Results 1 to 7 of 7

Thread: Problem with NewDotNet(solved)

  1. #1
    Junior Member
    Join Date
    Nov 2005
    Posts
    0

    Default Problem with NewDotNet(solved)

    oh yessss.. ive got exactly the same problem..latest upgrade of edonkey 2000 comes with newdot.net embedded on it and no choice to avoid its installation.. so i had to turn into latest emule version..i did remove the new dot in the proper way and even check with lspfix..and was sure it was sorted out... but today for my surprise i did a download of the latest definitions on spybot and guive my system a scan..as every week...then spybot reported me a couple of registry entries of newdot again:( and when i tried to fix them spybot made a restauration point and said it cant remove them because probably they are charged in the memory..begging me to restart the system and do a fresh scan again...and again, and again.... ..can these entries be removed manually with regedit..any tip for this

    thanks in advance and greetings from spain

    Split off from Spybot-S&D in deutsch.- tashi
    http://forums.spybot.info/showpost.p...94&postcount=1
    Last edited by Ronni king; 2005-11-17 at 13:15.

  2. #2
    Junior Member
    Join Date
    Nov 2005
    Posts
    0

    Default

    :D upss sorry i did not wanted to open a new thread about the same problem..

    in resume ive got a couple of registry entries of newdot.net that spybot is not able to fix because claims they are charged in the memory

    if it helps here is my hijackthis log file but i think its clean

    Logfile of HijackThis v1.99.1
    Scan saved at 11:28:15, on 16/11/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\ccProxy.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
    C:\Archivos de programa\Norton Internet Security\ISSVC.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\AlienGUIse\wbload.exe
    C:\WINDOWS\Explorer.EXE
    C:\Archivos de programa\Ahead\NeroNET\NeroNET.exe
    C:\Archivos de programa\Bluetooth Software\bin\btwdins.exe
    C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
    C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Archivos de programa\iTunes\iTunesHelper.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
    C:\Archivos de programa\Bang & Olufsen\BeoPlayer\Beotray.exe
    C:\Archivos de programa\Roxio\Roxio DVDMax Player\PDVDServ.exe
    C:\Archivos de programa\Fellowes\MediaFACE 4.0\SetHook.exe
    C:\Archivos de programa\CDTray_Control\CDTray_Control.exe
    C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
    C:\Archivos de programa\Bang & Olufsen\BeoPlayer\BeoPlayer.exe
    C:\Archivos de programa\Bluetooth Software\BTTray.exe
    C:\Archivos de programa\iPod\bin\iPodService.exe
    C:\ARCHIV~1\BLUETO~1\BTSTAC~1.EXE
    C:\Archivos de programa\Messenger\msmsgs.exe
    C:\Archivos de programa\eMule\emule.exe
    C:\Archivos de programa\Maxthon\Maxthon.exe
    C:\Program Files\highjack this\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.logista.es/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.logista.es/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARCHIV~1\FlashGet\jccatch.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\fgiebar.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARCHIV~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Beoplayertray] C:\Archivos de programa\Bang & Olufsen\BeoPlayer\Beotray.exe
    O4 - HKLM\..\Run: [RemoteControl] C:\Archivos de programa\Roxio\Roxio DVDMax Player\PDVDServ.exe
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Archivos de programa\Fellowes\MediaFACE 4.0\SetHook.exe
    O4 - HKLM\..\Run: [CDTray_Control] C:\Archivos de programa\CDTray_Control\CDTray_Control.exe
    O4 - HKCU\..\Run: [Controlled StartUp] C:\Archivos de programa\StartUp Organizer\Ctrl.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: BeoPlayer.lnk = ?
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Descargar TODO con FlashGet - C:\Archivos de programa\FlashGet\jc_all.htm
    O8 - Extra context menu item: Descargar usando FlashGet - C:\Archivos de programa\FlashGet\jc_link.htm
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{373B6BCB-006F-4241-AB36-493D4A903921}: NameServer = 80.58.0.33,80.58.32.97
    O20 - Winlogon Notify: WB - C:\Archivos de programa\AlienGUIse\fastload.dll
    O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Archivos de programa\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Archivos de programa\Norton Internet Security\ISSVC.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
    O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NeroNET - Ahead Software AG - C:\Archivos de programa\Ahead\NeroNET\NeroNET.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe

  3. #3
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hi Ronni

    Can we see a SpyBot report taken after fixing please
    Open SpyBot 1.4, check for and get any updates available, close all browsers, check for problems and fix everything found. Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools,and view report, ensure all the options are select near the bottom except
    Uncheck[ ] do not report disabled or known legitimate Items,
    uncheck[ ] Include a list of services in report.
    Uncheck[ ] Include uninstall list in report.
    Now select (near the top) view report, Press export, in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button , navigate to and attach or post that report please.

  4. #4
    Junior Member
    Join Date
    Nov 2005
    Posts
    0

    Default

    thanks lonni, problem its sorted out, it was my fault,..in fact you did help.

    It was just when you posted when i realize that i STILL had spybot version 1.3 in this computer :o,

    uninstalled it reinstall 1.4 and spybot fixed it perfectly.

    the registry entries tha spybot 1.3 could not remove are this

    --- Search result list ---
    NewDotNet: Configuración del usuario (Registry key, fixing failed)
    HKEY_USERS\S-1-5-18\Software\new.net

    NewDotNet: Configuración del usuario (Registry key, fixing failed)
    HKEY_USERS\.DEFAULT\Software\new.net

    thanks a lot for your time and attention, i do really apreciate it

  5. #5
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hi
    A simple registry import can fix that
    Launch Notepad (not wordpad), and copy and paste the Bolded below into a new text file.
    Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.


    REGEDIT4

    [-HKEY_USERS\S-1-5-18\Software\new.net]
    [-HKEY_USERS\.DEFAULT\Software\new.net]


    Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.


    Edit to add:
    uninstalled it reinstall 1.4 and spybot fixed it perfectly.

    Ok great, skip the reg file

  6. #6
    Junior Member
    Join Date
    Nov 2005
    Posts
    0

    Default

    ok nice tip for the next time,thanks again mate

  7. #7
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,956

    Default

    Glad we could help.

    As the malware problem appears to be resolved this topic will be archived.
    If you need the topic reopened please pm me.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •