dl.exe file

  1. 16-10-2006  #1
    brene
    brene is offline Newbie

    dl.exe file

    Hi everyone.

    I recently let my friend's sister use my computer and suddenly I started having this DOS Prompt window pop up and stop my internet.

    Basically:

    I open a program, and this DL.exe box pops up.
    It has some error with Ignore or Cancel in a box.
    It will create a second program verison in the Task Manager that I have to delete before I can get access to internet again. It's very bothersome, but it doesn't really do anything other than that.

    Here is my HJT log.

    Logfile of HijackThis v1.99.1
    Scan saved at 8:27:00 PM, on 10/15/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.myspace.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.2.2.89.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1141917364203
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
    O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackorea.net/update/ilkactx.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{44A9D15B-E3C8-45CC-9A69-9F8FC3257A85}: NameServer = 205.152.37.23 205.152.144.23
    O17 - HKLM\System\CS1\Services\Tcpip\..\{44A9D15B-E3C8-45CC-9A69-9F8FC3257A85}: NameServer = 205.152.37.23 205.152.144.23
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


    Thanks.
  2. 16-10-2006  #2
    brene
    brene is offline Newbie
    It may be connected to Gaelicum.A, trying to use the Gaelicum fixer from AVG and seeing what's up
  3. 16-10-2006  #3
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    Welcome,



    You currently have a program New.Net on your system that is malware and is seriously compromising your internet connection. The safe removal of this program and restoration of your connection is our prime concern at the moment.
    1. As precautionary measures, please do the following:
      1. backup the registry by going to Start>Run> and type ‘regedit’ without the quotes. Then on the file menu choose ‘backup registry’ in Windows 9x and ‘export’ in XP.
      2. Download the LSPfix.txt and read the readme file.
      3. Download LSPfix.zip or LSPfix.exe

        Use this program only if you can not connect to the Internet after removing New(Dot)Net.
      ---------------------------------------------------------
    2. Follow these steps to remove NewDotNet:
      1. Go to Start -> Control Panel.
      2. Uninstall NewDotNet (New.Net) from Add/Remove Programs
      3. Using Windows Explorer, DELETE This folder and all its content: C:\Program Files\New.Net
      ------------------------
    3. If there are problems:(And only if there is a problem)

      If there is no uninstall program listed then do the following:
      Go to http://www.newdotnet.com/removal.html; scroll down to Procedure 4 and follow the removal instructions.

      If you can not connect to the Internet after removing New(Dot)Net, please run the LSP-Fix program downloaded earlier, and click on the "Finish" button.
      ***To start the LSPfix....Close all windows except LSPfix

      Launch LSPfix.zip and install to its own folder, then click on LSPfix.exe. Or click on LSPfix.exe and it will launch the program.
      -----------------------------
    4. REBOOT your system.
    5. Finally, run HijackThis, click SCAN, produce a LOG and POST it in this thread for review.
+ Reply to Thread
« Firefox has encountered an error... | Spyware & Virus' 1 - Me, 0 »