context menu item: Download with Go!Zilla - file://C:\WINDOWS\DESKTOP\HOWARD\DOWNLOADS\MP\GO!ZILLA\download-with-gozilla.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: PowerWord - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\PROGRA~1\KINGSOFT\XDICT\IEPLUGIN.DLL
O9 - Extra button: Joyo - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\PROGRA~1\KINGSOFT\XDICT\IEPLUGIN.DLL
O9 - Extra button: ¤¤¤å°ì¦W - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\SYSTEM\CDNIEHLP.DLL
O9 - Extra 'Tools' menuitem: ¤¤¤å°ì¦W - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\SYSTEM\CDNIEHLP.DLL
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_22.dll' missing
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/in....30/Hiwire.cab
O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} (CNNIC_IDN) - http://cdn2.cnnic.cn/ad/china/cdn.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 4.2.2.1
O18 - Protocol hijack: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}
OK,
Due to the " O10 - Broken Internet access..." entry in your log, you should download and run the latest version of SpyBot Search & Destroy (the link is in my sig below). Having HJT "fix" the 010 entries can break your networking, but SpyBot should be able to fix the problem. SpyBot will also find and fix a lot of the other nasties on your system. You should also download and run Ad Aware; it will probably catch some spyware that SpyBot missed.
So- here's the drill once you've gotten SpyBot and Ad Aware:
1. Open Ad Aware and configure it as follows:
- click the "Check for updates now" option on the main startup page; follow the prompts to install the most current reference file.
- Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.
Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.
Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
activate "IN-DEPTH scanning"
Close the program
2. Open SpyBot and get the latest updates for it by clicking the "Search for updates" option. Once it finishes updating, close the program.
3. Delete the contents of all Cookies, Temporary Internet Files, and Temp folders, and empty your Recycle Bin.
4. Reboot into Safe Mode. You do this by hitting the F8 key as the computer is booting.
5. Run SpyBot; have it fix everything it finds.
6. Reboot into safe mode again.
7. Run Ad Aware. Once it finishes its scan, select all of the items it finds and have Ad Aware delete them.
8 Reboot normally, run HJT again, and post a fresh log.
Due to the " O10 - Broken Internet access..." entry in your log, you should download and run the latest version of SpyBot Search & Destroy (the link is in my sig below). Having HJT "fix" the 010 entries can break your networking, but SpyBot should be able to fix the problem. SpyBot will also find and fix a lot of the other nasties on your system. You should also download and run Ad Aware; it will probably catch some spyware that SpyBot missed.
So- here's the drill once you've gotten SpyBot and Ad Aware:
1. Open Ad Aware and configure it as follows:
- click the "Check for updates now" option on the main startup page; follow the prompts to install the most current reference file.
- Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.
Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.
Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
activate "IN-DEPTH scanning"
Close the program
2. Open SpyBot and get the latest updates for it by clicking the "Search for updates" option. Once it finishes updating, close the program.
3. Delete the contents of all Cookies, Temporary Internet Files, and Temp folders, and empty your Recycle Bin.
4. Reboot into Safe Mode. You do this by hitting the F8 key as the computer is booting.
5. Run SpyBot; have it fix everything it finds.
6. Reboot into safe mode again.
7. Run Ad Aware. Once it finishes its scan, select all of the items it finds and have Ad Aware delete them.
8 Reboot normally, run HJT again, and post a fresh log.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
•
•
Join Date: Aug 2004
Posts: 3
Reputation:
Solved Threads: 0
Hello DMR-
Thank you for your reply.
I did everything you have suggested, here is the last log.
I am still unable to browse.
Logfile of HijackThis v1.98.2
Scan saved at 6:25:33 AM, on 8/23/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\TECH\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\SYSTEM\CDNIEHLP.DLL
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\WINDOWS\DESKTOP\HOWARD\DOWNLOADS\MP\POP-UP STOPPER PRO\CCHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\WINDOWS\DESKTOP\HOWARD\DOWNLOADS\MP\POP-UP STOPPER PRO\POPUPPRO.DLL
O3 - Toolbar: (no name) - {518779A5-BF8B-4A10-82FB-F408F8EA06C8} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe C:\PROGRA~1\AIM95\DeadAIM.ocm,ExportedCheckODLs
O4 - HKLM\..\Run: [Go!Zilla dial-up fix] "C:\WINDOWS\DESKTOP\HOWARD\DOWNLOADS\MP\GO!ZILLA\GO.EXE" /FIXRAS
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [MpsOn] C:\WINDOWS\SYSTEM\MpsOn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O8 - Extra context menu item: Download with Go!Zilla - file://C:\WINDOWS\DESKTOP\HOWARD\DOWNLOADS\MP\GO!ZILLA\download-with-gozilla.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: PowerWord - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\PROGRA~1\KINGSOFT\XDICT\IEPLUGIN.DLL
O9 - Extra button: Joyo - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\PROGRA~1\KINGSOFT\XDICT\IEPLUGIN.DLL
O9 - Extra button: ¤¤¤å°ì¦W - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\SYSTEM\CDNIEHLP.DLL
O9 - Extra 'Tools' menuitem: ¤¤¤å°ì¦W - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\SYSTEM\CDNIEHLP.DLL
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_22.dll' missing
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} (CNNIC_IDN) - http://cdn2.cnnic.cn/ad/china/cdn.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 4.2.2.1
Thank you for your reply.
I did everything you have suggested, here is the last log.
I am still unable to browse.
Logfile of HijackThis v1.98.2
Scan saved at 6:25:33 AM, on 8/23/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\TECH\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\SYSTEM\CDNIEHLP.DLL
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\WINDOWS\DESKTOP\HOWARD\DOWNLOADS\MP\POP-UP STOPPER PRO\CCHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\WINDOWS\DESKTOP\HOWARD\DOWNLOADS\MP\POP-UP STOPPER PRO\POPUPPRO.DLL
O3 - Toolbar: (no name) - {518779A5-BF8B-4A10-82FB-F408F8EA06C8} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe C:\PROGRA~1\AIM95\DeadAIM.ocm,ExportedCheckODLs
O4 - HKLM\..\Run: [Go!Zilla dial-up fix] "C:\WINDOWS\DESKTOP\HOWARD\DOWNLOADS\MP\GO!ZILLA\GO.EXE" /FIXRAS
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [MpsOn] C:\WINDOWS\SYSTEM\MpsOn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O8 - Extra context menu item: Download with Go!Zilla - file://C:\WINDOWS\DESKTOP\HOWARD\DOWNLOADS\MP\GO!ZILLA\download-with-gozilla.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: PowerWord - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\PROGRA~1\KINGSOFT\XDICT\IEPLUGIN.DLL
O9 - Extra button: Joyo - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\PROGRA~1\KINGSOFT\XDICT\IEPLUGIN.DLL
O9 - Extra button: ¤¤¤å°ì¦W - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\SYSTEM\CDNIEHLP.DLL
O9 - Extra 'Tools' menuitem: ¤¤¤å°ì¦W - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\SYSTEM\CDNIEHLP.DLL
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_22.dll' missing
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} (CNNIC_IDN) - http://cdn2.cnnic.cn/ad/china/cdn.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 4.2.2.1
OK-
It looks like SpyBot wasn't able to fix your "010" error, which is why you can't browse. The newdotnet infection has mangled a portion of your system's networking software; the TCP/IP software will either need to be repaired or reinstalled.
Instructions for reinstalling your TCP/IP software in Windows 95/98/ME can be found here:
http://www.compu-docs.com/winsock9x.htm
Alternatively, you can try a repair utility called LSPFix.exe. You can download the utility here:
http://www.cexx.org/lspfix.htm
It looks like SpyBot wasn't able to fix your "010" error, which is why you can't browse. The newdotnet infection has mangled a portion of your system's networking software; the TCP/IP software will either need to be repaired or reinstalled.
Instructions for reinstalling your TCP/IP software in Windows 95/98/ME can be found here:
http://www.compu-docs.com/winsock9x.htm
Alternatively, you can try a repair utility called LSPFix.exe. You can download the utility here:
http://www.cexx.org/lspfix.htm
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Also,
Have HijackThis fix all entries that contain "(no file)" and/or "(File missing)".
Fix these entries as well:
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\SYSTEM\CDNIEHLP.DLL
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O9 - Extra button: ¤¤¤å°ì¦W - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\SYSTEM\CDNIEHLP.DLL
O9 - Extra 'Tools' menuitem: ¤¤¤å°ì¦W - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\SYSTEM\CDNIEHLP.DLL
O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} (CNNIC_IDN) - http://cdn2.cnnic.cn/ad/china/cdn.cab
And if 4.2.2.1 is not the address of your DNS server, delete:
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 4.2.2.1
* If the C:\Program Files\NewDotNet folder still exists, delete it entirely.
Have HijackThis fix all entries that contain "(no file)" and/or "(File missing)".
Fix these entries as well:
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\SYSTEM\CDNIEHLP.DLL
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O9 - Extra button: ¤¤¤å°ì¦W - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\SYSTEM\CDNIEHLP.DLL
O9 - Extra 'Tools' menuitem: ¤¤¤å°ì¦W - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\SYSTEM\CDNIEHLP.DLL
O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} (CNNIC_IDN) - http://cdn2.cnnic.cn/ad/china/cdn.cab
And if 4.2.2.1 is not the address of your DNS server, delete:
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 4.2.2.1
* If the C:\Program Files\NewDotNet folder still exists, delete it entirely.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Also, remove Newdotnet, either from add/remove programs, or by going here. & scrolling down to the uninstall tool.
![]() |
Similar Threads
- page cannot be displayed DNS error (hijack this) (Viruses, Spyware and other Nasties)
- DNS error with IE -- Posted HIJACK Log (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Bridge.dll error message - log attached
- Next Thread: very slow internet and all programs just hanging
| Thread Tools | Search this Thread |
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio backtoschoolspeech bar blackhat botnet botnets china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia email europe exam facebook fake fancheckvirus gaming gtaiv gumblar halloween hijack internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm zeroday






