HijackThis logfile of an older computer, please look!

[Technicalfault]

My Girlfriend's computr she claims has been running slow, I warned her about Warez but... They sadily have norton and dont wanna rid themselves of it, so I scanned with it and a few free one's Virus Wise it's clean I guess. Just lookit this stuff for me and Post what needs to be "fixed" Thanks!

 

[howard_hopkinso]

Your girlfriends computer has been highjacked.

Go HERE and follow the instructions exactly.

Post a fresh HJT log, only after doing the above.

Regards Howard

 

[Technicalfault]

All Set

Did EVERYTHING you told me too and the other things blah blah, Here's the new HJT log. Thanks for all the Help, This is the second comp you have helped me save!

 

[howard_hopkinso]

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

NewDotNet
NEWDOT~1
New.net Application or New.net Domains

Close control panel.

If none are listed, download and run this:www.new.net/support/uninstall6_38.exe

Open your task manager and click on the processes tab. End process for(if there).

2005810205444_mcinfo.exe
mcinfo.exe
ShowWnd.exe

Close task manager.

Run HJT with no other programmes open. Have HJT fix the following(if there).

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll

O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe

O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Owner\LOCALS~1\Temp\2005810205444_mcinfo.exe /insfin

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O10 - Hijacked Internet access by New.Net

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
C:\DOCUME~1\Owner\LOCALS~1\Temp\2005810205444_mcinfo.exe /insfin
ShowWnd.exe
C:\Program Files\NewDotNet\newdotnet7_22.dll

Reboot into normal mode and turn system restore back on.

Post a fresh HJT log.

Regards Howard

 

[Technicalfault]

Most everything there was listed, only I wasnt able to Delete the Newdotnet 7_22.dll file. The System wouldnt let me. Here's a Fresh Log. I removed it Via Add/Remove Programs.

 

[howard_hopkinso]

Your HJT log is clean.

Try this to get rid of the Newdotnet 7_22.dll file.

Boot into safe mode.

Click start/run and type regsvr32 /u C:\Program Files\NewDotNet\newdotnet7_22.dll
into the run box and press the enter key.

See if you can now delete the file.

Post back with the results please.

Regards Howard

 

[Technicalfault]

After the Reboot into safe mode the Whole folder with the 7_22.dll and Newdotnet was Gone before I had done anything, After removing it via Add/Remove it promt me to reboot, Guess that was all It needed, Even still I tried the Above Command in Start - Run. Nothing happend. I see a result in the computer running speed though! So thank you once agian Howard!

 

[howard_hopkinso]

No problem. Glad we could help.

Regards Howard

 

[Technicalfault]

Last question before I leave, Does it matter where I placed Hijackthis? I put it on my desktop but just relized that (unless im confused with ANOTHER program) I should be in it's own location under the C Drive. If so I might need to redo this tomorrow

 

[howard_hopkinso]

You should put HJT in it`s own directory. I.E C:/program files/HijackThis/HijackThis.exe

This is because when you fix something with HJT, it makes a backup, so that it can be restored later on if needed.

You can always copy a short cut to the programme onto your desktop.

Regards Howard

 

[Technicalfault]

oh ok Great, So long as that was the only thing. I still have a System Restore Point but All should be well, Ok thats it!