Hijackthis problem

Right click on file hosts and be sure that both read-only and hidden are unchecked.

Your hosts file should look like this assuming your using XP, which I have to do because you neglected to include any system specs.

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

 

Thats only half the answer. Did you remove the other line, the Kazaa line? Is Kazaa uninstalled?

 

You should run SpyBot S&D but first we need to fix SpyBot's Ignore Products Bug:

I want you to run SpyBot and get into the Advanced mode by selecting Mode and then
Advanced mode. Then select Settings and the in the left column select Ignore Products.
In the right window pane make sure the All products tab is selected. Then in that
window, right click your mouse and choose "Deselect all". Now in the left pane click
at the top on SpyBot S&D and then choose Search for Updates. Download any updates
required. Now click Check for Problems. Fix any that are found.

Let me know if this finds any of those newdotnet items.

 

Did you run it on the other user accounts where you had the problems?
I would have expected SpyBot to find:
C:\windows\temp\newdotnet4_50.dll
C:\windows\temp\newdotnet3_36.dll
C:\windows\temp\newdotnet3_23.dll

If SpyBot does not find and fix these, normally we would boot in safe mode and delete them. But first we have to make sure they are not included in yours LSP chain. You can do that with LSP Explorer for Ad-Aware SE 1.05 plugin for Ad-Aware. You need to run this in each user account.

The file: C:\windows\temp\of_stub_ins_w_2071.exe should be delete too.

You said you get the following message,
"System denied write access to the hosts file. If any hijacked domains are in this file Hijack may not work."

But does HijackThis run anyway. Can you at least get a scan for each account?

Another question: Did you run READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal all steps on each user account?

 

Post the HJT logs for each user account. Post them as attachments and clearly label which user account they are for.

 

I said "Post them as attachments" . Did you read this: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Right now I do not see anything obvious in your logs.
Did you put these restrictions in place in the Admin login?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

If you did this with SpywareBlaster or another tool you could try to remove these restrictions and then see if you still have a problem.

 

Are you sure you did not run a program like SpywareBlaster or SpySweeper or anything else like that to put these restrictions in place?

 

Which user are you talking about? We need to be clear which problems are for which user.

Also awhile back I asked you:

Did you run READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal all steps on each user account?

You never answered. All steps need to be run for each user.

By the way it's SpywareBlaster not SpyBlaster. At least I hope that is what you meant. SpywareBlaster is good. SpyBlaster would potentially be bad. I'm not even sure if it exists.

 

A few messages back you said, "Also I found before I did the unchecking that the start the page had been changed on IE explorer to www.wethere ( or something similar ).
"
Can you tell me exactly what it was? Is it still that way? Does your HJT log show it?
I see no signs of AOL software in your log other than a diag program.

Answer these questions:
1) Is AOL installed? What version?
2) What is the exact problem?
3) Are you saying you can connect using AOL or IE but it's slow?
4) Or can you not connect at all?
5) How are you getting here?
6) Who is your ISP?
7) What kind of connection (dial-up, DSL, cable)?