Hijackthis report please help

Erik Keno · May 10, 2005

Logfile of HijackThis v1.99.1
Scan saved at 11:36:22 PM, on 5/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Acceleration
Software\StopSignProducts\Firewall\fwservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\skeys.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Common Files\Symantec Shared\Security
Center\SymWSC.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ACCELE~1\SCRIPT~1\scan.exe
C:\Program Files\Common Files\eAcceleration\eanthology.exe
C:\Program Files\Acceleration Software\Anti-
Virus\stopsignav.exe
C:\PROGRA~1\ACCELE~1\DOWNLO~1\dguard.exe
C:\Program Files\Acceleration
Software\SystemPatcher\sys_alert.exe
C:\Program Files\Roxio\Easy CD Creator 6
\DragToDisc\DrgToDsc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\LeapFrogMessenger\LeapFrogMessenger.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft
AntiSpyware\GIANTAntiSpywareMain.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\STACYL~1\LOCALS~1\Temp\Temporary Directory 1
for hijackthis_199[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,
(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32
\Userinit.exe
O2 - BHO: ohb - {49256FE8-6394-4ACE-939C-22F35CA042AD} -
C:\WINDOWS\system32\zippy.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton
AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32
cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe
SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [StopSignStatus]
Rundll32.exe "C:\Program Files\Common
Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
O4 - HKLM\..\Run: [EanthologyApp] "C:\Program
Files\Common Files\eAcceleration\eanthology.exe" /b
Startup
O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration
Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [sginst] C:\PROGRA~1\ACCELE~1\SCRIPT~1
\sginst.exe /upd
O4 - HKLM\..\Run: [dguard] C:\PROGRA~1\ACCELE~1\DOWNLO~1
\dguard.exe
O4 - HKLM\..\Run: [eanth_system_patcher] "C:\Program
Files\Acceleration
Software\SystemPatcher\sys_alert.exe" /Startup
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program
Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program
Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1
\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [fwservice] C:\Program
Files\Acceleration
Software\StopSignProducts\Firewall\fwservice.exe -startup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [LFM] C:\PROGRA~1
\LeapFrogMessenger\LeapFrogMessenger.exe
O4 - HKLM\..\RunOnce: [StopSignStatus]
Rundll32.exe "C:\Program Files\Common
Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
/ro
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program
Files\LimeWire\LimeWire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_02
\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP
provider 'c:\program files\newdotnet\newdotnet6_38.dll'
missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA}
(Sinstaller Class) -
http://dm.screensavers.com/dm/installers/si/1/sinstaller.c
ab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507}
(WebHandler Class) -
http://activex.microgaming.com/DLhelper/version7/dlhelper.
cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloa
der.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FWService - eAcceleration Corp -
C:\Program Files\Acceleration
Software\StopSignProducts\Firewall\fwservice.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark
International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ScriptBlocking Service (SBService) -
Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1
\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service
(SNDSrvc) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\Security Center\SymWSC.exe

Guest · May 10, 2005

-----Original Message-----
Logfile of HijackThis v1.99.1
Scan saved at 11:36:22 PM, on 5/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Acceleration
Software\StopSignProducts\Firewall\fwservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\skeys.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Common Files\Symantec Shared\Security
Center\SymWSC.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ACCELE~1\SCRIPT~1\scan.exe
C:\Program Files\Common Files\eAcceleration\eanthology.exe
C:\Program Files\Acceleration Software\Anti-
Virus\stopsignav.exe
C:\PROGRA~1\ACCELE~1\DOWNLO~1\dguard.exe
C:\Program Files\Acceleration
Software\SystemPatcher\sys_alert.exe
C:\Program Files\Roxio\Easy CD Creator 6
\DragToDisc\DrgToDsc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\LeapFrogMessenger\LeapFrogMessenger.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft
AntiSpyware\GIANTAntiSpywareMain.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\STACYL~1\LOCALS~1\Temp\Temporary Directory 1
for hijackthis_199[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,
(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32
\Userinit.exe
O2 - BHO: ohb - {49256FE8-6394-4ACE-939C-22F35CA042AD} -
C:\WINDOWS\system32\zippy.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton
AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32
cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe
SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [StopSignStatus]
Rundll32.exe "C:\Program Files\Common
Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
O4 - HKLM\..\Run: [EanthologyApp] "C:\Program
Files\Common Files\eAcceleration\eanthology.exe" /b
Startup
O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration
Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [sginst] C:\PROGRA~1\ACCELE~1\SCRIPT~1
\sginst.exe /upd
O4 - HKLM\..\Run: [dguard] C:\PROGRA~1\ACCELE~1\DOWNLO~1
\dguard.exe
O4 - HKLM\..\Run: [eanth_system_patcher] "C:\Program
Files\Acceleration
Software\SystemPatcher\sys_alert.exe" /Startup
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program
Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program
Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1
\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [fwservice] C:\Program
Files\Acceleration
Software\StopSignProducts\Firewall\fwservice.exe -startup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [LFM] C:\PROGRA~1
\LeapFrogMessenger\LeapFrogMessenger.exe
O4 - HKLM\..\RunOnce: [StopSignStatus]
Rundll32.exe "C:\Program Files\Common
Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
/ro
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program
Files\LimeWire\LimeWire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_02
\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP
provider 'c:\program files\newdotnet\newdotnet6_38.dll'
missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA}
(Sinstaller Class) -
http://dm.screensavers.com/dm/installers/si/1/sinstaller.c
ab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507}
(WebHandler Class) -
http://activex.microgaming.com/DLhelper/version7/dlhelper.
cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloa
der.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FWService - eAcceleration Corp -
C:\Program Files\Acceleration
Software\StopSignProducts\Firewall\fwservice.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark
International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ScriptBlocking Service (SBService) -
Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1
\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service
(SNDSrvc) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\Security Center\SymWSC.exe
.

Mikolaj · May 10, 2005

Logfile of HijackThis v1.99.1

Scan saved at 11:36:22 PM, on 5/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)

(...)

Copy and paste on the www.hijackthis.de website and click Analyze button..

AndyManchesta · May 10, 2005

Hi there you have a few problems i know this isnt really
the right place for hijack logs but you should fix these
entries anyway

Hijack this should be put either on the desktop or in the
c drive before fixing anything Right click desktop and
choose new then new folder and name it hijack this and
move hijack into it.

I would advise you to uninstall stopsign it comes from a
company called eAcceleration Corp that install adware

The software components includes, Stop-Sign Computer
Protection Service,OOdlz Ad-Free Games, kon-X Premium
Dialup Service and/or MegDat Personal Media Service.

The software can open pop-up windows, promoting other
products from eAcceleration Corp and also install other
eAcceleration products without user knowledge and
permission.The company was also known for removing and/or
disabling competing apps. These objectionable business
practices were employed primarily during the years 2002-
2003 Purports to detect spyware, malware, viruses and
keyloggers, but is in fact spyware itself

this anti-malware application -- at least in its current
state -- cannot be recommended, given the many excellent
competing anti-virus, anti-trojan, and anti-spyware
applications that are available (some for free).If you
want to keep this software then dont fix the items listed
let me know and i will remove the stop sign ones first
but if you are happy to get rid of it then carry on with
these.

The 010 entry needs fixing but doing so could make you
lose internet connection,it may not but you need to be
aware of the next part incase it does.

To resolve this problem follow these steps:Only do this
after fixing all the items in hijack this,copy it to
notepad and save it incase you need it later and cannot
get on the net

1. Rebuild the Winsock LSP chain. To do this, follow
these steps:

Click Start, click Run, type cmd, and then click OK.
At the command prompt, type the following, and then
press ENTER:

netsh Winsock reset

When the program is finished, you will receive the
following message:
Successfully reset the Winsock Catalog. You must restart
the machine in order to complete the reset.

Close all open programs and put a tick next to all of
these using hijack this,then choose fix checked

R3 - Default URLSearchHook is missing

O2 - BHO: ohb - {49256FE8-6394-4ACE-939C-22F35CA042AD} -
C:\WINDOWS\system32\zippy.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton
AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll (file missing)

is showing you are missing some norton files This is part
of your Norton Antivirus... runs when your internet
explorer does also checks downloads for viruses so you
need to reinstall the software you have id fix these
entries using hijack this then reinstall your antivirus
software.

O4 - HKLM\..\Run: [EanthologyApp] "C:\Program
Files\Common Files\eAcceleration\eanthology.exe" /b
Startup

File eanthology.exe is related to adware Acceleration
Soft.

O4 - HKLM\..\Run: [StopSignStatus]
Rundll32.exe "C:\Program Files\Common
Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus

O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration
Software\Anti-Virus\stopsignav.exe -k

O4 - HKLM\..\Run: [sginst] C:\PROGRA~1\ACCELE~1\SCRIPT~1
\sginst.exe /upd

O4 - HKLM\..\Run: [dguard] C:\PROGRA~1\ACCELE~1\DOWNLO~1
\dguard.exe

O4 - HKLM\..\Run: [eanth_system_patcher] "C:\Program
Files\Acceleration
Software\SystemPatcher\sys_alert.exe" /Startup

O4 - HKLM\..\Run: [fwservice] C:\Program
Files\Acceleration
Software\StopSignProducts\Firewall\fwservice.exe -startup

O4 - HKLM\..\RunOnce: [StopSignStatus]
Rundll32.exe "C:\Program Files\Common
Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
/ro

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} is Java from Sun microsystems so genuine

O10 - Broken Internet access because of LSP
provider 'c:\program files\newdotnet\newdotnet6_38.dll'
missing

The 016 entries in general are ActiveX controls, and as
long as they're internet based, will be redownloaded and
reinstalled if you ever need them again. Because of that,
it's generally advised to remove any of the 016 entries
that are not known "legitimate" entries.

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

is MsnMessenger Setup Download Control so is genuine.

O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507}
(WebHandler Class) - is from microgaming's site so keep
if you use there site or fix if you dont

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA}
(Sinstaller Class) - dm.screensavers - fix unless you
use the site

O23 - Service: FWService - eAcceleration Corp -
C:\Program Files\Acceleration
Software\StopSignProducts\Firewall\fwservice.exe

Delete all these folders and files from your pc,where
possible take out the whole folder

C:\program files\newdotnet
C:\PROGRA~1\ACCELE~1\SCRIPT~1\scan.exe
C:\Program Files\Common Files\eAcceleration\eanthology.exe
C:\Program Files\Acceleration Software\Anti-
Virus\stopsignav.exe
C:\PROGRA~1\ACCELE~1\DOWNLO~1\dguard.exe
C:\Program Files\Acceleration
Software\SystemPatcher\sys_alert.exe
C:\Program Files\Acceleration
Software\StopSignProducts\Firewall\fwservice.exe

Check add/remove screen for new.net

Also scan for any viruses if you havent already using
both of these:

www.pandasoftware.com/activescan

http://housecall.antivirus.com

Regards

Andy

Hijackthis report please help

Erik Keno

Guest

Mikolaj

AndyManchesta