Tech Support Forum - View Single Post

greyknight17 · 06-15-2006, 09:47 PM

Please print the below instructions or copy them to Notepad.

Download LSPFix http://www.greyknight17.com/spy/LSPFix.exe and run it. Check the box that says 'I know what I'm doing'. Click on newdotnet7_22.dll on the left window and then click on the arrow pointing to the right. Do the same thing for xfire_lsp.dll. Click Finish and follow the prompts.

Uninstall the following via the Add/Remove Panel (Start->Settings->Control Panel->Add/Remove Programs) if found:

New.net

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\Program Files\NewDotNet\

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. CleanUp! deletes EVERYTHING out of your temp/temporary folders and also cookie files. It does not make backups. If you have any documents or programs that are saved in any Temporary Folders, make a backup of these before running CleanUp!. Run CleanUp! and click on the CleanUp! button. Let it run. After it's done, click the Close button and choose Yes to logoff.

Restart. Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoftware.com/products/activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply along with a new HijackThis log.

06-15-2006, 09:47 PM	#2 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,331 OS: Windows 98 & Windows XP Home/Pro My System	Please print the below instructions or copy them to Notepad. Download LSPFix http://www.greyknight17.com/spy/LSPFix.exe and run it. Check the box that says 'I know what I'm doing'. Click on newdotnet7_22.dll on the left window and then click on the arrow pointing to the right. Do the same thing for xfire_lsp.dll. Click Finish and follow the prompts. Uninstall the following via the Add/Remove Panel (Start->Settings->Control Panel->Add/Remove Programs) if found: New.net Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one: O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them): C:\Program Files\NewDotNet\ Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. CleanUp! deletes EVERYTHING out of your temp/temporary folders and also cookie files. It does not make backups. If you have any documents or programs that are saved in any Temporary Folders, make a backup of these before running CleanUp!. Run CleanUp! and click on the CleanUp! button. Let it run. After it's done, click the Close button and choose Yes to logoff. Restart. Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoftware.com/products/activescan.htm * Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it. * Click 'Check Now' & a pop-up window will appear. * Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size). * Begin the scan by selecting My Computer. * If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later. * Click on see report. Then click Save report. * Post that log in your next reply along with a new HijackThis log. __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools