TechSpot

computer cleanup w/ hjt log

By Victor587
May 26, 2006
  1. I am attempting to clean up my laptop. Could someone please analyze my hijackthis log? I would really appreciate it. Thanks.
     
  2. Spike

    Spike TS Evangelist Posts: 2,168

    First, follow these instructions on using LSPfix to remove your new.net entries... http://www.techspot.com/vb/topic18355.html

    Boot into Safe mode, disable sytem restore, and show hidden files and folders.

    Open a command prompt, and issue the following command...
    regsvr32 /u C:\WINDOWS\system32\l62slgf7162.dll

    Then, go to the system32 folder and delete the file l62slgf7162.dll

    Next, Run HJT and let it fix...

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
    O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
    O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\l62slgf7162.dll (file missing)

    Enable system restore, and reboot into normal mode.

    Update windows to SP2, install an antivirus and firewall

    Scan with HJT, and post a fresh log for us to check :)
     
  3. Victor587

    Victor587 TS Rookie Topic Starter Posts: 47

    Thank you for your help. It seems that I am still having some trouble with popups, though. Here is my fresh log.
     
  4. Spike

    Spike TS Evangelist Posts: 2,168

    Ok, try, without going back into safe mode,

    open a cmd window...
    regsvr32 /u C:\WINDOWS\system32\en62l1jo1.dll (tell me if there's a problem)

    regsvr32 /u "C:\PROGRAM FILES\NEWDOT~1\NEWDOT~2.DLL"

    Run the LSP fix again, then run HJT, fix anything to do with that 020 DLL, and also anything to do with new.net

    delete the file C:\WINDOWS\system32\en62l1jo1.dll
    Delete the entire directory C:\PROGRAM FILES\NEWDOT~1\

    Post a new log. and we'll see again.
     
  5. Victor587

    Victor587 TS Rookie Topic Starter Posts: 47

    When
    regsvr32 /u C:\WINDOWS\system32\en62l1jo1.dll
    is typed into the command window, a box pops up titled RegSvr32.
    It states the following...
    LoadLibrary("C:\WINDOWS\system32\en62l1jo1.dll")failed - The process cannot access the file because it is being used by another process.

    When
    regsvr32 /u "C:\PROGRAM FILES\NEWDOT~1\NEWDOT~2.DLL"
    is typed into the command window, a box pops up titled RegSvr32.
    It states the following...
    DllUnregisterServer in C:\PROGRAM FILES\NEWDOT~1\NEWDOT~2.DLL failed.
    Return code was: 0x8002801c

    When I tried to delete the file C:\WINDOWS\system32\en62l1jo1.dll, a box came up stating that it was being used by another program and to close any and all programs that might be using the file. The only programs that I have running (to my knowledge) are this site, HijackThis, and the system32 folder.

    I could not delete the directory C:\PROGRAM FILES\NEWDOT~1\ either. A box popped up stating the same reason as above.

    I ran LSP fix again successfully and I also ran HJT and successfully deleted anything to do with 020 DLL and new.net, however a problem did occur. When I ran HJT again, what I had successfully deleted/fixed before had returned and after running HJT several times, they continued to return and not appear to be deleted or fixed.

    I will post my HJT log again, but I believe that you'll find it to be the same as before because what I attempted to delete returned.

    EDIT:
    After I posted this, I closed all programs which I am aware of running on my computer and again attempted to delete the file C:\WINDOWS\system32\en62l1jo1.dll and the directory C:\PROGRAM FILES\NEWDOT~1\. The boxes claiming that the file and directory were being used by another program popped up once again. I was still unsuccessful in my attempt to delete them.
     
  6. gmuser2006

    gmuser2006 TS Rookie Posts: 37

    Boot into safe mode.

    Turn off system restore. (XP/ME only)

    In Windows Explorer, turn on "Show all files and folders, including hidden and system".

    Press Control+Alt+Delete to open the task manager.
    Go to the Processes tab and close the following processes if found:

    rundll32.exe <-- There are several, make sure you get them all


    After that open a command window (Click Start-->Run and type 'cmd' without the quotes)

    Type this and then press enter:
    regsvr32 /u C:\WINDOWS\system32\en62l1jo1.dll

    Type this and then press enter:
    regsvr32 /u "C:\PROGRAM FILES\NEWDOT~1\NEWDOT~2.DLL"


    After that run HJT and have it fix (mark the box next to the entry) the following if found:

    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

    O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\en62l1jo1.dll

    After marking the above entries press the Fix Checked button.


    Delete the following files and/or folders:
    C:\PROGRA~1\NEWDOT~1\
    C:\WINDOWS\system32\en62l1jo1.dll

    Reboot into Normal mode and turn System Restore back on.

    Run HJT and post a new log as an attachment.
     
  7. Spike

    Spike TS Evangelist Posts: 2,168

    Yes, that might work. It's a case of identifying the process that's keeping those files in use.

    Don't forget that you will need to run LSPfix to fix you internet access though.
     
  8. Victor587

    Victor587 TS Rookie Topic Starter Posts: 47

    I did everything as specified by gmuser2006.
    I ran into very few issues this time.

    I don't know if this is what was supposed to happen when I was in the command window or not, but when I typed in regsvr32 /u C:\WINDOWS\system32\en62l1jo1.dll a box came up saying that the specified module could not be found. When I typed in regsvr32 /u "C:\PROGRAM FILES\NEWDOT~1\NEWDOT~2.DLL", a box came up saying that it failed and the return code: 0x8002801c was given.

    I ran HJT and had it fix O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s. However, O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\en62l1jo1.dll was not found.

    I first uninstalled (because there was an unistall button/program) NEWDOT and then deleted the entire folder and all its contents.

    When I went to delete en62l1jo1.dll, I could not find it (which I assumed was the cause for not finding it during the run of HJT and when it was typed into the command box).

    I don't think that any of this is a problem, but I figured that I'd say exactly what happened just in case there is something wrong with any of it.

    The popups seemed to have stopped, but I cannot be entirely sure at this point. It does seem that my computer is fixed, though.

    Thanks so much for your help!

    Here is my new log.
     
  9. Spike

    Spike TS Evangelist Posts: 2,168

    Well, you learn something new every day. I didn't realise that you could uninstall new.net from add/remove programs!

    anyhow... Run HJT, and let it fix

    O4 - HKLM\..\Run: [cyazsjdA] C:\WINDOWS\cyazsjdA.exe
    O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\gp8sl3l71.dll (file missing)


    and then delete the file C:\WINDOWS\cyazsjdA.exe

    That should be all done then :)
     
  10. Victor587

    Victor587 TS Rookie Topic Starter Posts: 47

    Alright, that is done. :) Thank you so much for all of your help! I really appreciate it!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...