My son has downloaded new.net.domain.
I've started cleaning it up but need some help please.
Also how can I prevent him from screwing this thing up all the time.
Thanks
Logfile of HijackThis v1.99.0
Scan saved at 2:24:56 PM, on 26/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\NTS\ENTERN~1\app\pppoeservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sue\My Documents\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R3 - URLSearchHook: HyperSearchHook - {B5E44A7D-F658-4D98-9442-2CB9DAE82C6E} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {59A186AC-3FD1-7507-538B-CA70D79EC044} - C:\DOCUME~1\Tyler\APPLIC~1\BOOBIN~1\Itchace.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3914184614
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zone.msn.com/binFramew ... b32846.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: PPPoE Service - Unknown - C:\PROGRA~1\NTS\ENTERN~1\app\pppoeservice.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
Also this morning I'm having a lot of problems with AVG, mail and scanning. Is this all related?
Readings during AVG scan Error reading
C:\windows\nousb20.exe
C:\windows\system\kernel32.dll
C:\windows\system\winsock32.dll
C:\windows\system\user32.dll
C:\windows\system\shell32.dll
Thanks
Please help Hijackthis log...........
Please help Hijackthis log...........
"We don't see things as they are. We see them as we are."
-
mnosteele52
- Posts: 11913
- Joined: Tue Jul 24, 2001 12:00 pm
- Location: Chesapeake, VA
Hi Suzie, have HijackThis fix the following:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R3 - URLSearchHook: HyperSearchHook - {B5E44A7D-F658-4D98-9442-2CB9DAE82C6E} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll
O2 - BHO: (no name) - {59A186AC-3FD1-7507-538B-CA70D79EC044} - C:\DOCUME~1\Tyler\APPLIC~1\BOOBIN~1\Itchace.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R3 - URLSearchHook: HyperSearchHook - {B5E44A7D-F658-4D98-9442-2CB9DAE82C6E} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll
O2 - BHO: (no name) - {59A186AC-3FD1-7507-538B-CA70D79EC044} - C:\DOCUME~1\Tyler\APPLIC~1\BOOBIN~1\Itchace.exe
Thanks mnosteele52
Look okay now?
Logfile of HijackThis v1.99.0
Scan saved at 3:40:01 PM, on 26/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\NTS\ENTERN~1\app\pppoeservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sue\My Documents\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [DART16FREELESS] C:\Documents and Settings\All Users\Application Data\ABOUT STYLE DART 16\AdminLicense.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3914184614
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zone.msn.com/binFramew ... b32846.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: PPPoE Service - Unknown - C:\PROGRA~1\NTS\ENTERN~1\app\pppoeservice.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
I have another question about start up items??
I have 22 running processes is that normal? Have XP installed now and use to win98 with 15 running processes.
If not, what can I remove to clean that up?
Thanks a bunch!!
Look okay now?
Logfile of HijackThis v1.99.0
Scan saved at 3:40:01 PM, on 26/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\NTS\ENTERN~1\app\pppoeservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sue\My Documents\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [DART16FREELESS] C:\Documents and Settings\All Users\Application Data\ABOUT STYLE DART 16\AdminLicense.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3914184614
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zone.msn.com/binFramew ... b32846.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: PPPoE Service - Unknown - C:\PROGRA~1\NTS\ENTERN~1\app\pppoeservice.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
I have another question about start up items??
I have 22 running processes is that normal? Have XP installed now and use to win98 with 15 running processes.
If not, what can I remove to clean that up?
Thanks a bunch!!
"We don't see things as they are. We see them as we are."
-
mnosteele52
- Posts: 11913
- Joined: Tue Jul 24, 2001 12:00 pm
- Location: Chesapeake, VA
Email seems to be working properly again, except it pops up and says it's scanning mail and I don't have my mail application open.
When I scan with AVG I still get errors for the following:
Readings during AVG scan Error reading
C:\windows\nousb20.exe
C:\windows\system\kernel32.dll
C:\windows\system\winsock32.dll
C:\windows\system\user32.dll
C:\windows\system\shell32.dll
I cleaned up the new.net problem I think, following a link on the internet.
Is there a way I can be sure I've got rid of it from the registry?
If I put my son as limited use, can he still install his games?
Sorry for all the questions.....
Thanks a bunch!!
When I scan with AVG I still get errors for the following:
Readings during AVG scan Error reading
C:\windows\nousb20.exe
C:\windows\system\kernel32.dll
C:\windows\system\winsock32.dll
C:\windows\system\user32.dll
C:\windows\system\shell32.dll
I cleaned up the new.net problem I think, following a link on the internet.
Is there a way I can be sure I've got rid of it from the registry?
If I put my son as limited use, can he still install his games?
Sorry for all the questions.....
Thanks a bunch!!
"We don't see things as they are. We see them as we are."
-
mnosteele52
- Posts: 11913
- Joined: Tue Jul 24, 2001 12:00 pm
- Location: Chesapeake, VA
Try using the Winsock Fix to repair your TCP/IP stack. (you will have to redo any tweaks for your connection if this is used)
Tried the repair. AVG still gives the same list of errors.mnosteele52 wrote:Try using the Winsock Fix to repair your TCP/IP stack. (you will have to redo any tweaks for your connection if this is used)
Anything else I can try?
Thanks
"We don't see things as they are. We see them as we are."
-
mnosteele52
- Posts: 11913
- Joined: Tue Jul 24, 2001 12:00 pm
- Location: Chesapeake, VA
No it doesn't say it's a virus, the results of the scan says:mnosteele52 wrote:Is AVG finding these files as a virus or just that they have changed and are a problem?
Also, if you set your son to a limited user account he will not be able to install any software. You can change his account status to admin when you want to install software then change it back.
OBJECT - C:\windows\nousb20.exe - Result READING ERROR - Status - ERROR
OBJECT - C:\windows\system\kernel32.dll - Result READING ERROR - Status -ERROR
OBJECT - C:\windows\system\winsock32.dll - Result READING ERROR - status - ERROR
OBJECT - C:\windows\system\user32.dll - Result READING ERROR - Status ERROR
OBJECT - C:\windows\system\shell32.dll - Result READING ERROR - Status ERROR
Thanks
"We don't see things as they are. We see them as we are."
http://www.majorgeeks.com/download3155.html
Download it from there, extract it to its own folder, then run it.
Download it from there, extract it to its own folder, then run it.