(Solved) Stumped and embarrassed!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

putasolution

Thread Starter
Joined
Mar 20, 2003
Messages
4,823
Ok, got a puter, HJT done, New.net cleaned off,

but HJT stubbornly refuses to fix 5 O10 entries
tried an lspfix, restarted

O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

still remain

Any suggestions folks?
 

putasolution

Thread Starter
Joined
Mar 20, 2003
Messages
4,823
Thanks, normnork, new.net is uninstalled, I just need to get these entries out of HJT. The thing is I'd rather go to eat locusts than re-install New.net to uninstall it again
 
Joined
Aug 18, 2003
Messages
2,438
putasolution ...

LOL about the locusts.

Did you try this lspfix: http://www.cexx.org/lspfix.htm ? Fix the "I know what I am doing" box and move the relevant files over to remove.

IMO, it would be worth trying to have Ad-aware fix something like this.
 
Joined
Mar 9, 2003
Messages
4,699
HJT is supposed to take those items out of the reg. You may have to go into regedit and do a manual search.
 

putasolution

Thread Starter
Joined
Mar 20, 2003
Messages
4,823
Thank winchester, have done an lspfix, said that it had fixed some errors, rebooted and reran HJT. The same 5 little devils reappeared.

I think a regedit search may be in order, I needed something to do anyways ;)
 

putasolution

Thread Starter
Joined
Mar 20, 2003
Messages
4,823
$teve, Nite Hawk, I will do all AAW and SSD again on top of the regedit I think.
 
Joined
Mar 9, 2003
Messages
4,699
Pssst, PAS. We, the so-called experts, aren't supposed to have these kinds of problems. :D :D

Didn't your computer read the fine print??
 
Joined
Jun 19, 2003
Messages
1,241
Hi putasolution,

If they're still there after your next fix could you post up the full log. I doubt I'd see anything that you hadn't already checked out, but something must be bringing them back up. An extra set of eyes might do it. (y)

They're more likely to belong to Nitehawk, Steve or Winchester than me, but what the hey.. :D

Cheers

Liam
 
Joined
Aug 18, 2003
Messages
2,438
I am very surprised that HT isn't removing them ... I'm sure you are using the latest v1.97. If so, then Merijn may need to be alerted to this thread.

If you do this manually via regedit, (obviously) make a backup of the WinSock keys first.
 
Joined
Aug 18, 2003
Messages
2,438
SpyDie sent me this clip from Andrew Clover's site, and stressed that it needed to be done:

"It is possible to remove LSPs by hand by editing the registry, but it's quite a bit of effort and it's easy to make a mistake. If you want to try anyway, run 'regedit' and find the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 . For each key in Catalog_Entries, open the 'PackedCatalogItem' value and check if it starts with 'lsp.dll'. If it does delete that entry. Renumber the remaining keys so that they count up from 000000000001 one at a time, and set the 'Num_Catalog_Entries' value in Protocol_Catalog9 to the highest key number you have. See, I told you it was a lot of effort."

Of course, it won't be "lsp.dll" in your case.

SpyDie said if this part "Renumber the remaining keys so that they count up from 000000000001 one at a time, and set the 'Num_Catalog_Entries' value in Protocol_Catalog9 to the highest key number you have" isn't done correctly, then the whole WinSock will break.
 

putasolution

Thread Starter
Joined
Mar 20, 2003
Messages
4,823
e-liam

HJT log as of a few minutes ago



Logfile of HijackThis v1.97.2
Scan saved at 18:33:12, on 23/09/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\Microsoft Office\Office\Osa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.download.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.netscapeonline.co.uk/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.uk.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: GuruNet... - file:C:\Program Files\GuruNet\Html\atiemenu.htm
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Program Files\MGI\MGI PhotoSuite III\Temp\MGI00000.html
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37603.4019675926
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C95B2D3-06F2-4DFB-ACC2-408A6CCBAE78}: NameServer = 195.92.195.95 195.92.195.94

originally by Nite Hawk

Pssst, PAS. We, the so-called experts, aren't supposed to have these kinds of problems.

Didn't your computer read the fine print??
Obviously not!!!

The O17 is for freeserve and is legit
I really appreciate the input here chaps
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top