'Stein

Welcome to daniweb :) Begin by opening HJT and checking the following: [B]R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local., O4 - HKLM\..\Run: [WiRNSMon] C:\WiRNS\WiRNSMon.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{3AF5EF7F-05E5-4C9B-AC5A-7785DB146BEE}: NameServer = 24.93.41.125,24.93.40.77 O17 - HKLM\System\CS1\Services\Tcpip\..\{3AF5EF7F-05E5-4C9B-AC5A-7785DB146BEE}: NameServer = 24.93.41.125,24.93.40.77 O17 - HKLM\System\CS2\Services\Tcpip\..\{3AF5EF7F-05E5-4C9B-AC5A-7785DB146BEE}: NameServer = 24.93.41.125,24.93.40.77 O23 - Service: WiRNS (WiRNS.exe) - rbolen70 - C:\WiRNS\WiRNS.exe[/B] …

Let's begin by downloading [url=http://www.ewido.net/en/download/][color=#3366FF]Ewido Security Suite[/color][/url]. [list] [*] Install ewido security suite [*] When installing, under "Additional Options" uncheck.. [list] [*] [b]Install background guard[/b] [*] [b]Install scan via context menu[/b] [/list] [*] Launch ewido, there should be an icon on your desktop, double-click it. [*] The program will now …

Well, first off, HJT wasnt run from a permenant folder. Go to Program Files and create a new folder there, titled 'HJT'. Now, drag the HJT icon into this new folder. After doing this, follow up by downloading [url=http://www.ewido.net/en/download/][color=#3366FF]Ewido Security Suite[/color][/url]. [list] [*] Install ewido security suite [*] When installing, …

Hmm alrite, let's try using regedit. Open Start > Run, and type in 'regedit' (without the quotes). Navegate to the entry ya wanna delete, and right click it, choosing 'delete'. Post back here on results. Thanks.

Adi, Download [url=http://downloads.malwareremoval.com/hijackthis.zip][b]HijackThis[/b][/url] ([color=red]current verison is v1.99.1[/color]) [url=http://downloads.malwareremoval.com/hijackthis_sfx.exe][i]or here (Alternate 1, a self-extracting zip file)[/i][/url] [url=http://downloads.malwareremoval.com/HijackThis.exe][i]or here (Alternate 2, an *.exe file)[/i][/url] [b][color=red]Make a new folder[/color][/b] to put your [b]HijackThis.exe[/b] into. (Anywhere on your hard drive is fine [b][i]other than your Desktop or the Temp folder[/i][/b]. Suitable examples are: [list][*]C:\HijackThis\ …

Haha yep, ya sure do got SpyFalcon, which is a variant of SpyAxe. Let's begin by downloading [url=http://siri.urz.free.fr/Fix/SmitfraudFix.zip]SmitfraudFix[/url]. Extract all the files to your Destop. A folder named [b]SmitfraudFix[/b] will be created on your Desktop. ______________________________ Next, download the trial version of [url=http://www.ewido.net/en/download/]Ewido[/url]. [list][*]Install Ewido. [*]When installing, under [b]Additional Options[/b] …

Hmm, that sounds like a hardware prob, but we'll double check that. Download [url=http://downloads.malwareremoval.com/hijackthis.zip][b]HijackThis[/b][/url] ([color=red]current verison is v1.99.1[/color]) [url=http://downloads.malwareremoval.com/hijackthis_sfx.exe][i]or here (Alternate 1, a self-extracting zip file)[/i][/url] [url=http://downloads.malwareremoval.com/HijackThis.exe][i]or here (Alternate 2, an *.exe file)[/i][/url] [b][color=red]Make a new folder[/color][/b] to put your [b]HijackThis.exe[/b] into. (Anywhere on your hard drive is fine [b][i]other …

Wow, good find comatose. :)

Hmm, well the log's clean. Let's do 2 things. Begin by downloading [url=http://www.filehippo.com/download_ccleaner/][color=orange][B]CCleaner[/B][/color][/url], and specifically choosing the most recent version. Then, follow these steps: [color="DeepSkyBlue"]1. Close all programs so that you are at your desktop. 2. Double-click on the [b]"My Computer"[/b] icon. 3. Select the [b]"Tools"[/b] menu and click "Folder …

Ok, the log's clean. Heh ya, I'd defrag, but not just yet. I wanna try 2 things. 1) Begin by downloading [url=http://www.filehippo.com/download_ccleaner/][color=orange][B]CCleaner[/B][/color][/url], and specifically choosing the most recent version. Then, follow these steps: [color="DeepSkyBlue"]1. Close all programs so that you are at your desktop. 2. Double-click on the [b]"My Computer"[/b] …

If ya could repost the log without all the line spaces inbetween each entry, it'd be great. Thanks.

Download [url=http://downloads.malwareremoval.com/hijackthis.zip][b]HijackThis[/b][/url] ([color=red]current verison is v1.99.1[/color]) [url=http://downloads.malwareremoval.com/hijackthis_sfx.exe][i]or here (Alternate 1, a self-extracting zip file)[/i][/url] [url=http://downloads.malwareremoval.com/HijackThis.exe][i]or here (Alternate 2, an *.exe file)[/i][/url] [b][color=red]Make a new folder[/color][/b] to put your [b]HijackThis.exe[/b] into. (Anywhere on your hard drive is fine [b][i]other than your Desktop or the Temp folder[/i][/b]. Suitable examples are: [list][*]C:\HijackThis\ [*]C:\Programs\hijackthis\ …

Probaby, we have to ask you to post your problem inside a new thread. We'll help ya from there. Thanks.

Heh ya, it's alrite to keep those sites on there. First, let's try to uninstsall Alexa using [url=http://pages.alexa.com/exec/faqsidos/help/index.html?index=7] these directions.[/url] After this, we're gonna try to get rid of BetterInternet using the Nail fix, simply because they are similarly related. [color=darkred][b]Step 1. ==========[/b][/color] - Please download [color=Teal][b]DSRFix[/b][/color] from [url=http://www.atribune.org/downloads/dsrfix.zip][color=Orange][b]here[/b][/color][/url] - …

Alrite, you're infected with a SpyAxe variant. Let's begin by downloading [url=http://siri.urz.free.fr/Fix/SmitfraudFix.zip]SmitfraudFix[/url]. Extract all the files to your Destop. A folder named [b]SmitfraudFix[/b] will be created on your Desktop. ______________________________ Next, download the trial version of [url=http://www.ewido.net/en/download/]Ewido[/url]. [list][*]Install Ewido. [*]When installing, under [b]Additional Options[/b] [color=red]uncheck[/color] [b]Install background guard[/b] and [b]Install …

heh, zoned, I wish it was that easy. Let's start by downloading [url=http://forums.net-integration.net/index.php?act=Attach&type=post&id=134981][color=blue]FindQoologic-Narrator[/url][/color]. Extract(unzip) the files into their own folder. Browse to where you saved them. Double-click the Find-Qoologic2.bat file to run it. A text file will open. Copy and paste the contents of the file into your reply along …

Jefi, if ya could post in a new thread, we'll help ya there. Thanks.

Arg, that sounds pretty virus-like. Let's try running the *.exe version of HJT. Download using this link: [url]http://downloads.malwareremoval.com/HijackThis.exe[/url] If that doesnt work, post back and we'll work from there. Thanks.

Awsome. Nice new thread :) Let's start by doing this: 1.Please download [color=red][b]AIMFix[/b][/color] from [url=http://www.jayloden.com/VirusClean.htm][b]here.[/b][/url] 2. [b]Run the program[/b] 3. [b]REBOOT[/b] your system 4. Post back new HJT log. Thanks.

Hmm, it's still there. Let's try doin this: Begin by downloading [url=http://siri.urz.free.fr/Fix/SmitfraudFix.zip]SmitfraudFix[/url]. Extract all the files to your Destop. A folder named [b]SmitfraudFix[/b] will be created on your Desktop. ______________________________ Next, download [url=http://www.filehippo.com/download_ccleaner/][color=orange][B]CCleaner[/B][/color][/url], specifically choosing the most recent version. Then, follow these steps: [color="DeepSkyBlue"]1. Close all programs so that you …

Ja, log's clean :) Let's finish up by flushing out your System Restore points, as they seem pretty infected: Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. …

Heh the folder issue has to do with backing up actions done, and fixing them if the wrong one is chosen. For example, if ya accidently checked the wrong box, and fixed it, and it killed a program, for example. You could fix this if the program was in a …

Hmm I don't see anything in the log, but that could mean several things. Let's do simple first. Open HJT, and fix the following: [B]R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) [/B] Now, begin by downloading [url=http://www.filehippo.com/download_ccleaner/][color=orange][B]CCleaner[/B][/color][/url], and specifically choosing the most …

Yep, you're sorta infected. Let's start by uninstalling the following using Add/Remove Programs: [b][color=red]Accoona Spyware Nuker[/b][/color] Then, download [url=http://www.ewido.net/en/download/][color=#3366FF]Ewido Security Suite[/color][/url]. [list] [*] Install ewido security suite [*] When installing, under "Additional Options" uncheck.. [list] [*] [b]Install background guard[/b] [*] [b]Install scan via context menu[/b] [/list] [*] Launch ewido, there …

Hmm, the Ewido log's clean except for cookies, which is alrite. The HJT log is clean, except for 1 entry. Fix the following: [B]O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop[/B] Now thinking about it, it wouldn't hurt to redownload IE. Follow these steps: Please go to: [color=blue]start[/color]-->[color=blue]run[/color] and type this in: [color=blue]regedit[/color] Then …

Hello, welcome to Daniweb :) Let's begin by going to the Add/Remove Programs (inside the Control Panel), and uninstalling anything having to do with the following: [b][color=green]isrvs VIP Quality Software EmpirePoker Bodog Poker[/b][/color] Let's follow this up by downloading [url=http://www.ewido.net/en/download/][color=#3366FF]Ewido Security Suite[/color][/url]. [list] [*] Install ewido security suite [*] When …

Alrite great, let's begin by uninstalling anything in the Add/Remove Programs list having to do with "QBU" Next, follow by downloading [url=http://www.ewido.net/en/download/][color=#3366FF]Ewido Security Suite[/color][/url]. [list] [*] Install ewido security suite [*] When installing, under "Additional Options" uncheck.. [list] [*] [b]Install background guard[/b] [*] [b]Install scan via context menu[/b] [/list] [*] …

Haha ya, I'd second that. I already use it in fixes here. However, after installing, ya need to configure it to scan some custom files: [B][color=blue]C:\Windows\Temp C:\Temp C:\Documents and Settings\<Every user listed>\Local Settings\Temp C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5 C:\Documents and Settings\<Every user listed>\History C:\Documents and Settings\<Every user …

Arg, alrite, ya have a dillemma. You have a program on your computer called MyKazaaGold. Im pretty sure its a paid program. However, it has spyware embedded inside of it. Therefore, the simple answer is to uninstall it. But, not everybody does. Personally, I'd recommend uninstalling it, and switching to …

Ok, that's cool. What we'll do instead is run CCleaner and then after that, an online Panda scan. Directions for the entire process using CCleaner: [b]Please print out or copy these instructions\tutorials to Notepad as the internet will not be (while in Safe Mode) availble to you at certain points …

Ok, you're not THAT infected--and we can fix all of it. [color=blue]Copy this advise to a Notepad file. Save it to your desktop. We will use it later. [/color] Download the [url=http://www.downloads.subratam.org/KillBox.zip]Killbox[/url]. Unzip it to the desktop but do NOT run it yet. Follow by downloading [url=http://www.filehippo.com/download_ccleaner/][color=orange][B]CCleaner[/B][/color][/url], and specifically choosing …

Haha no worries, use ahead. If ya want, post back and ill send ya some other canned msgs. i use (Spyaxe fix, L2me Fix, Vundofix, Nail fix, resetting system restore, reinstalling IE, etc...)

[COLOR="Red"][B]EDIT: Heh, nizzy beat me to it. Follow his intructions.[/B] [/COLOR] Ahh, the obnoxous AIM virus. Heh well ya came to the right place :) First off, I wanna mention I don't see anything too bad in the log, which is good. Begin by downloading [url=http://www.ewido.net/en/download/][color=#3366FF]Ewido Security Suite[/color][/url]. [list] [*] …

Ya might wanna try using this [URL="http://support.microsoft.com/kb/q170086/"]article.[/URL] However, I wouldnt recommend it if ure not to familiar with computer (I have a feeling ya are), cause it uses RegEdit. Just be careful with regedit. Thanks.

Well, have ya tried disabeling Norton AntiVirus from running on start up, restarting the computer, and running it again? If not, try this, and then post back here on how it worked. Thanks.

Hi, welcome to daniweb. You're sorta infected, but its all stuff we can fix. NOTE: Save these directions to a notepad file, to the desktop, as you will not be able to access the internet while in safe mode. Let's begin by doing the following: Begin by downloading [url=http://www.filehippo.com/download_ccleaner/][color=orange][B]CCleaner[/B][/color][/url], and …

Alrite great. Let's begin with HijackThis, a diagnostic software that helps us determine the problem. Download [URL="http://downloads.malwareremoval.com/hijackthis.zip"]HijackThis]L], and move the icon out of the unzipped folder to your desktop. After doing this, run a scan and post a log back here. From that, we'll work from there. Thanks.:)

Yes, several problems. First off, all I say is that you're [color=red][b]INFESTED[/b][/color], but it can all be fixed. Second, ya didn't include the header that lists the HJT version, IE version, and Windows version. Post the header nxt time please :) Lets begin by doin several things. First, uninstall EQAdvice …

Ok, great. I'll help ya with it all. First, let's turn system restore back on. Then, after that, download [url=http://downloads.malwareremoval.com/hijackthis.zip]HijackThis[/url], a diagnostic software. After downloading, move the icon from the folder to the desktop, and open it. Run a scan and save the log. Post the log back here and …

Alrite, a couple things. First, could ya post the contents of this file in your nxt post: [B]C:\Look2Me-Destroyer.txt [/B] Then, fix the following in HJT: [B]O4 - HKCU\..\Run: [Taae] "C:\DOCUME~1\Daddy\APPLIC~1\RACLE~1\winlogon.exe" -vt rbnd O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - [url]http://www.nick.com/common/groove/gx/GrooveAX27.cab[/url] O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [url]http://download.games.yahoo.com/game...ploader_v5.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{E35CB13D-8054-4E07-8758-94AD785FFE83}: NameServer …

Sure thing. By the way, welcome to daniweb :) First off, ya don't have the most recent version of HijackThis. Download it from [URL="http://downloads.malwareremoval.com/hijackthis.zip"]here[/URL]. Move the icon to your desktop, and run a new scan. Ahead of time, I already see an Aurora/Nail infection, so just be ready for that. …

Hello, welcome to daniweb. Begin by dowload [URL="http://downloads.malwareremoval.com/hijackthis.zip"]HijackThis[/URL], a diagnostic software. After downloading, drag the HJT icon onto the desktop, and run a scan with it, saving the log. Post the log back here, and we'll take a look at it and get back to ya. Thanks.

Good good, so you're now connected to teh internet. However, still follow tayspern's instructions from the last post, as your are in no ways clean spyware-wise. After following his instructions, post a new log here and we'll contiune with the fix. Thanks.

First, try uninstalling FreeRAM XP Pro. It looks pretty dubious to me Couple more to check: [B]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID} O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O11 - Options group: [INTERNATIONAL] International*[/B] After this, reboot into safe mode and delete …

Welcome to daniweb. Let's begin uninstalling the following: [COLOR="Orange"] [B]AdawareAlert SpywareFighterGuard [/B][/COLOR] After this, open HJT and check the following: [B]O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.Exe -boot O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spfprc.exe O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [url]http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab[/url] O16 - DPF: …

Welcome to daniweb. Heh it IS in fact a great community to work at too. Now let's get down to business. I'll admit it, you're pretty infected, but we can fix everything that's in there. Let's begin by downloading Ewido and SpySweeper (links for both are in my sig below). …

Hah welcome back. Lets begin by uninstalling anything in Add/Remove Programs that has to do with UltimateBet. Then, follow up by checking the following: [B]O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{081B9341-1060-428C-B409-3DA4DC40CDA9}: NameServer = …

larbec, if ya could, simply start a new post. Although the topics may seem similar, they're generally more different then they appear. So, if ya could start a new topic, it'd be great.:D Thanks.

Hmm I don't see anything to toxic. Still, fix teh following: [B]O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - [url]http://advnt01.com/dialer/int_ver34.CAB[/url] O20 - Winlogon Notify: Themes - C:\WINNT\system32\ftsdrv.dll[/B] After this, delete this file in safe mode (ya might have to unhide hidden files to …

Welcome to daniweb. Your log is clean. However, it wouldn't hurt to download CCleaner. Download the latest version of it, update its defenitons, and run scans in both the 'Issues' and 'Cleaner' toolbars. Also, have ya run an Ewido scan anytime soon (I see that ya have it already installed)? …