Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hotsearchbar.com


  • Please log in to reply
2 replies to this topic

#1 figjam_8

figjam_8

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 20 November 2004 - 04:02 AM

sometimes i will try to download stuff from links off the net or just view web pages, and hotsearchbar.com will intervene and i will not be able to view my page. when i close it, windows jsut pop up hundreds of time and i can't stop it so i have to reset the computer. i have hijackthis but don't know what to get rid of. could you tell me what to get rid of please. it's driving me nuts.

BC AdBot (Login to Remove)

 


#2 figjam_8

figjam_8
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 20 November 2004 - 04:06 AM

here is my log

Logfile of HijackThis v1.98.2
Scan saved at 4:43:17 PM, on 20/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\zmnxkt.exe
C:\temp\salm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Windows AdControl\WinAdCtl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows AdControl\WinAdAlt.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\WINDOWS\mmups.exe
C:\WINDOWS\suploads.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\My Documents\Warning\tyht\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.naupoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.naupo
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.naupo
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.naupoint.com/toolbar/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ohb - {086CEFD5-A88D-4981-8915-D51F04360ED1} - C:\WINDOWS\system32\winhot32.dll
O2 - BHO: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\system32\toolbar.dll (file missing)
O2 - BHO: 1097059750 - {262277EC-5BB5-4849-8BF2-1824330C9CAC} - (no file)
O2 - BHO: No description - {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} - C:\WINDOWS\DOWNLO~1\iEBINST2.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: No description - {60261C06-81B0-4DE0-9313-E5BA203A64E9} - C:\WINDOWS\DOWNLO~1\pdfmgr.dll
O2 - BHO: No description - {6375B3AD-4440-4C1F-95E5-A24198ED671C} - C:\WINDOWS\DOWNLO~1\sp1.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Saristar - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE50} - C:\WINDOWS\system32\saristar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-95BE-B378BA9CB52D} - (no file)
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\ipsac.exe
O4 - HKLM\..\Run: [Microsoft IIS] C:\WINDOWS\system32\syshost.exe
O4 - HKLM\..\Run: [Microsoft DirectX] rasmngr.exe
O4 - HKLM\..\Run: [Microsoft Update] wuamagr32.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SonicFocus] "C:\Program Files\Sonic Focus\SFIGUI\SFIGUI.EXE" BOOT
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [gubhbsrah] C:\WINDOWS\system32\zmnxkt.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [lkvgz] C:\WINDOWS\lkvgz.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [mediamotor.exe] \mmups.exe
O4 - HKLM\..\Run: [loads.exe] \suploads.exe
O4 - HKLM\..\RunServices: [Microsoft DirectX] rasmngr.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamagr32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft DirectX] rasmngr.exe
O4 - HKCU\..\Run: [Microsoft Update] wuamagr32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\system32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/17kd11fg.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...8e964761dcadf1f
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) - http://toolbar.isearch.com/general/drm.cab
O16 - DPF: {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} (No description) - http://naupoint.com/toolbar/installer/iEBINST2.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} (iiittt Class) - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/diamond.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F372372-A1CC-44C3-BE10-142A5BF65AFE}: NameServer = 202.72.191.199,203.10.1.9
O21 - SSODL: eplrr9 - {FA2693B1-DD5F-4444-A74E-9B51C5584AE4} - C:\WINDOWS\system32\eplrr9.dll (file missing)

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,622 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:54 AM

Posted 20 November 2004 - 06:41 PM

Please download LSP-Fix from the following link and save it to a location you can find later if necessary.

LSP-Fix Download Link

To remove New.net. please go to Start | Settings | Control Panel | Add/Remove Programs, look for and remove New.Net. If you can't find it, then please go here and follow the removal instructions in Procedure 4 at the bottom of the page.

When that is done, click on start, settings, control panel and double-click on add/remove programs. From with add/remove program uninstall the following if they exist:

Windows AdControl


Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.naupoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.naupo
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.naupo
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.naupoint.com/toolbar/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: ohb - {086CEFD5-A88D-4981-8915-D51F04360ED1} - C:\WINDOWS\system32\winhot32.dll
O2 - BHO: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\system32\toolbar.dll (file missing)
O2 - BHO: 1097059750 - {262277EC-5BB5-4849-8BF2-1824330C9CAC} - (no file)
O2 - BHO: No description - {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} - C:\WINDOWS\DOWNLO~1\iEBINST2.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: No description - {60261C06-81B0-4DE0-9313-E5BA203A64E9} - C:\WINDOWS\DOWNLO~1\pdfmgr.dll
O2 - BHO: No description - {6375B3AD-4440-4C1F-95E5-A24198ED671C} - C:\WINDOWS\DOWNLO~1\sp1.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: Saristar - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE50} - C:\WINDOWS\system32\saristar.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-95BE-B378BA9CB52D} - (no file)
O4 - HKLM\..\Run: [Microsoft IIS] C:\WINDOWS\system32\syshost.exe
O4 - HKLM\..\Run: [Microsoft DirectX] rasmngr.exe
O4 - HKLM\..\Run: [Microsoft Update] wuamagr32.exe
O4 - HKLM\..\Run: [gubhbsrah] C:\WINDOWS\system32\zmnxkt.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [lkvgz] C:\WINDOWS\lkvgz.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [mediamotor.exe] \mmups.exe
O4 - HKLM\..\Run: [loads.exe] \suploads.exe
O4 - HKLM\..\RunServices: [Microsoft DirectX] rasmngr.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamagr32.exe
O4 - HKCU\..\Run: [Microsoft DirectX] rasmngr.exe
O4 - HKCU\..\Run: [Microsoft Update] wuamagr32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\system32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/17kd11fg.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...8e964761dcadf1f
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) - http://toolbar.isearch.com/general/drm.cab
O16 - DPF: {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} (No description) - http://naupoint.com/toolbar/installer/iEBINST2.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} (iiittt Class) - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/diamond.cab
O21 - SSODL: eplrr9 - {FA2693B1-DD5F-4444-A74E-9B51C5584AE4} - C:\WINDOWS\system32\eplrr9.dll (file missing)
Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\system32\winhot32.dll
C:\Program Files\NewDotNet\
C:\WINDOWS\system32\saristar.dll
C:\WINDOWS\system32\syshost.exe
C:\WINDOWS\system32\zmnxkt.exe
C:\WINDOWS\conscorr.exe
c:\temp\salm.exe
C:\WINDOWS\lkvgz.exe
C:\Program Files\Web_Rebates\
C:\Program Files\Windows AdControl\
c:\windows\system32\mmups.exe
c:\windows\system32\suploads.exe
c:\windows\system32\rasmngr.exe
c:\windows\system32\wuamagr32.exe
C:\Program Files\TV Media\
C:\WINDOWS\system32\toolbar.dll

Reboot your computer to go back to normal mode and post a new log.


If you can not connect to the Internet after removing New.net, please run the LSP-Fix program I had you download earlier, and click on the finish button. Reboot and you should be able to get back on.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users