newdotnet

Does anyone know what newdotnet is and can I get rid of it. I uncheck it in msconfig, startups, but it keeps coming back. I deleted it in the registry at HKLM\software\microsoft\windows\current version\run, but it also keeps coming back. Have not tried this in Safe Mode yet and do not know if I should. Any help will be appreciated.

 

I do know what Newdotnet is, and you do not want it. Go to the Quicklinks page below and get Spybot, Ad-Aware and HijackThis. Install both Ad-Aware and Spybot, and update them both.
Use Ad-Aware with the Custom Full Scan, and when you have Spybot check for problems, let it remove everything it has checked off. Reboot.
Unzip HijackThis into it's own folder, do a Scan, and then post it's log onto here. Do not 'fix' anything with HJT, yet. It is a tool, and doesn't know bad from good.

 

Ran Spybot, then Adaware. Following is Hijackthis.
Logfile of HijackThis v1.98.2
Scan saved at 11:57:20 AM, on 9/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
D:\Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Clean Cache.bat
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink Toolbar\Pnel.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink Toolbar\Pnel.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1092891458688

 

Ran Spybot, then Adaware. Found NDNuninstall in the Windows directory.Following is Hijackthis.
Logfile of HijackThis v1.98.2
Scan saved at 11:57:20 AM, on 9/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
D:\Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Clean Cache.bat
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink Toolbar\Pnel.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink Toolbar\Pnel.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1092891458688[/QUOTE]

 

A² will remove QuickSearchBar for you and they offer a 30 day free trial version. I really don't know that just the obvious removals will get rid of it completely. Don't know that they won't either - just not sure.

O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com - a worthless hosts file entry (probably from a previous baddie) so run HJT and check it for removal.

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Clean Cache.bat - do you know exactly what Clean Cache.bat is doing? It may be perfectly legit but you want to make sure.

 

Thanks markp62 and Newt. I got rid of
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Clean Cache.bat is a batch file that I made to delete some temp files at bootup.
I think the QuickSearchBar is part of the EarthLink Toolbar setup. I do not know, yet if it is worth anything. It shows up under the Address bar on Internet Explorer, which I use to get Windows Updates. Not much else. I usually use Opera. Like it much better.

 

Nope on Quicksearchbar being part of Earthlink - or at least I really hope not. Try new.net istead and flagged as a 'get rid of this item' on several very good sites including TTonyKlein's BHO Collection / BHOList by Merijn on computercops.biz.

X 82315A18-6CFB-44a7-BDFD-90E36537C252: QuickSearchBar*_**.dll (* = digit) - New.Net QuickSearch, http://cexx.org/newnet.htm

 

Downloaded A Squared and ran it. It found 2 instances of Malware.
C:\Program Files Common Files\updater\delupdate.exe
C:\Program Files\incredifind\BHO\incfindBHO.dll
I deleted them. It did not find QuickSearchBar as Malware, so I cannot delete it from there. It is in Add Remove Programs. Should I remove it from there.

 

I would if I had it.

 

NewDotNet can be removed from add/remove programs.... but you MUST be online to remove it... I find it removes easily,,,, and I always run Spybot immediately afterwards just to make sure its gone....

BTW... It also creates a directory in your Windows main folder that I've always had to remove manually....

 

Removed the QuickSearchBar in AddRemovePrograms? The folder and .dll file are still in C:\Program Files. Now what do I do.

 

Reboot and delete them, as well as the NewDotNet folder, as suggested.

 

Seems as though all junk is deleted. Not in msconfig Startups, or Services. Will rerun Spybot and Adaware tomorrow. Thanks to all!!!

 

Great! If you haven't done so already, I recommend you also open Spybot and click mode on the toolbar, then advanced mode. Click immunize in the left pane, then immunize again, this time from above with the green + beside it. Click the link below that for SpywareBlaster, download, install and update. Check for updates weekly. Still in Spybot, click tools in the left pane, then resident and check the box for SD Helper. Then click IE tweaks and at least lock the HOSTS file. Then download and install IESpyads.

That will give you an added layer of protection against unwanted parasites.

 

Thanks noahdfear. I had Spybot 1.1, so I installed 1.3. Will run it to see what happens. I checked Add Remove Programs, I had NewDotNet & QuickSearchBar again. Must have got them from a web site somewhere. Will check after visiting each site, and see if I can find it. Downloaded SpywareBlaster and IESpyads. Appears that these work with Internet Explorer. I use Opera Regularly. May install anyway, just in case.

 

You should probably post another HJT log too. Pretty sure SpywareBlaster protects Mozilla also. Isn't Opera essentially the same thing? If New.net doesn't effectively uninstall through add/remove, use procedure #4 here.

Good to hear you upgraded Spybot.

 

I ran Spybot and it found 6 items. Removed. Ran Adaware and it found 4 items. Removed. Ran A Squared and it found 2 items of malware. Removed. There ought to be a law. Oh well it probably would not work. What a way to spend an afternoon. Do not have NewDotNet or QuickSearchBar back yet. Will keep an eye open for them. Below is my latest HijackThis

Logfile of HijackThis v1.98.2
Scan saved at 5:14:30 PM, on 9/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
D:\Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Clean Cache.bat
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink Toolbar\Pnel.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink Toolbar\Pnel.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1092891458688