Hello Daven81. You probably should have just left the first log alone. You have an infection that requires a special fix and only about half of it has been removed so we will be guessing at most of the items that have to be done. Let's see what we can do with what we can see and then move on from there.
Please print these directions and then proceed with the following steps in order.Step #1
Download and install ewido security suite
. Update the program and then close it. Do not run it yet.
The first thing that I see is that you have NewDotNet installed. To remove it follow these directions:
- Please download LSP-Fix and WinSockFix from the following links and save them to a location you can find later if necessary.
- To remove New.net:
- Go to Start | Settings | Control Panel | Add/Remove Programs
- Look for and remove New.Net. If you can't find it, then please go here and follow the removal instructions in Procedure 4 at the bottom of the page.
- If you can not connect to the Internet after removing New.net, please run the LSP-Fix program I had you download earlier, and click on the finish button. If you still have a problem run the WinSockFix program and click the Fix button. Reboot if you run either tool and you should be able to get back on.
and unzip it to its own folder.Step #3Start in Safe Mode Using the F8 method:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
- Use the arrow keys to select the Safe Mode menu item.
- Press the Enter key.
Navigate to the folder you unzipped nailfix.zip into and double-click on nailfix.cmd
. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.Step #5
Start ewido and click on the Scanner
button. On the Scanner page click on My Computer
and then click the Start
button to begin the scan. Let it run to completion and fix anything that it finds.Step #6
Start HijackThis and click the Scan
button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [kltgogd] c:\windows\system32\neklyr.exe
O4 - HKLM\..\Run: [aggfydt] c:\windows\system32\xedcova.exe r
Now close ALL open windows except HijackThis
and click the Fix Checked
button to finish the repair.Step #7We need to make sure all hidden files are showing so please:
Find the following files/folders and delete them (don't worry if they are already gone):C:\PROGRAM FILES\NEWDOTNET\ <--folder
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View tab.
- Under the Hidden files and folders heading select Show hidden files and folders.
- Uncheck the Hide file extensions for known types option.
- Uncheck the Hide protected operating system files (recommended) option.
- Click Yes to confirm.
- Click OK.
OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply
button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.