HijackThis logfile of an older computer, please look!

By Fukurou
Apr 24, 2006
  1. My Girlfriend's computr she claims has been running slow, I warned her about Warez but... They sadily have norton and dont wanna rid themselves of it, so I scanned with it and a few free one's Virus Wise it's clean I guess. Just lookit this stuff for me and Post what needs to be "fixed" Thanks!
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your girlfriends computer has been highjacked.

    Go HERE and follow the instructions exactly.

    Post a fresh HJT log, only after doing the above.

    Regards Howard :)
  3. Fukurou

    Fukurou TS Rookie Topic Starter Posts: 51

    All Set

    Did EVERYTHING you told me too and the other things blah blah, Here's the new HJT log. Thanks for all the Help, This is the second comp you have helped me save!
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Boot into safe mode. See how HERE.

    Turn off system restore.(XP/ME only) See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    NEWDOT~1 Application or Domains

    Close control panel.

    If none are listed, download and run

    Open your task manager and click on the processes tab. End process for(if there).


    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following(if there).

    O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll

    O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe

    O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Owner\LOCALS~1\Temp\2005810205444_mcinfo.exe /insfin

    O4 - HKLM\..\Run: [ Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O10 - Hijacked Internet access by New.Net

    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) -

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    C:\DOCUME~1\Owner\LOCALS~1\Temp\2005810205444_mcinfo.exe /insfin
    C:\Program Files\NewDotNet\newdotnet7_22.dll

    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT log.

    Regards Howard :)
  5. Fukurou

    Fukurou TS Rookie Topic Starter Posts: 51

    Most everything there was listed, only I wasnt able to Delete the Newdotnet 7_22.dll file. The System wouldnt let me. Here's a Fresh Log. I removed it Via Add/Remove Programs.
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    Try this to get rid of the Newdotnet 7_22.dll file.

    Boot into safe mode.

    Click start/run and type regsvr32 /u C:\Program Files\NewDotNet\newdotnet7_22.dll
    into the run box and press the enter key.

    See if you can now delete the file.

    Post back with the results please.

    Regards Howard :)
  7. Fukurou

    Fukurou TS Rookie Topic Starter Posts: 51

    After the Reboot into safe mode the Whole folder with the 7_22.dll and Newdotnet was Gone before I had done anything, After removing it via Add/Remove it promt me to reboot, Guess that was all It needed, Even still I tried the Above Command in Start - Run. Nothing happend. I see a result in the computer running speed though! So thank you once agian Howard!
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    No problem. Glad we could help.

    Regards Howard :)
  9. Fukurou

    Fukurou TS Rookie Topic Starter Posts: 51

    Last question before I leave, Does it matter where I placed Hijackthis? I put it on my desktop but just relized that (unless im confused with ANOTHER program) I should be in it's own location under the C Drive. If so I might need to redo this tomorrow
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You should put HJT in it`s own directory. I.E C:/program files/HijackThis/HijackThis.exe

    This is because when you fix something with HJT, it makes a backup, so that it can be restored later on if needed.

    You can always copy a short cut to the programme onto your desktop.

    Regards Howard :)
  11. Fukurou

    Fukurou TS Rookie Topic Starter Posts: 51

    oh ok Great, So long as that was the only thing. I still have a System Restore Point but All should be well, Ok thats it!
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...