NewDotNet?

[F1]

Found this entry in the Program Files; did not knowingly install it but it had to have been in the last few days so I'm assuming it somehow slipped past. Spybot, SpyWareBlaster, Ewido do not detect it but I feel it's some kind of badware. Their site is here: http://www.newdotnet.com/

Comments?

[knight0334]

that appz used to be packed with every P2P program out there. Most of the old piggyback appz from yesteryear cleaned themselves up, but still have no legitimate purpose.

[jholland1964]

Info below on NewDotNet

NewDotNet Foistware;

NewDotNet Removal

BUT I would also recommend that you follow PhilliePhan's steps in his sticky to be certain that NewDotNet is the only baddie on the computer;

READ ME Before Posting A Request For Assistance!

Post your HJT log back here and we can take a look.

[F1]

To Bobby: The only P2P program on my system is uTorrent and I don't believe this program came bundled with it.

Judy: Here's the HJT log but I already have gotten rid of the program and all it's traces. The instructions for removing it are wrong as one of the .dll files associated with it cannot be removed unless you are in Safe Mode. Besides SpyBot, SpywareBlaster, Ewido and such, I use an extremely aggressive Registry cleaner to remove any traces.

Logfile of HijackThis v1.99.1
Scan saved at 2:50:25 PM, on 10/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go ogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\freeCommander\freeCommander.exe
c:\hijack this\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.ht m
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go ogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.6.0.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

[jholland1964]

What firewall do you use? Don't see one in the log.
Not sure about this entry;
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.ht m
Have not seen one like this one before.
Otherwise looks ok to me. I will note that SAFE MODE requirement for future reference.

[F1]

What firewall do you use? Don't see one in the log.
Not sure about this entry;
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.ht m
Have not seen one like this one before.
Otherwise looks ok to me. I will note that SAFE MODE requirement for future reference.

I use a hardware firewall so I have no use for a software-based one. The PC Health folder is a Microsoft program for subscription-based Windows OneCare (I don't subscribe)

http://www.microsoft.com/presspass/p...OneCarePR.mspx

[jholland1964]

OK Just wanted to be sure.

[PhilliePhan]

Spybot, SpyWareBlaster, Ewido do not detect it

Interestingly enough, Spybot SD's default setting is to IGNORE New Dot Net (and a couple others) . . . . . I noticed that a few years ago when posters at Majorgeeks were finding NDN a lot. Charlie and I would tell users to reconfigure Spybot SD to remedy this.

Turcoloco had the adjustment for that in the Spybot portion of his Sticky. Hopefully he'll get that back up soon.

PP

[F1]

Thanks for the heads-up on the Spybot, PP. Interestingly enough, it was set to detect NDN although I don't understand why it wasn't. Anyway, thanks to everyone for their input! Much appreciated!

[PhilliePhan]

Thanks for the heads-up on the Spybot, PP. Interestingly enough, it was set to detect NDN although I don't understand why it wasn't. Anyway, thanks to everyone for their input! Much appreciated!

They may have changed that in updates. I haven't done a fresh install of Spybot in a while.
There have been a few instances of "questionable" judgment from anti-spy apps in the past regarding some items that we "malware fighters" consider to be baddies.