computer cleanup w/ hjt log

Status
Not open for further replies.
V

Victor587

Posts: 47   +0
I am attempting to clean up my laptop. Could someone please analyze my hijackthis log? I would really appreciate it. Thanks.
 
First, follow these instructions on using LSPfix to remove your new.net entries... https://www.techspot.com/vb/topic18355.html

Boot into Safe mode, disable sytem restore, and show hidden files and folders.

Open a command prompt, and issue the following command...
regsvr32 /u C:\WINDOWS\system32\l62slgf7162.dll

Then, go to the system32 folder and delete the file l62slgf7162.dll

Next, Run HJT and let it fix...

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\l62slgf7162.dll (file missing)

Enable system restore, and reboot into normal mode.

Update windows to SP2, install an antivirus and firewall

Scan with HJT, and post a fresh log for us to check :)
 
Thank you for your help. It seems that I am still having some trouble with popups, though. Here is my fresh log.
 
Ok, try, without going back into safe mode,

open a cmd window...
regsvr32 /u C:\WINDOWS\system32\en62l1jo1.dll (tell me if there's a problem)

regsvr32 /u "C:\PROGRAM FILES\NEWDOT~1\NEWDOT~2.DLL"

Run the LSP fix again, then run HJT, fix anything to do with that 020 DLL, and also anything to do with new.net

delete the file C:\WINDOWS\system32\en62l1jo1.dll
Delete the entire directory C:\PROGRAM FILES\NEWDOT~1\

Post a new log. and we'll see again.
 
When
regsvr32 /u C:\WINDOWS\system32\en62l1jo1.dll
is typed into the command window, a box pops up titled RegSvr32.
It states the following...
LoadLibrary("C:\WINDOWS\system32\en62l1jo1.dll")failed - The process cannot access the file because it is being used by another process.

When
regsvr32 /u "C:\PROGRAM FILES\NEWDOT~1\NEWDOT~2.DLL"
is typed into the command window, a box pops up titled RegSvr32.
It states the following...
DllUnregisterServer in C:\PROGRAM FILES\NEWDOT~1\NEWDOT~2.DLL failed.
Return code was: 0x8002801c

When I tried to delete the file C:\WINDOWS\system32\en62l1jo1.dll, a box came up stating that it was being used by another program and to close any and all programs that might be using the file. The only programs that I have running (to my knowledge) are this site, HijackThis, and the system32 folder.

I could not delete the directory C:\PROGRAM FILES\NEWDOT~1\ either. A box popped up stating the same reason as above.

I ran LSP fix again successfully and I also ran HJT and successfully deleted anything to do with 020 DLL and new.net, however a problem did occur. When I ran HJT again, what I had successfully deleted/fixed before had returned and after running HJT several times, they continued to return and not appear to be deleted or fixed.

I will post my HJT log again, but I believe that you'll find it to be the same as before because what I attempted to delete returned.

EDIT:
After I posted this, I closed all programs which I am aware of running on my computer and again attempted to delete the file C:\WINDOWS\system32\en62l1jo1.dll and the directory C:\PROGRAM FILES\NEWDOT~1\. The boxes claiming that the file and directory were being used by another program popped up once again. I was still unsuccessful in my attempt to delete them.
 
Boot into safe mode.

Turn off system restore. (XP/ME only)

In Windows Explorer, turn on "Show all files and folders, including hidden and system".

Press Control+Alt+Delete to open the task manager.
Go to the Processes tab and close the following processes if found:

rundll32.exe <-- There are several, make sure you get them all


After that open a command window (Click Start-->Run and type 'cmd' without the quotes)

Type this and then press enter:
regsvr32 /u C:\WINDOWS\system32\en62l1jo1.dll

Type this and then press enter:
regsvr32 /u "C:\PROGRAM FILES\NEWDOT~1\NEWDOT~2.DLL"


After that run HJT and have it fix (mark the box next to the entry) the following if found:

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\en62l1jo1.dll

After marking the above entries press the Fix Checked button.


Delete the following files and/or folders:
C:\PROGRA~1\NEWDOT~1\
C:\WINDOWS\system32\en62l1jo1.dll

Reboot into Normal mode and turn System Restore back on.

Run HJT and post a new log as an attachment.
 
Yes, that might work. It's a case of identifying the process that's keeping those files in use.

Don't forget that you will need to run LSPfix to fix you internet access though.
 
I did everything as specified by gmuser2006.
I ran into very few issues this time.

I don't know if this is what was supposed to happen when I was in the command window or not, but when I typed in regsvr32 /u C:\WINDOWS\system32\en62l1jo1.dll a box came up saying that the specified module could not be found. When I typed in regsvr32 /u "C:\PROGRAM FILES\NEWDOT~1\NEWDOT~2.DLL", a box came up saying that it failed and the return code: 0x8002801c was given.

I ran HJT and had it fix O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s. However, O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\en62l1jo1.dll was not found.

I first uninstalled (because there was an unistall button/program) NEWDOT and then deleted the entire folder and all its contents.

When I went to delete en62l1jo1.dll, I could not find it (which I assumed was the cause for not finding it during the run of HJT and when it was typed into the command box).

I don't think that any of this is a problem, but I figured that I'd say exactly what happened just in case there is something wrong with any of it.

The popups seemed to have stopped, but I cannot be entirely sure at this point. It does seem that my computer is fixed, though.

Thanks so much for your help!

Here is my new log.
 
Well, you learn something new every day. I didn't realise that you could uninstall new.net from add/remove programs!

anyhow... Run HJT, and let it fix

O4 - HKLM\..\Run: [cyazsjdA] C:\WINDOWS\cyazsjdA.exe
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\gp8sl3l71.dll (file missing)


and then delete the file C:\WINDOWS\cyazsjdA.exe

That should be all done then :)
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
481
eriksnyman1
E
A
Kioxia sent 130 TB of solid-state storage to the International Space Station
Replies
0
Views
162
Alfonso Maruccia
A
O
Syngate - what is it and why has it shown up on my laptop?
Replies
2
Views
297
Nelson28
N

Latest posts

Back