Welcome to Castlecops!!!!

Download LSPFix from here or here.
1. Disconnect from the Internet, go to the LSPfix file and extract/unzip LSP-Fix into its own folder [C:\lspfix].
2. Open the lspfix folder and double-click on LSPFix.exe to start the program.
3. Check the "I know what I am doing" checkbox.
4. Select (highlight) all instances of c:\program files\newdotnet\newdotnet7_22.dlll in the left column under "Keep".
5. Click the arrow >> so it goes over to the right column under "Remove".
6. Click "Finish" and LSPfix will remove references to the file and restore the chain numbers.
9. Restart your computer in normal mode and post a new HJT log.

LSP-Fix Tutorial


How is everything running??

_________________
Microsoft Valuable Professional--Consumer Security 2007-2009

http://geekfox26.blogspot.com/

Since everything seems to be fixed, you can remove LSPFix from your Desktop.


Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To SET A NEW RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Graphics for doing this are in the following links if you need them.
How to Create a Restore Point.
How to use Cleanmgr.

======================================

Here is some useful information on keeping your computer clean:

1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
   
2. Here are two great Preventive programs:
   1. SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
      
   2. IESpyads adds a long list of bad sites to your Restricted sites in Internet Explorer and protects against drive by downloads.
   
   
3. Surf Safe with McAfee's SiteAdisor. SiteAdisor will work with Internet Explorer and Mozilla Firefox. SiteAdisor is a browser plugin that assigns a safety rating to domains listed in your search engine. SiteAdvisor uses the following color codes to indicate the safety level of each site.
   1. Red for Warning
      
   2. Yellow for Use Caution
      
   3. Green for Safe
      
   4. Grey for Unknown
   
   
   Here are the link to install SiteAdisor in Internet Explorer and Firefox
   
4. Anti-Spyware Programs I Recommend:
   • Free Anti-Spyware Programs
   
   
   1. Lavasoft's Ad-Aware SE Personal
      
   2. Windows Defender
   
   
5. For Even More Information On Securing Your Computer read Tony Klein's So How Did I Get Infected In The First Place

_________________
Microsoft Valuable Professional--Consumer Security 2007-2009

http://geekfox26.blogspot.com/

I am locking this thread since the issue is resolved. If you need it reopened, please private message a Moderator and we will unlock it for you.

Jusr re-opened this to put closure on a minor outstanding matter here.

Hi Lorraine,

I'm still a bit niggled about the references to MS Works. Though we have stopped the startup entries I would like to know why they remained there. Perhaps you could do the following for me:

- Check Add/Remove programs and also the 'Tools' section of CCleaner (where it shows you which programs you can uninstall). Can you confirm Works is not listed in either place?

- Can you do a search once again. Copy the command in bold below:
dir c:\*works* /s > c:\FindWorks.txt

(Go to Start, Run, type cmd and click OK. Right click next to the flashing cursor and select Paste, then press Enter. Type exit and press Enter to close the window.)

Attach the file 'FindWorks.txt' to your next post. It may be that the entries in the registry have been left behind when you uninstalled the program but it would be nice to know for sure.

(There shouldn't be any personal data in this one )

Hiya Mister2,
For some reason I did not receive notification that you had opened this up again. I happened to come in today and saw your message. I am sorry but it wasn't my fault this time

Thanks Lorraine,

No apologies necessary - the notification system has been a little erratic with me lately. I thought you may check in anyway!

I detached 'FindWorks.txt' as there things in there I didn't expect. Not harmful, secret or anything, just nobody else's business. There's not a great deal of MS Works there, either - just one or two bits to tidy up.

Open My Computer and do the following:

Navigate to C:\Documents and Settings\All Users\Application Data\Microsoft and delete the directory named 'Works' (it's empty anyway).

Navigate to C:\Program Files\Common Files\Microsoft Shared and delete the folder named 'Works Shared' (that's empty, too).

Finally navigate to C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery and delete the following files:

MSWorks.zip
MSWorks1.zip
MSWorks2.zip
MSWorks3.zip

And you're done!

How's your system running now? Any slowdowns, unwanted programs starting, strange behaviour?

And any other questions welcome!

Hello Mister2,

I have done this one lol.

I have not deleted the first 2 until you confirm it's okay. I don't know if it would mess up my MS Office Professional Edition 2003 ? 1 out of 3 is not bad is it

It seems to be quicker than it was. Nothing else is happening apart from Norton giving me the ATTENTION again. I have to keep downloading their PI thingy to correct the product inventory doo dah. It doesn't happen every day but it's damn annoying when it does Oh, nearly forgot, Internet Explorer keeps closing on me when I have not asked it too. Earlier today, it must have been 4-5 times it did it whilst I was trying to read something in the forum. Don't know if that is relevant

Thank you very much. I won't ask you my questions in this post as it is quite long. Plus I don't want you to have nightmares I will fire them at you in my next post if that's okay.

Sleep tight
Lorraine

Aha! I see the error in my ways!
(First time for everything! )

The first you can delete - the one containing 'Portfolio folder = Sample.wsb' and so on. That's just the Works calendar.

The second one is, I'm 99% sure, just used for Works. But because of the 1% uncertainty I recommend you leave it there - it's not doing any harm and taking up little space.

As for the other things, try the following:

- Go to Start, Run, type eventvwr and click OK.

- Click 'Application' in the left hand column, go to Action, Export List, type eapp in the Filename box and click Save

- Click 'System' in the left hand column, go to Action, Export List, type esys in the Filename box and click Save

- Click 'Internet Explorer' in the left hand column, go to Action, Export List, type eexp in the Filename box and click Save

Attach these 3 files - eapp.txt, esys.txt and eexp.txt - to your post. That might give a clue as to what's happening.

Hello Mister2

I like it .......

I have deleted the Works one with Portfolio in it and left the other 2.

Ran the eventvwr, attaching results for the first two but when I did the Internet Explorer it said it was empty ........... have I messed it up?

Lorraine

---

eapp.txt
Description:		Download
Filename:	eapp.txt
Filesize:	159.85 KB
Downloaded:	19 Time(s)

---

---

esys.txt
Description:		Download
Filename:	esys.txt
Filesize:	207.84 KB
Downloaded:	22 Time(s)

---

No problem - literally!
That section is empty because Windows hasn't been told to write anything there. This is normal, I just asked in case that function had been turned on. You don't really want to turn it on as the log fills up with squillions of errors that are not really errors but look frightening anyway! And no - I don't know why MS designed it like that.

I have had a quick look down the 2 logs you attached and there doesn't seem to be anything that alarms me. I will check more fully tomorrow. Been tiling the floor today and have aches in unusual places.

And one ache where I didn't think I had a place

I will also think about Norton and why it is playing up.

I'll be back tomorrow unless my fingers sieze up overnight!

Hello Mister2,
Great news, glad I had not messed it up

Aww bless Have the tiles stayed down this time he he he.

Quote:

And one ache where I didn't think I had a place

Come on, I can't resist, where was this place you didn't know you had

Good luck with that one

Hope your fingers have not seized up Catch u later.

Best Wishes
Lorraine

Hiya Mister2,

Can I ask you some questions relating to the list sjpritch25 very kindly gave me to keep computer clean. I didn't get chance to ask him or to thank him for his help. I will pm him so he knows I do appreciate it.

IESpyads which has now been replaced by ZonedOut and SiteAdisor looks good. They wouldn't conflict with NIS would they ? Do you use them ?

I have MRU Blaster which wasn't on the list so I will remove that one.

Now a couple of questions relating to you.
You know when I did that CCleaner (I think that's the right name) before I did my first defrag with DiskeeperLite. Can I do this anytime when all the stuff builds up in the temp file ?

Is it okay to run the Windows Defrag occassionally between DL ?

Now off to get some dinner sorted out.
Bye for now
Lorraine

I have never used IE-SPYAD or ZonedOut but I wouldn't expect any conflicts. There is an article here announcing the demise of IE-SPYAD. I do use SiteAdvisor (along with AdBlock in the Firefox browser) and again there should be no conflicts.

MRU Blaster is good if you need to remove your MRUs (Most Recently Used programs). Personally I like to keep them and clear the other junk - I find it a bit bothersome not having my recently used documents listed when I open Word or Excel as I can never remember where they are.

CCleaner can be run anytime and you can also set it to keep your MRUs - check out the left hand side on the Windows tab in CCleaner. By the way, that is the correct name - they changed it from CrapCleaner some time ago when it got more popular!

Yes, you can use Windows defrag anytime you like. I rely on Diskeeper as it does a better (and quicker) job, although it may not appear so. Open Diskeeper and click Help (in the left hand pane), Diskeeper FAQs and look at the first 3 or 4 items. There are explanations about the way the program works.

Tiles are still down but moving slightly - 24 hours to set is a little optimistic! The place I didn't know about is in my leg - I wasn't aware I had a muscle just there. Until I ran upstairs

Re your logs, I don't think there is anything significant there. However (there's always a catch!) if you check out the System log you will see "Error 07/06/2008 12:42:10 Service Control Manager ...". Double click on that error and copy the text in the Description that pops up (you will need to highlight the text then press Ctrl and C at the same time to copy it). It will say something like "The int15.sys service failed to start due to the following error:
A device attached to the system is not functioning."

Many systems seem to have an error of this sort and function normally. I'm just curious.

Hope you enjoyed dinner - we sorted ours out at the local coffee shop!

Hello Mister2,
Thanks for your thoughts on the spyware stuff.

That is brilliant on the CCleaner as I loved getting rid of all the rubbish in the temp folder. I like the name CrapCleaner, what a shame they changed it

I like Diskeeper too, the only thing I don't understand is when I have run DK there are still loads of green bits whereas in Windows, if I remember rightly, it use to move everything back in it's right place! I was more than likely dreaming so ignore me I will have a look at the FAQ.

Still time for you to take them up again then

Quote:

The place I didn't know about is in my leg - I wasn't aware I had a muscle just there. Until I ran upstairs

I didn't expect that answer I thought you was going to come up with something like - my right foot, which I didn't know I had.

Here you go:

7/6/08 12:42:10
The BCMNTIO service failed to start due to the following error:
The system cannot find the path specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

There are loads of this error and the one next to it. I don't know what either of them are

Quote:

Hope you enjoyed dinner - we sorted ours out at the local coffee shop!