My dsl connection is acting like 56k, and its been disconnecting alot, and its taking longer and longer for me to shut down my computer.
Logfile of HijackThis v1.99.1
Scan saved at 10:43:02 AM, on 5/1/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\UltimateZip\uzqkst.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\BYOND\bin\dreamseeker.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe
Full Version: HJT Log
Hman456,
You have several things I'm not familiar with. Please get a 2nd opinion on this but...
You have a problem with new.net. Unfortunately, when you remove new.net it will hose your internet connection. So...
Go get LSPFix.exe AND WinsockFix.exe NOW while you still can. After you remove new.net you will NOT be able to go on the internet and get them.
One place to get LSPFix is at http://cexx.org/lspfix.htm
Google or Cluster for WinsockFix
Try to get it from someone we've heard of
Here is a link to BleepingComputer with some download links at the bottom of a tutorial for M$ antispyware (which I DON'T recommend, BTW)...
http://www.bleepingcomputer.com/tutorials/tutorial98.html
-------------------------------------------------
WinsockFix was written and designed by:
Option^Explicit Software Solutions
cc Theron Skryba
Winnipeg, Manitoba
Canada
------------------------------------------------
As I say, I'm not sure about the others but new.net is bad news and will hose your connection and bring your pc to a standstill. So start with removing it with Ewido or Spybot Search & Destroy or even Lavasoft's Ad-Aware.
--CF
You have several things I'm not familiar with. Please get a 2nd opinion on this but...
You have a problem with new.net. Unfortunately, when you remove new.net it will hose your internet connection. So...
Go get LSPFix.exe AND WinsockFix.exe NOW while you still can. After you remove new.net you will NOT be able to go on the internet and get them.
One place to get LSPFix is at http://cexx.org/lspfix.htm
Google or Cluster for WinsockFix
Try to get it from someone we've heard of
Here is a link to BleepingComputer with some download links at the bottom of a tutorial for M$ antispyware (which I DON'T recommend, BTW)...
http://www.bleepingcomputer.com/tutorials/tutorial98.html
-------------------------------------------------
WinsockFix was written and designed by:
Option^Explicit Software Solutions
cc Theron Skryba
Winnipeg, Manitoba
Canada
------------------------------------------------
As I say, I'm not sure about the others but new.net is bad news and will hose your connection and bring your pc to a standstill. So start with removing it with Ewido or Spybot Search & Destroy or even Lavasoft's Ad-Aware.
--CF
Hi Hman456,
Although NewDotNet does not claim to be spyware, it has been associated with computer instability in certain situations. Both SaveNow and NewDotNet have been linked for computer instability according to the MS Knowledge Base Article 302463.
For more information, please see the following:
Description of NewDotNet from the doxdesk parasite database
What is SaveNow and/or New.Net?
Foistware: New Net, Inc. (NewDotNet) DLL
I recommend that you remove NewDotNet unless you deliberately installed it.
Please download LSP-Fix from the following link and save it to a location you can find later if necessary. Do not use this. See ***note below.
LSP-Fix Download Link
Please open Add/Remove programs and uninstall New.Net or NewDotNet. If it is not listed, follow these instructions:
Please download Ewido Anti-Malware from here
(Note: As this is a trial version, after the 14 day trial period has expired Ewido will lose some functionality with it. Ewido will then work as an On-Demand program, make sure to check for updates regularly).
Ewido manual updates
Once the updates are installed, do the following:
Although NewDotNet does not claim to be spyware, it has been associated with computer instability in certain situations. Both SaveNow and NewDotNet have been linked for computer instability according to the MS Knowledge Base Article 302463.
For more information, please see the following:
Description of NewDotNet from the doxdesk parasite database
What is SaveNow and/or New.Net?
Foistware: New Net, Inc. (NewDotNet) DLL
I recommend that you remove NewDotNet unless you deliberately installed it.
Please download LSP-Fix from the following link and save it to a location you can find later if necessary. Do not use this. See ***note below.
LSP-Fix Download Link
Please open Add/Remove programs and uninstall New.Net or NewDotNet. If it is not listed, follow these instructions:
- From a computer that has Internet access, click on NewDotNet Removal
- If you get "the page cannot be displayed" when clicking on the removal link.
You may have winhelp's mvps hosts file installed, as www.newdotnet.com is a blocked site - Download and save uninstall6_90.exe (New.Net/Support/Uninstall exe file) to the Desktop.
- Go to the Desktop and double-click on uninstall6_90.exe
- Click on the OK button.
- After removal, reboot.
Please download Ewido Anti-Malware from here
(Note: As this is a trial version, after the 14 day trial period has expired Ewido will lose some functionality with it. Ewido will then work as an On-Demand program, make sure to check for updates regularly).
- Install ewido security suite
- When installing the program, under "Additional Options" UNCHECK...
- Install background guard
- Install scan via context menu
- Launch ewido, there should now be an icon on your desktop, double-click it.
- The program will now open to the main screen.
- When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
- You will need to update ewido to the latest definition files:
- On the left hand side of the main screen click update.
- Then click on Start Update.
- The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display "Update successful") - Close Ewido Anti-Malware
Ewido manual updates
Once the updates are installed, do the following:
- Reboot computer into "Safe Mode" using the "F8" method...
- As soon as the BIOS is loaded begin tapping the F8 key until the Boot Menu appears
- Use the arrow keys to select the Safe Mode menu item
- Once in Safe Mode start Ewido Anti-Malware
- Click on scanner. (Note: Do not start any programs or open any windows while Ewido is scanning)
- Click on Complete System Scan, the scan will now begin.
- While the scan is in progress you will be prompted to clean files, click OK.
- When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
- Once the scan has completed, there will be a button located at the bottom of the screen named Save Report.
- Click Save Report.
- Now save the report .txt file to your desktop.
- Close Ewido Anti-Malware
Wow! Really good response MaKaVeLi!
The only thing I might add is ever since Grisoft bought Ewido that link doesn't work for updates:
Use:
ewido anti-malware - Update - Current
http://download.ewido.net/ewido-signatures-current.exe
Ewido anti-malware - Update - Full Current
http://download.ewido.net/ewido-signatures-full-current.exe
(These are direct links.)
NewDotNet was the main reason I was able to convince a small company to install Lavasoft Ad-Watch/Spybot S&D TeaTimer on their networked computers. I'd love to state my opinion of them, but I would instantly run afoul of the rules here and probably become the poster child on how to get instantly, forever banned from all Bluetack forums forevermore...
--CF
The only thing I might add is ever since Grisoft bought Ewido that link doesn't work for updates:
QUOTE
The page you requested is currently not available. We are sorry for the inconvenience!
Use:
ewido anti-malware - Update - Current
http://download.ewido.net/ewido-signatures-current.exe
Ewido anti-malware - Update - Full Current
http://download.ewido.net/ewido-signatures-full-current.exe
(These are direct links.)
NewDotNet was the main reason I was able to convince a small company to install Lavasoft Ad-Watch/Spybot S&D TeaTimer on their networked computers. I'd love to state my opinion of them, but I would instantly run afoul of the rules here and probably become the poster child on how to get instantly, forever banned from all Bluetack forums forevermore...
--CF
Editted my post.
Thanks.
Thanks.
About the new.net removal link..I have the mvps hosts file installed..But how do I temporarily disable it, or uninstall it for a minute?
Hman456,
To disable the HOSTS file you can add the extension .bak and then try again. When your done remember to change your HOSTS file back to just HOSTS.
To disable the HOSTS file you can add the extension .bak and then try again. When your done remember to change your HOSTS file back to just HOSTS.
Heres the new HJT Log:
------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:58:15 PM, on 5/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
------------------------------------------------------------
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\UltimateZip\uzqkst.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\wwSecure.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe
--------------------------------------------------------------------------------------------------
Heres The Ewido Report:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 8:51:36 PM, 5/2/2006
+ Report-Checksum: 105DA20A
+ Scan result:
:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ljkkmqyf.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned without backup
:mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ljkkmqyf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned without backup
:mozilla.11:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ljkkmqyf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned without backup
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ljkkmqyf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned without backup
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ljkkmqyf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned without backup
C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\pzvp4zq0.default\Cache\2D6A23BBd01 -> Adware.NewDotNet : Cleaned without backup
C:\Documents and Settings\me\My Documents\Downloads\Programs\uninstall6_90.exe -> Adware.NewDotNet : Cleaned without backup
C:\Program Files\PCPitstop\Optimize\patch.exe -> Downloader.VB.ts : Cleaned without backup
C:\unzipped\pcpitstopoptimizev1.4patchsnd\patch.exe -> Downloader.VB.ts : Cleaned without backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned without backup
C:\WINDOWS\system32\setup.exe.tmp -> Downloader.VB.abh : Cleaned without backup
::Report End
------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:58:15 PM, on 5/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
------------------------------------------------------------
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\UltimateZip\uzqkst.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\wwSecure.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe
--------------------------------------------------------------------------------------------------
Heres The Ewido Report:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 8:51:36 PM, 5/2/2006
+ Report-Checksum: 105DA20A
+ Scan result:
:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ljkkmqyf.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned without backup
:mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ljkkmqyf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned without backup
:mozilla.11:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ljkkmqyf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned without backup
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ljkkmqyf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned without backup
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ljkkmqyf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned without backup
C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\pzvp4zq0.default\Cache\2D6A23BBd01 -> Adware.NewDotNet : Cleaned without backup
C:\Documents and Settings\me\My Documents\Downloads\Programs\uninstall6_90.exe -> Adware.NewDotNet : Cleaned without backup
C:\Program Files\PCPitstop\Optimize\patch.exe -> Downloader.VB.ts : Cleaned without backup
C:\unzipped\pcpitstopoptimizev1.4patchsnd\patch.exe -> Downloader.VB.ts : Cleaned without backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned without backup
C:\WINDOWS\system32\setup.exe.tmp -> Downloader.VB.abh : Cleaned without backup
::Report End
Hi Hman456,
Run HijackThis and put a check next to the following lines:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
Make sure you have nothing else open and click Fix checked.
Now reboot and post a new HJT log.
Are you still having problems?
Run HijackThis and put a check next to the following lines:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
Make sure you have nothing else open and click Fix checked.
Now reboot and post a new HJT log.
Are you still having problems?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.