Jump to content


Trusted Malware Techs
  • Content Count

  • Joined

  • Last visited

Everything posted by noahdfear

  1. Do a search of your drive for the file ie6setup.exe If you don't have it, download it here. http://www.snapfiles.com/get/ie6.html Close IE and open Add/Remove programs, then uninstall Internet Explorer. Reboot and run the ie6setup.exe Reboot again and see if IE works. If so, go to Windows Update and install any available critical updates and service packs.
  2. I think you'll find your drivers here; http://www.esstech.com/techsupp/drivers.shtm listed under PCI AudioDrive (check device manager to make sure you don't have the Audio/Modem combo first! Those drivers are farther down the page.). Get the drivers for both the Allegro 1988 and 1989 for 98SE. Extract one to a folder, open and run setup.exe. Follow any instructions if given. Reboot and see if the exclamation point is gone. If not, right click and remove the ESS AllegroX MPU-401 Compatible from device manager and reboot. It should re-install with the new drivers. If still present, or y
  3. You're most welcome! BTW, when the Ewdio trial runs out, it goes to the freeware version, which can still be updated and run as a scanner, just won't have real-time protection.
  4. That's great news! Of the ones found here, Zone Alarm, Sygate and Kerio are among the most popular and recommended. http://www.webattack.com/freeware/security/fwfirewall.html I like Zone Alarm. Both optional on the Ewido and MSAS, but certainly won't hurt to keep them! :beer:
  5. Well, I see nothing bad in the startup log. Please delete the SIXA connection again and let me know if it returns after reboot. I would also like you to do a file search for the following and let me know what comes up. sixa.* *sixa.* sixa*.* I do recommend disconnecting from the internet while gone, and I would physically unplug the cable from the comp until we know what this extra connection is, if it returns.
  6. Forgot to add, please create srvchk.bat from the text in the quote box below, save to the desktop and run it, then post the log.
  7. The wininet was infected by one of the smitfraud variants. The Bloodhound.W32.EP notice is Norton's way of saying it's heuristic scanning has detected an unknown virus. It may well be the wininet.dll it's flagging. Copy the bold text below to notepad on two lines, just as it appears. dir %Systemdrive%\wininet.dll /a h /s > files.txt start notepad files.txt Close, saving it to your desktop as; Filename: wininet.bat Save as type: All Files Double click to run. It will open files.txt and place a copy on the desktop. Please post the contents. Then go to Windows Update
  8. Download and run Everest to identify the Sound card. There may be a link provided to update drivers. If so, try to locate and download the latest. Look for installation instructions. You will likely need to extract/install them, then open the device manager and right click>remove the ESS device with the yellow exclamation point, then close and reboot. It should find new hardware and the new drivers and re-install them upon startup. If no luck, let us know what you find. Everest Home Edition http://www.lavalys.com/index.php?page=product&view=1 Check for driver updates for the pr
  9. Can you left click and drag to highlight the instructions, then press Ctrl+C to copy, open notepad and press Ctrl+V to paste, then close and save? I would also be happy to email the instructions, then you can save the email to the desktop or where ever you want with easy access in safe mode. The downloads should remain on the desktop. Double click the zip file to begin extraction. Just add Panda ActiveScan to your Favorites and you can access it from the start menu. If still unable to right click and install the DelDomains.inf in safe mode, try again after running all the fixes.
  10. Save these instructions to text where you can access them in safe mode. Please download the attached smitRem.zip file, saving it to your desktop. Right click the file and extract it to it's own folder on the desktop. Check for updates to Spybot. If you don't have Ad-aware 1.06 installed, please install it and check for updates. http://www.lavasoft.de/support/download/ Place a shortcut to Panda Activescan on your desktop. Download the DelDomains.inf file to your desktop. Please download the trial version of ewido security suite. Install ewido security suite and start
  11. Download "Registry Search Tool" (RegSrch.vbs) from here http://www.billsway.com/vbspage/ start it and type in SIXA, wait for it to complete the search, click ok at the prompt. Then when wordpad opens, copy that back here please. Open HijackThis to the misc tools section, check the boxes next to Generate a startup list, then click the button. Post the contents. (would you mind editing your last name out please ) Please download and run F-Secure Blacklight <<link and let us know the results. Did you scan wininet.dll? Click Start>run and type cmd to open a comm
  12. Hi darkeyes! I've been throught the log and nothing bad jumps out at me, other than Kazaa. Is it still installed? If it is, I strongly recommend you uninstall it. This is not technically malware by itself, but it installs malware in order to run properly and it opens the door for every other nasty program you can think of. If you opt to remove it, first use Add/Remove Program to remove it and any reference to Altnet and P2P Networking. Go to your control panel, then to add/remove programs...uninstall P2P networking...If/when asked whether you also want to remove Altnet components, say 'Ye
  13. Are things working properly again? Please use this online malware scanner <<link to check the file wininet.dll located in C:\Windows\system32 and post the results. I recommend you download the stand-alone CWShredder 2.15 from here <<link. Save it to the desktop. Close all other windows, open CWShredder and click fix. Run HijackThis and fix the following entry. O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe Reboot to safe mode. Delete the following files and folders in bold. C:\Program Files\Daily Weather F
  14. Please download the attached smitRem.zip file, saving it to your desktop. Right click the file and extract it to it's own folder on the desktop. Place a shortcut to Panda Activescan on your desktop. Please download the trial version of ewido security suite. Install ewido security suite and start the program from the icon on your desktop, then check for and download updates. Close for now. Reboot to safe mode and logon to your user account. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Open Ewido Security Suite
  15. Feel free to PM a moderator or Administrator with a request to have it removed, but I wouldn't count on it happening. It's not at all uncommon for it to happen, nor is it a security risk for you. As a general rule, every thread here may help someone else, therefore removing them isn't practiced. Google also keeps a cached page so removing the thread won't remove the Google hit, or the information there.
  16. When installed, Sun Java adds an autoupdate entry into the registry's run key, so that it starts everytime you start the computer. This is supposed to check for and notify you of updates. Unfortunately, in past versions it hasn't worked well, nor did the update feature in the Plug-in. I'm hoping they have improved on that in the latest version. I do recommend checking in from time-to-time just to be sure. Keep that cache clean too! Unfortunately, I can't kill Google for you. I did however, go through this thread and edit your last name from all the post's where it was shown. It shows u
  17. Check your private messages.
  18. Sneaky, eh? Your best bet would be to set a startup password in the BIOS.
  19. Both out of date and security risks. Uninstall them, go to the Sun Java Website and update your JRE.
  20. No need to scan anymore at this time. Instead, open the RegSeeker folder, then backup folder and locate one of the latest scan files. Right click and choose edit. Copy what is there and post that. Go ahead and run MWAV again and see if you can post the log. If not, send me the log file.
  21. Very happy to have helped. I'm assuming you are letting them on one of the accounts, which has admin rights. You could instead create another account for them with limited user rights, then password protect it (don't tell them the password). You could also place a BIOS password on it, which will stop anyone from getting beyond a prompt for a password every time the computer is turned on.
  22. Surf safe and enjoy! Let us know if you have anymore problems.
  23. I'm going to recommend Power Archiver, mostly because I like it better, partly because WinZip is an evaluation version and prompts you to buy everytime you use it. Download Power Archiver version 611 here. (it's the last free version) http://www.oldversion.com/program.php?n=powarc Install it (no need to run it), then right click the Regseeker file wherever you saved it (a convenient location is best....move it if you want) and select Extract here. You will be promted to associate zip files, and probably others. Say yes. You're most welcome.
  24. Save to disk. Doesn't matter where really, as long as it's not a temp folder. You'll need a zip program such as WinZip or Power Archiver to unzip it. I can give you a link if you need one.
  • Create New...