Tech Support Forum - View Single Post

**Horse** · 10-16-2005, 09:43 AM

Hello and welcome to TSF

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If necessary, please ask any questions before proceeding with the procedures below.

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things in the log. It needs to be disabled and can be re-activated once your HijackThis log is clean.

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

Please download LSPFix and save it to a permanent folder. It is highly unlikely that you will need this program, but it is important to have it on hand in case you do. There is a very small chance that after removing New.Net, you may lose your internet connection. If this occurs, close all windows and run the LSPfix tool that you downloaded. Check "I know what I'm doing" and select all entries related to New.Net. Then click >> and remove all entries related to New.Net. Click "Finished". A word of caution here. When you run the program, you may see the file gapsp.dll in the right hand pane. Ths file is a legit file so please move it back to the left pane if you you find it there.

Download DelDomains.inf. Right-click and select Save Target As. Right-click and select install ( There is no need to restart) This will remove all entries in the Trusted Zone"

Download & save to Desktop - UnHookExec.inf
Right-click the UnHookExec.inf file and click install. (This is a small file. It does not display any notice or boxes when you run it.)

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

MyWebSearch
Maxsearch or Free Products

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: XBTP07618 - {2296428D-C133-4928-B76A-A200FF409572} - C:\PROGRA~1\FREEPR~1\freeprod.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe

Please remember to close all other windows, including browsers then click Fix checked.

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Program Files\MyWebSearch
C:\PROGRA~1\FREEPR~1<<< May present as Free Products
C:\Program Files\DNS
windir32.exe

Reboot your system in Normal Mode.

Please do an online scan at Panda ActiveScan

Click on the Scan your PC button & a pop up window shall appear. (Ensure that your pop up blocker doesn't block it)
Click On Next
Enter your e-mail address & click Send. (It will begin downloading Panda's ActiveX controls which are about 8MB in size)
In the next window, & checkmark the following:
- Disinfect automatically
- Scan compressed files
- Scan e-mail files
- Detect unknown viruses (Heuristic)
- Detect spyware
Begin the scan by selecting All My Computer

You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
If it finds any malware, it will offer you a report. Click on see report
Then click Save report
Post the contents of the report in your next reply

Please post a fresh Hijack This log together with the Panda scan log report so that we can check if your system is clean.

10-16-2005, 09:43 AM	#2 (permalink)
Horse General Manager (Administrator) Join Date: Oct 2003 Location: Durban South Africa Posts: 4,284 OS: WIN XP PRO My System Blog Entries: 1	Hello and welcome to TSF Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If necessary, please ask any questions before proceeding with the procedures below. Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option. While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things in the log. It needs to be disabled and can be re-activated once your HijackThis log is clean. Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose "Yes" at the Warning prompt. Expand the "Tools" menu. Click "Resident". Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box. In the File menu click "Exit" to exit Spybot Search & Destroy. Please download LSPFix and save it to a permanent folder. It is highly unlikely that you will need this program, but it is important to have it on hand in case you do. There is a very small chance that after removing New.Net, you may lose your internet connection. If this occurs, close all windows and run the LSPfix tool that you downloaded. Check "I know what I'm doing" and select all entries related to New.Net. Then click >> and remove all entries related to New.Net. Click "Finished". A word of caution here. When you run the program, you may see the file gapsp.dll in the right hand pane. Ths file is a legit file so please move it back to the left pane if you you find it there. Download DelDomains.inf. Right-click and select Save Target As. Right-click and select install ( There is no need to restart) This will remove all entries in the Trusted Zone" Download & save to Desktop - UnHookExec.inf Right-click the UnHookExec.inf file and click install. (This is a small file. It does not display any notice or boxes when you run it.) Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs: MyWebSearch Maxsearch or Free Products Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: XBTP07618 - {2296428D-C133-4928-B76A-A200FF409572} - C:\PROGRA~1\FREEPR~1\freeprod.dll O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe *Please remember to close all other windows, including browsers then click Fix checked.* Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears). Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\Program Files\MyWebSearch C:\PROGRA~1\FREEPR~1<<< May present as Free Products C:\Program Files\DNS windir32.exe Reboot your system in Normal Mode. Please do an online scan at Panda ActiveScan Click on the Scan your PC button & a pop up window shall appear. (Ensure that your pop up blocker doesn't block it) Click On Next Enter your e-mail address & click Send. (It will begin downloading Panda's ActiveX controls which are about 8MB in size) In the next window, & checkmark the following: Disinfect automatically Scan compressed files Scan e-mail files Detect unknown viruses (Heuristic) Detect spyware Begin the scan by selecting All My Computer You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. If it finds any malware, it will offer you a report. Click on see report Then click Save report Post the contents of the report in your next reply Please post a fresh Hijack This log together with the Panda scan log report so that we can check if your system is clean. __________________ Know where you're going in life. You may already be there Last edited by Horse; 10-16-2005 at 09:56 AM.