This site is completely free -- paid for by advertisers and donations. The first set of instructions will find the bad files... Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! It will ask for confimation to delete the file. his comment is here

Virus, malware, adware, ransomware, oh my!

Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & fiending, Nov 6, 2005 #4 JSntgRvr José Moderator Malware Specialist Joined: Jul 1, 2003 Messages: 18,529 I see nothing wrong in the log. You do don't you??I know your not going to like this...But sorry...If I were in your shoes I would personally blow the OS off and start over...Sorry...Here are some general guidelines BG 10-21-200506:26 PM #3 steamwiz Member Join Date Sep 2003 Location Yorkshire U.K.

Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Yahoo! Thanks to you guys who tried to help me out. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step. Reply With Quote 05-15-200611:56 AM #5 Basementgeek Member Join Date Jan 2003 Posts 12,000 Points 1190 Trying turning off/disable your AV program, just down load the program.

I have followed all the instructions on the "Get Rid of Spyware, Adware, and Web Browser Hijackers" Page. See further down) I followed your intructions but the problem was not solved. Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exeO9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - http://www.help2go.com/forum/spyware-help/89248-ive-got-razespyware.html run Adaware and remove all it finds...

Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: save it to your desktop, for use later... When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=dword:00000091 2. http://www.help2go.com/forum/spyware-help/92542-help-razespyware.html amateur MRU Master Posts: 2545Joined: September 25th, 2005, 1:13 pmLocation: RI, USA Top by amateur » December 2nd, 2005, 10:39 am Hi cqb2004, It has been more than a week Share this post Link to post Share on other sites This topic is now closed to further replies. Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF:

You will run it later in safe mode.* Download the trial version of Ewido Security Suite here.Install ewido.During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via http://nuvisiongraphx.com/please-help/please-help-asap-anyone-or-everyone-read.html Please let me know if you think there is still more to this that I can no longer see. I am giving you 2 sets of instructions to run a malware removal program... Exit Ewido.

Place a check against the following items: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assist...paign=wdz0605a R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocnv.dll/warningAPI.htm#ID=MS038005;BGW; R0 - HKLM\Software\Microsoft\Internet find files Download: SmitfraudFix.zip from :- http://siri.urz.free.fr/Fix/SmitfraudFix.zip (the file contains both English and French versions) 1. LinkBack LinkBack URL About LinkBacks Thread Tools Show Printable Version Email this Page… Subscribe to this Thread… 09-16-200502:00 AM #1 MattJones Member Join Date Sep 2005 Posts 5 Points 0 I've weblink Be sure and turn it back on as soon as you get it loaded.

Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context Any suggestion as to why this is happening and how to get around it ? I'm Lost! - Forums Home - Tutorials - Get Computer Help - Spyware Help - Help2Go Detective - Software Picks - Newsletter - Testimonials - Donate Our Sponsors Help2Go Archive Top

IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Yahoo!

double click the .bat file - if you get a pop-up saying a script is trying to run... Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: &Yahoo! We will fix this in a moment. 3. The forum is run by volunteers who donate their time and expertise.

Go to the Desktop tab and click on the Customise Desktop button.

The upgrade could last as long as 7 hours. Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Yahoo! As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged Using these two websites http://www.dslreports.com/forum/rema...rity;mode=full and http://www.geekstogo.com/forum/index...howtopic=60686 Basically what I did was reboot in safe mode command prompt and delete desktop.html from C:\WINDOWS.