Currently I am using SpyBot, Trend Micro PCCillin, CW Shredderand hijackthis. However, I have been unable to remove the newdotnet program through hijackthis. After i select and fix it, it returns when i restart my computer. Should I turn off system restore or will this cause me other problems?
Additionally, I had the Web search toolbar added to my browser today. CW Shredder didn't detect anything, neither did spybot, and i couldn't find the toolbar under add/remove programs.
Here is my hijackthis log:
Running processes:
C:\WINDOWS\System32\smss.e
xe
C:\WINDOWS\system32\winlog
on.exe
C:\WINDOWS\system32\servic
es.exe
C:\WINDOWS\system32\lsass.
exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\System32\svchos
t.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spools
v.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\System32\hkcmd.
exe
C:\WINDOWS\System32\DSentr
y.exe
C:\Program Files\Common Files\Real\Update_OB\reals
ched.exe
C:\WINDOWS\System32\spool\
DRIVERS\W3
2X86\3\LMP
DPSRV.EXE
C:\Program Files\Blue Haven Media\KaZooM\KaZooM.exe
C:\Program Files\ABBYY FineReader 5.0 Sprint\CAgent.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_04\bi
n\jusched.
exe
C:\PROGRA~1\SOFTWA~1\Mfcd Acid.exe
C:\Program Files\Window Active\winactive.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\WINDOWS\System32\rundll
32.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\WINDOWS\System32\ctfmon
.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Alset\HelpExpress\Ch
ristopher Hynak\HXIUL.EXE
C:\Program Files\Alset\HelpExpress\Ch
ristopher Hynak\HXDL.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\WINDOWS\DownloadWizard\
DownloadWi
zard.exe
C:\Program Files\Star Alliance Timetable\StarUpdater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kazaa K++\Kazaa.kpp
C:\Program Files\ESTsoft\ALZip\ALZip.
exe
C:\Documents and Settings\Christopher Hynak\Local Settings\Temp\_AZTMP3_\Hij
ackThis.ex
e
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Bar =
http://search200.com/searchbar.htmlR1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Page =
http://search200.com/searchbar.htmlR0 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Start Page =
http://search200.com/passthrough/index.html?http://www.yahoo.comR1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Default_Sear
ch_URL = about:blank
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Search,SearchAssi
stant =
http://search200.com/searchbar.htmlR1 - HKCU\Software\Microsoft\In
ternet Explorer\Search,CustomizeS
earch = about:blank
R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Search Bar =
http://search200.com/searchbar.htmlR1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Search Page =
http://search200.com/searchbar.htmlR1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Default_Sear
ch_URL = about:blank
R0 - HKLM\Software\Microsoft\In
ternet Explorer\Search,CustomizeS
earch = res://C:\PROGRA~1\Toolbar\
toolbar.dl
l/sa
R0 - HKLM\Software\Microsoft\In
ternet Explorer\Search,SearchAssi
stant =
http://search200.com/searchbar.htmlR0 - HKCU\Software\Microsoft\In
ternet Explorer\Toolbar,LinksFold
erName =
R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,SearchAssist
ant =
http://www.websearch.com/ie.aspx?tb_id=3R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,CustomizeSea
rch = res://C:\PROGRA~1\Toolbar\
toolbar.dl
l/sa
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3
D5FEC94A18
3} - C:\PROGRA~1\COMMON~1\WinTo
ols\WTools
B.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
06D7942484
F} - C:\PROGRA~1\SpyBoot\SDHelp
er.dll
O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-E
A101271BC2
5} - C:\Program Files\TV Media\TvmBho.dll (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3
D5FEC94A18
3} - C:\PROGRA~1\COMMON~1\WinTo
ols\WTools
B.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3
DBE0391097
2} - C:\PROGRA~1\Toolbar\toolba
r.dll
O2 - BHO: (no name) - {D4574151-5ED4-3E4F-D8C8-E
B1881658F0
4} - C:\PROGRA~1\OOZEWI~1\activ
emore.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
0A0C908246
7} - C:\WINDOWS\System32\msdxm.
ocx
O3 - Toolbar: (no name) - {DE2CD4BD-369D-411A-A98E-C
1AE8940C0E
0} - (no file)
O3 - Toolbar: (no name) - {C6E69AC3-18C4-4AF9-8260-9
7C32893EAB
0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
09027A5CD4
F} - c:\program files\google\googletoolbar
1.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-6
4B5B4FF55D
0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us
\msntb.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-2
9EA915965E
C} - C:\PROGRA~1\Toolbar\toolba
r.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtr
ay.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.
exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentr
y.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
ched.exe" -osboot
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\
DRIVERS\W3
2X86\3\LMP
DPSRV.EXE
O4 - HKLM\..\Run: [KaZooM] C:\Program Files\Blue Haven Media\KaZooM\KaZooM.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\Updater\wupdater.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\versio
n.exe
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader 5.0 Sprint\CAgent.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bi
n\jusched.
exe
O4 - HKLM\..\Run: [plancdrom] C:\PROGRA~1\SOFTWA~1\Mfcd Acid.exe
O4 - HKLM\..\Run: [winactive] C:\Program Files\Window Active\winactive.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.
exe /s
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDO
T~1.DLL,Ne
wDotNetSta
rtup -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon
.exe
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.
exe /q
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked
.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Ch
ristopher Hynak\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Ch
ristopher Hynak\Client\HelpExp.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKCU\..\Run: [HXDL.EXE] C:\Program Files\Alset\HelpExpress\Ch
ristopher Hynak\HXDL.EXE -from="MANIFEST.DAT" -to="MANIFEST.DAT"
O4 - Startup: eBot.lnk = C:\WINDOWS\DownloadWizard\
DownloadWi
zard.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: StarUpdater.exe.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
O6 - HKCU\Software\Policies\Mic
rosoft\Int
ernet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar
1.dll/cmse
arch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar
1.dll/cmba
cklinks.ht
ml
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar
1.dll/cmca
che.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
\Office10\
EXCEL.EXE/
3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar
1.dll/cmsi
milar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar
1.dll/cmtr
ans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetad
pt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetad
pt.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: Yahoo! Fleet -
http://download.games.yahoo.com/games/clients/y/fltt2_x.cabO16 - DPF: {02BF25D5-8C17-4B23-BC80-D
3488ABDDC6
B} (QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cabO16 - DPF: {11113111-1411-1611-8111-1
1111111141
3} - mhtml:file://c:\nul.mht!
http://www.capital-systems.net//browser.exeO16 - DPF: {15B782AF-55D8-11D1-B477-0
0609709876
4} (Macromedia Authorware Web Player Control) -
http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cabO16 - DPF: {166B1BCA-3F9C-11CF-8075-4
4455354000
0} (Shockwave ActiveX Control) -
http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cabO16 - DPF: {16F2EA75-DF7F-4DA1-9F72-7
2EF6019AF7
9} -
http://www.clinkc.com/bars/Sitehelper.cabO16 - DPF: {33564D57-0000-0010-8000-0
0AA00389B7
1} -
http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CABO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
4455354000
0} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabThanks for your help!
