'Stein

All's good, except for number 6. Instead of finding that specific file inside Prefetch, ya can just clear the entire folder... Legit programs put themselves back inside tehre automatically, and sometimes spyware just sits around in there. So, for number 6, clear out the entire prefetch folder, but leave the …

Hey, welcome to Daniweb. To begin, I see several things wrong with the log. Start by first uninstalling MessengerPlus3 using the Add/Remove programs list. Then, follow this by checking the following in HJT: [B]R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE …

Alrite, a couple more things: [B] O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - [url]http://us.games2.yimg.com/download.g...tl_0_0_0_1.ocx[/url] O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - [url]http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll[/url] [/B]

Ok, before we start, you have a problem. Create a new folder in Program Files, and name it 'HJT'. Then, drag the HJT icon into this new folder, and rerun a scan. This may seem pointless, but it has it's uses. Post with a new scan. Thanks,

Yep, you're right. Ya got a nasty version of SpyAxe. Let's begin with a safeguard. The first problem I see is that HJT was run from a temporary folder. Fix this by creating a folder inside Program Files, and name it 'HJT'. Drag the HJT icon into this new folder, …

Here's the link: [url]http://downloads.malwareremoval.com/hijackthis.zip[/url] One thing to be sure of when running a scan--the program's in a permenant folder. To do this, create a new folder inside Program Files, and name it 'HJT'. Then, when ya download HJT, immedeatly drag the HJT icon into this newly-created folder, and run it …

Ok, first off, you have a Vundo infection. We're gonna do 3 things. 1) Ya need to move HJT into a permemant folder. Begin by creating a new folder inside Program Files, and name it HJT. Drag the HJT icon into this folder. 2) Download [URL=http://www.atribune.org/ccount/click.php?id=4]VundoFix[/URL] to your desktop. Then …

Yes, by the way welcome to Daniweb. Lets begin by installing [URL=http://www.malwareremoval.com/downloads.html]HijackThis[/URL] , a type of diagnostic software. Before downloading, create a new folder in Program Files. To do this, open up My Computer > Local Disc > Program Files. While in here, right click, and enter a new folder, …

Sure thing. Check the following: [B]O1 - Hosts: localhost 127.0.0.1 O4 - HKLM\..\Run: [dmukh.exe] C:\WINDOWS\system32\dmukh.exe O4 - Global Startup: clockmon.exe O16 - DPF: Yahoo! Dominoes - [url]http://download.games.yahoo.com/gam...ts/y/dot4_x.cab[/url] O16 - DPF: Yahoo! Fleet - [url]http://download.games.yahoo.com/gam...s/y/fltt3_x.cab[/url] O16 - DPF: Yahoo! Gin - [url]http://download.games.yahoo.com/gam...nts/y/nt1_x.cab[/url] O16 - DPF: Yahoo! NFL GameChannel StatTracker - [url]http://aud9.sports.sc5.yahoo.com/ja...lgcst1016_x.cab[/url] …

Well alittle more advice. For one, I would strongly recommend switching to FireFox, a different kind of internet browser. It's significantly safer to use, considering it's not as interconnected to the physical computer compared to FF. However, it still runs the same way as IE. The link for it can …

Alrite, great, begin by checking the following: [B]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://us.rd.yahoo.com/customize/ie...rch/search.html[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://us.rd.yahoo.com/customize/ie...//www.yahoo.com[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://us.rd.yahoo.com/customize/ie...rch/search.html[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://us.rd.yahoo.com/customize/ie...//www.yahoo.com[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://us.rd.yahoo.com/customize/ie...//www.yahoo.com[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = F3 - REG:win.ini: load=??u …

Alrite great, ya have a SpyAxe infection. Begin by trying to uninstall these programs from the Add/Remove Programs list: [B][COLOR=Navy]MyWebSearch WinFixer 2005[/COLOR][/B] After doing this, reboot your computer, and open up HJt. Begin checking the following: [B] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html …

Ok, first off, ya have a problem about where HJT is. Begin by creating a new folder in Program Files, and name it 'HJT'. Then, drag the HJT icon into this new folder, and run a new scan, posting the log. Thanks again.

Well lets start from the top. First off, it appears that you have a completely 'virgin' form of XP; in other words, you havnt installed any security updates yet. I would STRONGLY recommend doing this AFTER we fix your computer. Secondly, I see that HJT is saved in a temporary …

Also what never hurts is to download CCleaner.

Mabe I'm wrong, but I really think it could be another factor, such as connection speed, etc.

Yep, zoned's right, and I'll get there in a sec. After doign what tayspern mentioned, begin by Uninstalling anything having to do with MessengerPlus3 using the Add/Remove programs list. After doing that, check these in addition to what tayspern mentioned: [B]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL …

Well, most of the time it depends on the program. Some programs (ie QuickTime) allow ya to manually prevent the icon from opening (its inside System preferences> advanced tab). Other programs, however, open them on their own. I'd reccomend going thru each individual program trying to find that option, cause …

Alrite, several more things to check: [B]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe O4 - Global Startup: hp center.lnk = …

Arg, I hate to sound mean, but you're running from a temporary folder. If ya could, create a new folder in Program Files, titled 'HJT'. Now, move the current HJT program and icon and all into this folder and run a new log. There are 2 purposes for this 1) …

It could be another thing. Is the Ip [B] 127.0.0.1 [/B] familiar to ya? If yes, leave it alone, if no, then rerun HJT and check this line: [B]R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1[/B] Also, since u've tried several other antispywares, download SpySweeper (link found in my sig below) and …

Alrite,, let's begin with HJT. Download HijackThis from [URL=http://www.daniweb.com/techtalkforums/thread28196.html]here[/URL], and be sure to save it in a permenant folder. In other words, create a folder in Program Files, and name it HJT. Extract HJT into its own folder, and run it from there. Thanks.

Hey, welcome to daniweb noob. Ok, to begin, your HJT folder is in a temporary location. Begin by creating a new file in Program Files, and title it HJT. After doing this, place the entire HJT application in here and rerunning a scan. Sorry for the hastle, but oftentimes, it'l …

Hah jeez, thats not good, welcome to Daniweb by the way. Ok, begin by trying to uninstall [COLOR=Red]MessengerPlus! 3[/COLOR] This program is FILLED with spyware. Next, begin by checking these entries in HJT: [B]O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)[/B] …

[B][COLOR=Red]EDIT: Follow the one above^^[/COLOR][/B] Sure, we can help you. Welcome to Daniweb by the way :) Yes, in fact you have the W32/Kassbot-L worm, shown by the HJT line below. You're going to begin by first checking this line in your HJT log: [B]O23 - Service: Windows XP Manager …

Yes, and on top of that, you might want to try something else. Download CCleaner (link found below in sig.). Be sure to update definitions for this. Run this to its full extent, under both 'cleaner' and 'issues' tabs. Lastly, if ya can, [B]try to include the Ewido scan log …

ALrite, several more things to fix: [B]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - …

Hah you have a small amount of infection, but we can all fix it here. Begin by trying to uninstall anything having to do with [COLOR=red]Empire Poker [/COLOR]or [COLOR=Red]Party Poker[/COLOR] After doing this, check these in HJT: [B]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/cus...rch/search.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = …

Here, most of these are unimportant, but it won't hurt to fix um anyways: [B]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [/B] Thanks.

Yes, you are. Now, run HJT, 'Scan Only', and place checks next to the following: [B] R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://windowsupdate.microsoft.com/[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell= O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing) O9 - Extra button: (no …

Good good,, that's a good sign that all Ewido/SpySweeper caught were tracking cookies.. Now to the log. Check the following boxes in HJT: O4 - HKCU\..\Run: [RealPlayer] "F:\Program Files\realplay.exe" /RunUPGToolCommandReBoot O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - …

First, begin by fixing 1 more in the hjt log [B]O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)[/B] Several more things to try that might help. First, download CCleaner (link below). Be sure to update definitions, and then run scans, fixing everyting, under the 'Cleaner' and 'Issues' tab. …

Yep, your log looks clean to me. Are ya having any further problems? Thanks.

Hey, Welcome to Daniweb. Heh, first time in a while I've seen somebody prepared. Man, ya already have Ewido, good, HJT is in a permenant folder, good, and you've already followed DMR's protocol---basically, you're incredible. Haha alrite, to work. Begin by checking the following in the HJT log: [B]R1 - …

Ya also might want to try CCleaner (link in my sig below). Lastly, it might speed it up a tad if ya uninstalled the Yahoo internet bar. Thanks. Tayspern-- did ya subscribe to the membership? awsome

Welcome to Daniweb. Alrite, I see several things wrong with the log. Begin by checking the following: [B]R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no …

Alrite, welcome to Daniweb. Begin by first trying to uninstall MyWaySA from the Add/Remove Programs list. This works for some people, and doesn't for others. If it doesnt work, just move on. After this, check the following entries in HJT: [B]R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll …

Ok, first off, several things are wrong. Did you happen to run HJT in safe mode. If so, rerun it in normal mode and post it. Also, be sure everything is checked in your startup list. Second, your HJT is installed in a temporary folder. Begin by creating a new …

Yea I can confirm it. That's the correct fix above for your current Vundo infection, along with other problems. Tayspern's been in this business for a LONG time :D Thanks.

Actually could ya post a new HJT log? Thanks.

Awsome, lets work on this. Begin by downloading HijackThis, a diagnostic program. Directions for this and download location can be found here: [url]http://www.daniweb.com/techtalkforums/thread28196.html[/url] After downloading, post a log back here and we'll work from there. Thanks.

Well this definitely appears to be a spyware problem. Begin by downloading HJT, a diagnostic program. Directions for downloading can be found here: [url]http://www.daniweb.com/techtalkforums/thread28196.html[/url] After downloading, don't do any of it yourself, just scan and post a log. Be sure to NOT check anything. After this, we'll work from there. …

You might also want to check your router. Most routers can be set to kill the internet and all at certain times.

Alrite, I see several things wrong with the log...next time just start a new thread. Alrite, fix the following: [B]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/cus.../search/ie.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://red.clientapps.yahoo.com/cus...//www.yahoo.com[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://red.clientapps.yahoo.com/cus...//www.yahoo.com[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/cus.../search/ie.html[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search …

IT wouldn't hurt to clean it out anyways. First, begin by uninstalling Weatherbug. It's a major memory hog. Then, fix the following in the log: [B]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} …

Fix the following: [B]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [/B] After fixing that, do ya have any more problems? Thanks.

Hello owenj, welcome to Daniweb. First off, we apolegize for bypassing your entry. Therefore, if you're still having this problem, post a new log and we'll work from there. Again, we apolegize. Thanks.

Hi Quetty, welcome to Daniweb. We apolegize for taking such a long time reaching you. Begin by installing HijackThis. Directions for proper installation, along with the download location can be found here: [B][url]http://www.daniweb.com/techtalkforums/thread28196.html[/url] [/B] Again, credit given to DMR :) Thanks.

Okie, I only see 1 thing, but that could mean a variety of things. Check the following: [B]R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1[/B] After doing this, are ya still having problems? If YES: Start by downloading CCleaner and SpySweeper (both located in my signature), update their definitions, but do not …

Alrite, several things. First, is it one of those things, where ya put in your username/pass, hit enter, and it basically reloads the page? First off, I'd try doing this and following the directions here: [url]http://www.daniweb.com/techtalkforums/thread27570.html[/url] Then, I'd try converting and switching to use Firefox instead of IE. Overall, it …