sek800i laptop Options

[SEK800i]

and this is a log from my laptop. i think it has something majorly wrong with it.

Logfile of HijackThis v1.99.1
Scan saved at 12:01:34Ai Em, on 20/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Elantech\ktp.exe
C:\WINDOWS\system32\rundll32.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\Bruce\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.crystalxp.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Thanks in advance for any help.

[AndyManchesta]

Hi SEK800i

Can you post the contents of your Add/Remove screen

Open Hijackthis, In the lower right corner click the Config... (Configuration) button.
Once in the Configuration panel, click Misc Tools button.
Then click the Open Uninstall Manager... button.
The Add/Remove Programs Manager panel should appear.
In this panel click the Save list button.
Save the uninstall_list.txt file to your desktop and copy and paste the contents back in your next reply.

Thanks

Andy

[SEK800i]

hi andy,

i cant find this config screen. it doesnt show anywhere.

ive added an attachment to show you.



thanks.

[AndyManchesta]

Hi SEK800i, Happy Christmas

Sorry the config button only shows on the scan screen so you would have to do a system scan only and then its in the bottom right of the screen, from the main option page thats in the screenshot you can get to the same area by clicking Open the Misc tools section then Open Uninstall Manager

Sorry for the confusion

Andy

[SEK800i]

thats ok. i know you'll help me out so thanks for that.

heres the uninstall list,

Acer eManager for Notebook
Acer ePowerManagement
Acer GridVista
Ad-Aware SE Personal
Adobe Reader 6.0
Battle Realms
Call of Duty
CCleaner (remove only)
DivX
DivX Player
ewido anti-spyware 4.0
Folder Lock 2006
HijackThis 1.99.1
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel® Graphics Media Accelerator Driver for Mobile
InterActual Player
iPod for Windows 2005-03-23
iTunes
J2SE Runtime Environment 5.0 Update 6
KTP Ware PS/2-WDM 5.0.1.6
Launch Manager
Microsoft .NET Framework 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0)
New.net Domains 6.38
NTI Backup NOW! 4
NTI CD & DVD-Maker Gold
OpenOffice.org 2.0
PowerDVD
QuickTime
RealPlayer
Realtek AC'97 Audio
SMSC IrCC V5.1.3600.5 SP2
SoftV90 Data Fax Modem with SmartCP
Sony Ericsson PC Suite 1.20.224
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
StarCraft
Super DVD Ripper (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885855
WinRAR archiver
WinZip
XoftSpy
XviD MPEG-4 Video Codec

thanks. happy christmas to you too.

[AndyManchesta]

Hi SEK800i

The only obvious problem in your log is New.Net, which is classed as foistware as it's often installed as part of bundled software, with it installing as a LSP (010 in HijackThis) we have to be careful when removing it because removing the files manually can result in no Internet connection so to be safe its best to download a program that will repair the LSP chain first so you have it as a backup if needed.

For more information on newdotnet please read these links:

http://www.sophos.com/security/analyses/newdotnet.html
http://www.emsisoft.com/en/malware/?Adware.NewDotNet
http://www.bitdefender.com/VIRUS-121058-en....B.Dropper.html

First can you move HijackThis into a folder so the backups are kept with the program, right click an empty space on the desktop and choose New then Folder and name it HijackThis. Left click the HijackThis.exe file and drag it over the new folder then release the mouse button to put it into the folder.

Next download LSPFix from Here and save it to your desktop, then copy and paste this reply to a notepad file and save it to your dekstop incase you have Internet connection problems after removing this from the Add/Remove screen,

Goto the Add/Remove screen (Start Menu > Control Panel > Add or Remove Programs) and remove

New.net Domains 6.38

Follow any on screen prompts then reboot the PC, after the PC has restarted run Hijack This and choose Do A System Scan then place a check next to these entries if they still exist

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

Close all open browser and other windows except for Hijack This and press the Fix Checked button

Then delete the C:\Program Files\NewDotNet folder, if you cannot delete it then reboot again and then remove the folder,

That is then fully removed but if you can not connect to the Internet after removing New.net, Please run LSPFix and just click on the finish button and it will repair the LSP Chain. Reboot and you will have Internet access again. (Only use LSPFix if there is a problem with the Internet Connection)

Next remove ewido anti-spyware 4.0 from your Add/Remove screen list as its abit out of date, the program is now named AVG Anti-Spyware so once the original version is removed install the new version and run a full scan.

Download AVG Anti-Spyware

• Load AVG and then click the Update tab at the top. Under Manual Update click Start update.
• After the update finishes (the status bar at the bottom will display "Update successful")
• Click on the Scanner tab at the top and then click on Complete System Scan
• AVG will list any infections found on the left, when the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG will then display "All actions have been applied" on the right.
• Click on "Save Report", then "Save Report As". This will create a text file which you can then save to the Desktop and post back

Please then post back the AVG Anti-Spyware log and a new HijackThis log

Thanks

Andy

[SEK800i]

hi andy,

thanks for this very detailed reply.

i would like to know a few things before i start doing things that are way out of my league.
1. what will i accomplish once i finished doing all this?
2. will my laptop be as good as new

i think i should tell you what is wrong with my laptop first. i apologise for not doing this earlier. when i start up my computer, it takes a while to do so and alot of the times it freezes. when i try to open up my computer, it freezes, when i open up a random folder, it freezes. the only thing i can do is to restart the computer again.

i dont have the internet on my laptop, never even connected to the computer even once. i mustved downloaded something from the main computer and then transferred it to the laptop. i will be getting the internet connection on my laptop in feburary next year and i hope when i do this, it will not affect it.

if you could briefly explain this to me it would be great.

thanks for you time.

[AndyManchesta]

Hey SEK800i

The steps mentioned are simple enough but I tried to give as much details as possible to prevent any issues after its removed, these type of programs are difficult to comment on as their is a risk if their program is described as a trojan or malware that the company could take legal action against the site that made the comment (for example, they sued Lavasoft in 2003) which is one of the reasons I linked to Sophos, Bitdefender & emsisoft, they were just example links but you will find similar write ups on Symantec's website, CounterSpy's, McAfee and more.

For the sake of it I'll refer to newdotnet as a potentially unwanted program which many people including myself wouldnt want installed on their system,

Removing it from the Add/Remove screen should remove it from the system so most of the steps from my last post are just incase it leaves anything behind

Regarding the questions:

i would like to know a few things before i start doing things that are way out of my league.
1. what will i accomplish once i finished doing all this?
2. will my laptop be as good as new

1) you will be removing a potentially unwanted program that maybe causing problems if its starting with Windows but cannot get internet access
2) I cannot guarantee that as Im not sure what else maybe on the laptop that needs attention, the AVG Anti-Spyware scan log will help to show if there is any problems

i think i should tell you what is wrong with my laptop first. i apologise for not doing this earlier. when i start up my computer, it takes a while to do so and alot of the times it freezes. when i try to open up my computer, it freezes, when i open up a random folder, it freezes. the only thing i can do is to restart the computer again.

i dont have the internet on my laptop, never even connected to the computer even once. i mustved downloaded something from the main computer and then transferred it to the laptop. i will be getting the internet connection on my laptop in feburary next year and i hope when i do this, it will not affect it.

if you could briefly explain this to me it would be great.

Something is wrong on that laptop but its difficult to comment on while there is problems showing in your HJT log, once you remove NewDotNet and run the AVG scan it will make things abit easier, if there is additional problems on the system then we can fix them but if the problem still exists after cleaning things up then it may help to run the system file checker if you have a Windows disc to make sure none of the protected Windows files are damaged or corrupt and also run the Disk Defragmenter.

The LSPFix steps were just to be safe, if its needed anytime on XP SP2 you can also goto start > run > and type netsh winsock reset . Press ok and you will just notice the command prompt screen flash on then off again, reboot and it will repair any corruption,

To run the System File Checker

Goto Start Menu -> Run -> type

SFC /SCANNOW

(There's a space after SFC) , Press OK and it will run the System File Checker. Follow the prompts, and insert your Windows installation CD if requested then reboot the computer after it has finished


To Run Disk Defrag:

(Goto Start Menu > All Programs > Accessories > System Tools > Disk Defragmenter)

First click Analyze , If it shows 'You should defragment this volume' then click the Defragment button

Let us know how it goes

Andy