Home > Hijack This > Hijack This Log-problem?

Hijack This Log-problem?

I've researched, spybot'd, ad-aware'd, and anti-virused all day with different programs and nothing. Thanks, Ross Dec 18, 2006 #3 howard_hopkinso TS Rookie Posts: 24,177 +19 Your HJT log is clean. Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common These are the DNS numbers of the pop up windows which are displayed everytime you open you browser to connect to the internet. weblink

NewDotNet/B typically leaves uninstaller files here. In order to find out what entries are nasty and what are installed by the user, you need some background information.A logfile is not so easy to analyze. Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2011-02-16 to 2011-03-16 )))))))))))))))))))))))))))))))..2011-03-16 00:40 . 2011-03-16 00:40 -------- d-----w- c:\users\Default\AppData\Local\temp2011-03-16 00:09 . 2011-03-16 In the To field, type your recipient's fax number @efaxsend.com.

It's not frozen in place I can wiggle the cursor by yanking my mouse around. I didn't want to reformat and reinstall operating system since it was purchased with software preinstalled. Also, what other lines should go. Right click the file and select "open".

Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. HKEY_CURRENT_USER>Software>Microsoft>Windows>Current Version>Run Delete the entry that says something about new.net. Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\Hpservice.exeC:\Windows\system32\atieclxx.exeC:\Windows\system32\vcsFPService.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Program Renumber the remaining subkeys so that they are contiguous (ie. 000000000001, 000000000002 etc.

Terms of Use Privacy Policy Licensing Advertise International Editions: US / UK India Log in or Sign up Tech Support Guy Home Forums > Security & Malware Removal > Virus & Join the community of 500,000 technology professionals and ask your questions. At the next window choose the "select program from a list" option and hit "ok" Choose notepad from the list. http://www.techspot.com/community/topics/hijackthis-log-problem-with-popups-and-possible-keylogger.65405/ or read our Welcome Guide to learn how to use this site.

Before the newdotnet[version number].dll file can be deleted, it must be removed from the Winsock2 LSP chain. Keep in touch with Experts ExchangeTech news and trends delivered to your inbox every month Membership How it Works Gigs Live Careers Plans and Pricing For Business Become an Expert Resource Privacy violation No. Sign In Sign Up Articles Browse Back Browse Forums Chat Staff Online Users Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Store Back Store Donations

Main Menu You are Here Ozzu Webmaster Forum Microsoft Windows ForumHijack This Log - (Problem with ... http://www.ozzu.com/mswindows-forum/hijack-this-log-problem-with-popups-and-computer-crashing-t72140.html In the To field, type your recipient's fax number @efaxsend.com. In either case, after you are done you may want to make the file read only. The filename used by NewDotNet/A varies according to exact installed version.

Hijack This log-problem? http://splodgy.org/hijack-this/hijack-this-log-spybot-problem.php Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More... Open your task manager, by holding down the ctrl and alt keys and pressing the delete key. O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing) O2 - BHO: (no name) - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - (no file) O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe O8 - Extra context

Security issues Yes. Post Information Total Posts in this topic: 3 postsUsers browsing this forum: No registered users and 43 guests You cannot post new topics in this forum You cannot reply to topics ch-en.html O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CNNIC ÍøÂ繤¾ßDrag - {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} - C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll (file missing) O2 - BHO: CdnForIE Class check over here Advertisement Recent Posts 4 Word Story continued (#6) dotty999 replied Feb 10, 2017 at 5:11 PM Word List Game #14 dotty999 replied Feb 10, 2017 at 5:10 PM No valid ip

Open the subkey NameSpace_Catalog5\Catalog_Entries and check each subkey’s LibraryPath value on the right. Join our site today to ask your question. You may also need to adjust this command for non-English Windows versions where the Program Files folder is not called ‘Program Files’.

RegisterWhy Register?

I have attached a HijackThis log from before I followed the 'Viruses/Spyware/Malware, preliminary removal instructions' thread (called HijackThisOLD.txt) And one from after (called HijackThisNEW.txt). Ask a Question See Latest Posts TechSpot Forums are dedicated to computer enthusiasts and power users. Please print this out and follow [span style=\'font-size:25pt;line-height:100%\']ALL[/span] these directions carefully and completely.Make sure 'show all files' is enabled:http://service1.symantec.com/SUPPORT/tsgen...=&osv=&osv_lvl=Boot into Safe Mode by tapping F8 key repeatedly at bootup.More detailed instructions WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [MSN Toolbar] "C:\Program

Download it, run it and tell it to Remove newdotnetN_NN.dll and Keep everything else. [LSP removal can also be done by hand as a last resort but it’s very easy to Click here to join today! Covered by US Patent. this content Get 1:1 Help Now Advertise Here Enjoyed your answer?

Sign In Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password? Staff Online Now etaf Moderator cwwozniak Trusted Advisor Advertisement Tech Support Guy Home Forums > Security & Malware Removal > Virus & Other Malware Removal > Home Forums Forums Quick Links Thank you in advance for any help!! Could you please check through my latest log just to give me the all clear?

Often the subkeys involved are the first two and last two. Register now! Sign In   Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password? Please don`t post your own virus/spyware problems in this thread.

Dec 17, 2006 #1 howard_hopkinso TS Rookie Posts: 24,177 +19 Hello and welcome to Techspot. It is stored in its own Program Files folder ‘QuickSearch’; filenames seen in use include: QuickSearchBar1_27.dll QuickSearchBar3_28.dll QuickSearchBar3_30.dll Distribution A very large range of software installs New.Net, including RealOne, AudioGalaxy, Kazaa, If someone could just quickly read through my current HJT log to check if ive got the all clear, I would be eternally grateful Cheers, Ross doh! You can even send a secure international fax — just include t… Cloud Computing File Sharing Software Telecommunications Email Software Security eFax How to Send a Secure eFax Video by: j2

Enroll in a course and start learning today. If you are experiencing a similar issue, please ask a related question Suggested Solutions Title # Comments Views Activity change password links 7 82 2017-01-03 How to deal with a 'Failed NewDotNet/QuickSearch/v3 adds a popup-blocking feature. Then you can have the file open in safe mode, so you can follow the instructions easier.

The PC sits behind a Sonicwall firewall and I checked for viruses with the McAffee virusscan and also ran Stinger and FixBlast just in case.