Ok, so we were chating with people on AIM last night. Trying to get some pics of them. This morning I couldn't use the task manager. I am using the adminastrator acount so, WTF!?

I doubt AIM has anything to do with your problem.

So what else did you do before this occured?

Wait I got it! It may have something to do with AIM after all or rather the file you got from it.

You've got the Netstatt.exe virus. If you have an anti-virus software run it just to make sure if it is causing your problem.

Check this link (http://windowsxp.mvps.org/ToolsQuit.htm) out for more details on the virus and how to remove it.

*Get Hijack this! and keep it in your root directory. Its a really, really handy program. It detects spyware, adware, trojans and viruses but Its not as user friendly as other softwares.

can you give me a link to Hijack This ? i googled it and found some form of demo-ware... it detected stuff, but wouldnt delete it.
thanks

doubleklick on the frame of the taskmanagaer ... i had the same problem

HijackThis! isnt a demoware its a fully functional freeware program. Maybe you downloaded something different or if someones trying to sell you this software contact:
merijn@spywareinfo.com

HijackThis! (http://www.zerosrealm.com/downloads/hjt.zip)

Download it in your root directory then extract the .zip file there. It doesn't install any shortcuts.

Run the program then click Scan. It would show a list of start-up programs. Click Save log. Save the log and than open it. Post the content of the log here so I could tell you what to fix. Not all programs that are listed should be deleted.

The log should look like this:

Logfile of HijackThis v1.97.7
Scan saved at 9:16:43 AM, on 11/15/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D: \WINDOWS\System32\smss.exe
D: \WINDOWS\system32\winlogon.exe
D: \WINDOWS\system32\services.exe
D: \WINDOWS\system32\lsass.exe
D: \WINDOWS\system32\Ati2evxx.exe
D: \WINDOWS\system32\svchost.exe
D: \WINDOWS\System32\svchost.exe
D: \Program Files\TGTSoft\StyleXP\StyleXPService.exe
D: \WINDOWS\system32\spoolsv.exe
D: \Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C: \PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C: \PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D: \WINDOWS\system32\Ati2evxx.exe
D: \WINDOWS\Explorer.EXE
D: \WINDOWS\mHotkey.exe
C: \PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C: \PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D: \WINDOWS\system32\ctfmon.exe
D: \Program Files\Mozilla Firefox\firefox.exe
C: \Hijack This!\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coursecompass.com/ccindex.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coursecompass.com/ccindex.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.coursecompass.com/ccindex.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C: \Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C: \PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C: \PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D: \WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C: \PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C: \PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [STYLEXP] D: \Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] D: \WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D: \Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D: \Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C: \Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C: \Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D: \PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

goddamn : \ kept showing up as :\

25, your sig owns :)

:D :D :D

Logfile of HijackThis v1.97.7
Scan saved at 4:05:16 PM, on 11/16/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C: \WINDOWS\System32\smss.exe
C: \WINDOWS\system32\winlogon.exe
C: \WINDOWS\system32\services.exe
C: \WINDOWS\system32\lsass.exe
C: \WINDOWS\system32\svchost.exe
C: \WINDOWS\System32\svchost.exe
C: \WINDOWS\system32\spoolsv.exe
C: \PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c: \Program Files\Norton AntiVirus\navapsvc.exe
C: \Program Files\Softex\OmniPass\Omniserv.exe
C: \WINDOWS\System32\svchost.exe
C: \WINDOWS\wanmpsvc.exe
C: \Program Files\Softex\OmniPass\OPXPApp.exe
C: \WINDOWS\Explorer.EXE
c: \WINDOWS\Fonts\lsass.exe
C: \WINDOWS\system32\rundll32.exe
C: \Program Files\America Online 9.0\waol.exe
C: \Program Files\America Online 9.0\shellmon.exe
C: \Program Files\America Online 9.0\aolwbspd.exe
C: \WINDOWS\system32\ctfmon.exe
C: \Program Files\MSN Messenger\msnmsgr.exe
C: \DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hjt.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchgateway.net/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchgateway.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://www.searchgateway.net/search/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = wmplayer.exe //ICWLaunch
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c: \Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C: \PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O4 - HKLM\..\Run: [IgfxTray] C: \WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C: \PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [%WinTask%] c:\WINDOWS\Fonts\lsass.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\RunOnce: [%WinTask%] c: \WINDOWS\Fonts\lsass.exe /RunOnce
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: Download All by FlashGet - C: \Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C: \Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Web Rebates - file://C: \Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Hijacked Internet access by New.Net


There you go.

oops. sorry about the smiley faces. lol

Check the box on the left of these:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchgateway.net/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchgateway.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://www.searchgateway.net/search/%s
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - CProgram Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - CProgram Files\QuickSearch\QuickSearchBar1_27.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - CProgram Files\QuickSearch\QuickSearchBar1_27.dll
O4 - HKLM\..\Run: [New.net Startup] rundll32 C: \PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O8 - Extra context menu item: Web Rebates - file://C: \Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: MoneySide (HKLM)
O10 - Hijacked Internet access by New.Net

then click Fix checked.

After doing this restart your system(optional)
And please download, install and run this program: Lavasoft Ad-aware(Downloads.com) (http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button)

You're being over-run by ad-wares and spy-wares. Ad-aware will get rid of it for you.

Yea, or spybot.

Also, get a fehkin on-access scan program like McAfee. UMD gives them to all students, and its neat that it intercepts viruses even before they are downloaded onto my comp (like, on a website or something).

Thanks for the help. I'm downloading the Lavasoft Adware program now.

I was wondering if you could recommend some very good and effective(and free) virus protection. I been scanning with Norton '03, but it taks WAY too long to update... so I'll take any recommendations.

Thanks in advance.

just out of courosity, did you manage to get rid of new.net?

Nope. I haven't attempted yet.

I got to go to my girl firends house, I'll try it when I get back. She hasen't been to school this whole week, because her brother died in Iraq. My cousin was in the same unit as him. they both were killed.

Her brother was one of my closest friends. He and my cousin were only 20. I didn't reallt like my cousin that much, but it still hurts to lose a family member in a war.


Well I got to go cya all tonight, maybe.

I was wondering if you could recommend some very good and effective(and free) virus protection. I been scanning with Norton '03, but it taks WAY too long to update... so I'll take any recommendations.

Thanks in advance.

I personally use AVG (http://free.grisoft.com/freeweb.php/doc/2/lng/us/tpl/v5)because its low on system resources but a lot of people said that Avast! (http://www.avast.com/eng/down_home.html) is much better.

Nothing beats Kaspersky Anti-virus though but you'll have to pay for it. I tried the trial version and it is extremely low on resource and I didn't get an trojans or viruses while using it.

I love panda. I have registered versions of Kaspersky and Panda.