My kids computer has NewDotNet on it. If I remember correctly, it requires a special fix?? I haven't done anything at this point. Waiting for the pros.

Also note that this machine has two user accounts if that is important. Both Admin.

Thanks in advance.

Here is the HJT log. Newest version. 1.99 :)


Logfile of HijackThis v1.99.0
Scan saved at 9:20:45 PM, on 12/15/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOELoader.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\FASTDE~1\FAST2.EXE
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Documents and Settings\All Users\Documents\spyware tools\hijackthis\HijackThis.exe

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOELoader.exe"
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKCU\..\Run: [FAST Defrag] C:\PROGRA~1\FASTDE~1\FAST2.EXE -tray
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Hijacked Internet access by New.Net
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Read here, posts 6 and 7 (David Eaton and BudFred) are pertty specific, but you might want to read the whole thread. . .


http://www.pcguide.com/vb/showthread.php?t=33359&highlight=NewDotNet

Thanks Donn. I will take care of it tomorrow after work.

Here are the instructions from their web site (http://www.new.net/help_faq.tp#p5)

Thanks guys. All cleaned up. I thought it was going to be a hard one. :D

Post a new log to make sure you are clear of malware....

Sorry it took so long, I was to busy yesterday.

Just so you know, I removed a couple "Quicksearch searchbar" entries. A toolbar and a BHO. I also ran Spybot and AdAware, both came up clean.

Thanks Again.


Logfile of HijackThis v1.99.0
Scan saved at 8:26:51 AM, on 12/17/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOELoader.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe
C:\PROGRA~1\FASTDE~1\FAST2.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\All Users\Documents\spyware tools\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOELoader.exe"
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe
O4 - HKCU\..\Run: [FAST Defrag] C:\PROGRA~1\FASTDE~1\FAST2.EXE -tray
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

You look clean to me. How is the system running?

If you're back to normal--probly a good time to do a good general clean up --from recycle bin to defrag and all points between, the whole nine yards.

All seams to be back to normal.

Good suggestion Donn. I tend to neglect the kids computer somewhat. It has probably been a month or so since I defragged their computer. :o

Thanks guys. :)

Rules for Safe Computing:

1. Stop using Internet Explorer. At this time, there is NO reason not to use FireFox. It is faster, safer, easier to customize and all around a better web browser than IE.

2. Install a good firewall. Either Sygate (http://www.sygate.com/firewall/), Kerio (http://www.kerio.com/kpf_download.html), or Zone Aalarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp;jsessionid=BzJnZDxzyCUCcyZMB2t0Qco 5IgutuYlrOMI5snmy1ZptQ2vOr1l1!776180791!-1062696904!7551!7552!-2099742426!-1062696903!7551!7552). All have free versions and all are superior to Norton Internet Security.

3. Download and install Spywareblaster (http://www.javacoolsoftware.com/sbdownload.html). Keep it updated.

4. Store your temporary Internet files on a RAM drive so they are gone at each re-boot or download Eraser (http://www.heidi.ie/eraser/download.php) and use it to regularly zap your TIF and TEMP files.

5. Keep your antivirus software up to date and scan regularly.

6. Keep Windows up to date and apply all patches.

7. Be sure to backup your important data files.

Thanks Classic. I do all that with the exception if the RAM drive. I saw the thread awhile back about it. I will look into it further.

Have been using Firefox for some time now. Have IE blocked except for Win updates.

My guess about the NewDotNet thing is my youngest daughter probably downloaded something that she didn't ask about first. She is 11 and getting sneaky on me. Just the other day I had to remove the windows logon password she put on there without asking or telling me the PW. LOL! I don't think so!

Thanks again.

Also note that this machine has two user accounts if that is important. Both Admin.


Change her account to limited. That should stop any system changes. Kids should never have Admin accounts to begin with, too easy to scrap the OS or lock everyone else out entirely. You can also password both accounts yourself, give her only the password to her account and keep a copy yourself, and if it's a limited account she won't be able to do any serious damage or make system changes.

JLReich:


If you are comfortable using it--I use RegSeeker before I Defrag (other times too), you might want to use it, make sure to check the little box that says 'back-ups before deletion" in the lower left on the title page.


:cool:

I had the 11 year old on limited account to begin with, then she couldn't play a couple games that she really liked. So changed to Admin with a stern warning not to screw with things. :rolleyes: Well, she is the "Dennis the Menace" type. Got to touch anything and everything. I had to get on her about deleting things, and moving things she shouldn't, and almost change her back to limited a couple of times. I guess I need to talk to her again. :rolleyes:

I went through their computer last night, found duplicates of pictures and other crap files where she had tried to move stuff and would copy things instead. LOL. It all added up to 1.6GB, and on a 10GB HDD that's a lot. And they wonder why I won't let them on my computer. :rolleyes:

I am building them a new computer for Christmas. After I get it all setup, I am going to do a full backup on external HDD. I just might put 11 year old on limited after I install some of her games.


Donn, I do have Norton System Works 2004(the only Norton product I still use). I think it does a fair job of cleaning things up. But it wouldn't hurt to try one of the reg cleaners. It would probably do a more thorough job.

Thanks Guys

imho, and from experience:

NSW's only good features are the AV and its reg cleaner. When I had it 2 yrs ago, it gave me sucha problem with downloads that I had to uninstall it whenever I did a download, not disable it--UNINSTALL it. I finally let it go--did not renew it. I don't know what the state of things with Norton is now or this program. For a long time Norton has been known as a resource hog, but they may have worked on that by now--others here 'bouts will be more informed on that and that the state of NSW in particular than I am.

JIC you don't know, one should always disable the AV when installing a download. That is AFTER you get the download, and as soon as you see the 'Install Wizard" or install window--however it says installation will begin when you click 'install' or 'next,' then I log off the net, disable the AV (rightclick tray icon), and ctrl-alt-delete to close program the AV listing(s). Then, and only then, proceed with the download. Some downloads don't let you do that, they just steam right through. Fate.

The problem with NSW is (was) Clean Sweep mostly, but the Utilities in general--just get in the way of downloads. So, IF you are having trouble in that area, this may be something for you to consider.

(edit = additions)

:cool:

The only thing I use NSW for is the utilities. I have everything disabled at startup. No monitoring or anything like that. I have seen posts here in the past where many did not like NSW. I have had no problems with it in over a year. If you disable all the startup options, it doesn't use system resources, or very little. I also find it a good toolbox item, as you can run the utilities from the CD.

Don't get me wrong, I am not a big fan of Norton. I have NIS, stopped using that about 8 months ago. I was using the parental controls, and it was a major resource hog. It also interfered with to many programs. As you said, I just had to let it go.