Cannot remove (((O10 - Hijacked Internet access by New.Net))

after running hjt several times I keep getting entries saying" O10 - Hijacked Internet access by New.Net". Does anyone know how I can get this off of my machine?

HJT below:
**********
Logfile of HijackThis v1.99.1
Scan saved at 7:44:58 AM, on 5/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\offnet\DOWNLO~1\DAP\DAP.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
D:\Program Files\hijack this\HijackThis.exe
C:\program files\internet explorer\iexplore.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\WINDOWS\system32\regsvr32.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\offnet\download accelorator\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadAccelerator] C:\offnet\DOWNLO~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-aware.exe" +c
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...08ab713c421a:ea3fda0df2f9b3bc67b04dcf28cf3274
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEB67F1E-186B-46C5-AD5D-7B7A6B1F0267}: NameServer = 64.136.20.121 64.136.28.121
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe

 

Hey Riontin, next time read http://forums.majorgeeks.com/showthread.php?t=38752

Also next time go to "Manage Attachments" and load your log file from there thanks

- Did you ever click FIX on the item you checked?

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

C:\Program Files\QuickTime\qttask.exe - YOU DONT NEED THIS RUNNING

O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file) - DELETE

O10 - Hijacked Internet access by New.Net - DELETE
O10 - Hijacked Internet access by New.Net - DELETE
O10 - Hijacked Internet access by New.Net - DELETE
O10 - Hijacked Internet access by New.Net - DELETE
O10 - Hijacked Internet access by New.Net - DELETE

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{AEB67F1E-186B-46C5-AD5D-7B7A6B1F0267}: NameServer = 64.136.20.121 64.136.28.121 - WHATS THIS ?

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s - DELETE

- Save your log file after fixing all these.

 

To remove these entries you will need to run SpyBot S&D. But first, go into Advanced Mode and uncheck ALL of the ignored items as NetDotNet is ignored.

After unchecking all of the ignored items, boot into Safe Mode and have Spybot run a full scan. After you run the scan, go into Add/Remove Programs and uninstall the following:

NewDotNet

WinTools

WindUpdates

Reboot into Normal Mode and then post a fresh HJT log and we will go from there.

 

XspeedyX,

Please leave the fixing to us professional, you missed the MAIN problems in this log.