JeanInMontana

Welcome to Malwarebytes CBB. Have you used the most recent versions of RogueRemover Pro and SmitFraud? Both of these programs are updated all the time. Please update RogueRemover Pro and run a scan have it remove everything it finds, then let me know how it goes.

Wow! 5659 now. SiteHound stopped me cold from going to Oska's home page.

Wow! It's at 5510 now. I thought it might get a 100 when it had 10 Diggs in the first 7 minutes it was posted. This is awesome. BTW I thought I would check out the Oska homepage and SiteHound stopped me cold with a full page warnig. SS&D is not the only program aware of the evil at Oska.

SS&D has been served a CAD (Cease and Desist) and the reply, I'm assuming from Patrick is awesome. I put it on Digg. I think it would be good to support Patrick and Digg it.

The Top 25 Web Hoaxes and Pranks These online spoofs and shams have made the rounds on Web sites and through e-mail. Perhaps you even believed one or two of them yourself. Steve Bass Thursday, May 03, 2007 1:00 AM PDT Whether they take the form of a comic image of a giant cat or a desperate plea from a sick child, chain e-mail messages and Internet frauds are elements of the online landscape that we've all encountered. No topic is off limits: a medical warning, a promise of free money, or a believably (or shoddily) Photoshopped image. But at the end of the day, they're just elaborate hoaxes or clever pranks--and we've collected 25 of the most infamous ones ever to have graced the Internet or our inboxes. Though some of these deceptions originated years ago, the originals--and dozens of variants--continue to make the rounds. If you keep a patient vigil over your e-mail, you too may eventually spot a message urging you to FORWARD THIS TO EVERYONE YOU KNOW!!! And if you haven't had enough when you finish reading this article, take a hoax test at the Museum of Hoaxes, and then hop over to Snopes, the premier myth-dispelling site for coverage of zillions of other falsifications. I intend on sending Steve an email and informing him Snopes is not the only game in town.

Congratulations on the new baby! Your log looks clean you can remove the two items below by running a scan again and putting a check next to each and click on fix. StartUpLite a free program on this site will help you get rid of some auto start programs and speed you up. The programs will still be there you will just have to start them manually when you want to use them vs them running all the time using up resources. O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

Your welcome. If you like you can donate here it is not necessary we are happy to help you, but it does cost to run the site. I will close this topic now since it is resolved. Come back anytime you need help.

Run HJT again and put a check in the box next to this item: O22 - SharedTaskScheduler: admissibility - {da3b49f6-8c54-4429-a275-21a86dcca413} - C:\WINDOWS\system32\xuoce.dll Then reboot and delete this file: C:\WINDOWS\system32\xuoce.dll . Let me know how it looks. If the icon is gone there is no need to post another log if it is still there I will need another log.

OK get the HJT version RubberDucky has posted in the very first post in this thread and post a log using that program in this thread please.

Hi and welcome to Malwarebytes. I moved your topic to your own thread. Your log will not show as anyone else's, your log is of your system, the other log is of their system and you used a different version of HJT. Did you update Rogue Remover before you scanned? Be sure to check for updates and scan again. You can rerun HJT after moving it to a folder of it's own, create a folder and name it HJT or another name of your choice. Then run a scan and put a check into each of the following be careful to only check these items. Once checked click on fix. Reboot and post a new log in this thread. R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file) O2 - BHO: (no name) - {1FC80E00-41B0-4F74-BC16-2C83ED49CAC9} - C:\Program Files\Video AX Object\bpvol.dll (file missing) R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

Closing topic due to lack of response.

This topic is being closed due to lack of response from the user. Should you require further assistance send a PM and we can open the topic again.

Jeru are you done with assistance here?

Your welcome Joe. Thank you for bringing this topic to our attention. RogueRemover is always a work in progress. Feel free to stick around and participate in the beta testing or any other topics of interest to you.

Your log is fine Joe. I was hoping to see some of the program left over for more proof. Thanks for your time.

Hi Scorpion and welcome to Malwarebytes. I've seen your post and replied.

Hi and welcome to Malwarebytes. Get this program CWShredder run it and have it remove/fix everything it finds. Then post a HiJack This! log, get it here . Start your own topic here. Don't do anything until you are told what to remove.

I don't see anything at first glance either. I am too burnt right now to do much searching. I will give it a more in depth look in the AM. Thanks Joe.

Thanks Joe, would you post a HiJack This! log here in a new thread of your own please? Run the scan and save the log then copy and paste it. You can get HiJack This! here for free. This is just to see if everything is really gone from the program and maybe get more evidence. This is most interesting. Thanks again for taking the time to let us know.

Hi Joe and welcome to Malwarebytes. Thanks for posting your findings, very interesting. Please give us all the "dirt". Your on target with your observation about rogues IMO they seldom come over to the light side completely. Many revert to their old ways after cleaning up their act for a short time.

That sounds fun.

What IRC channel are you talking about? Is RubberDucky aware of this?

Here are a couple links http://spywarewarrior.com/rogue_anti-spyware.htm and http://spywarewarrior.com/viewtopic.php?t=1154 and more here http://www.dslreports.com/forum/remark,9877664 . I find a good way to dig up info is to Google using the terms [product name] "rogue" you either get pages of hits or nothing.

http://www.applecore99.com/gen/gen059.asp That link is far to technical for me but it did contain your exact description. This was the Google hit page using your exact description http://www.google.com/search?q=runtime+err...lient=firefox-a There are lots of hits to sift through. Let us know if you find a fix so we all learn. Good luck.

Visitors to the forum agree to the terms stated below: This is a set of public forums. All posts made to these forums express the views and opinions of the authors who post them, not the administrators, moderators, or webmaster (except for posts by these people). The webmaster of these forums disclaims all responsibility for the views and opinions expressed by visitors (registered or not) to these forums. By registering for the forum, you must agree to to the following terms: While the administrators and moderators of this forum will attempt to remove or edit any generally objectionable material as quickly as possible, it is impossible to review every message. Therefore you acknowledge that all posts made to these forums express the views and opinions of the author and not the administrators, moderators or webmaster (except for posts by these people) and hence will not be held liable. You agree not to post any abusive, obscene, vulgar, slanderous, hateful, threatening, sexually-oriented or any other material that may violate any applicable laws. In addition you will not engage in any sort of spamming, whether it is comment spam (injecting a comment into a thread for the purpose of placing a link back to a website offering the same services offered here; or services totally unrelated to this website), the use of signature links deemed to be for the sole purpose of increasing web traffic to a site of interest by the member, or any combination of those two examples. This includes the Personal Message feature. Images or code in signatures or posts, such as HTML or JavaScripts that might collect any information from other users, are not allowed. If found, they will be removed by an administrator or moderator and the user will be warned. A second offense will result in being deactivated and banned. The forum moderators and administrators retain the right to edit and / remove inappropriate posts. Inappropriate posts include offensive comments, rudeness to other forum members, personal attacks, foul language, flaming, trolling, linking to a site that would be considered offensive by most people, spamming the forums with advertisements, posting any links to or information about hacking/cracking sites or info, and links to download copyrighted material using P2P software. Engaging in any of the aforementioned activities may lead to you being immediately and permanently banned (and your service provider being informed). The IP address of all posts is recorded to aid in enforcing these conditions. You agree that the webmaster, administrator and moderators of this forum have the right to remove, edit, move or close any topic at any time should they see fit. As a user you agree to any information you have entered above being stored in a database. While this information will not be disclosed to any third party without your consent the webmaster, administrator and moderators cannot be held responsible for any hacking attempt that may lead to the data being compromised. Only approved people are allowed to make comments in HiJack This! threads. If you have not received permission from a member of administration do not post to these threads! You will be warned and the post removed. A second offense could result in your posting privileges being removed or membership deleted and banned. This forum system uses cookies to store information on your local computer. These cookies do not contain any of the information you have entered above; they serve only to improve your viewing pleasure. The e-mail address is used only for confirming your registration details and password (and for sending new passwords should you forget your current one). To complete the registration process you must click on an activation link that will be sent to you via email, use a valid address. Be sure to add this domain to your allow/safe list in order to receive your activation link. By registering for this forum you agree to be bound by these conditions. The management team at Malwarebytes looks forward to getting to know you and helping with any assistance you may need with your computer.