Hey we're the same age, :cool: kewl. LOL

OK, that's great. Don't be embarrased, I'm impressed that you knew enough to try doing this on your own with HijackThis.de

OK, here is what I would like you to do. I would like you to do these in Safe Mode, so you should print out the instructions first.

Please download Spy Sweeper from my signature. Install it and update the program. Dowload RegSupremePro from my sig. Install it, exit out. Download but do not install Hoster, you will use that later.

Next please make sure that you have disabled the System Restore on your PC, and that you have all files and folders showing, refer to instructions in previous post.

Now please boot into Safe Mode, run CCleaner make sure that all options are checked including Advanced, click on OK to each warning. Click on Analyze, let it run. When it has finished, click on Run Cleaner. exit out of CCleaner when it has finished.

Next run Spy Sweeper, click on Options, Sweep Options, make sure all drives are selected, and all options are checked except Do Not Sweep System Restore Folders. Click on Sweep Now, and then the Start button. Let it run. When it has finished, allow it to quarantine everything that it locates.

Now unzip the Hoster file, Press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original Hosts file.

Next run your ewido, noting any item it is unable to fix.

Now run HijackThis, fix the following if they are still there, delete the file in bold.
Run CCleaner again, and then reboot back into normal mode. Now run RegSupremePro, it will want to make a back up of your registry, let it, naming for today's date. Once it has finished, click on Registry Cleaner, choose Aggressive and then click Start. Once it has finished, click on Select, and choose All, then click on Fix. Allow it to fix everything that it finds.

Now run another HJT log and post it back here.

Look forward to your reply.

TTFN

LGW

Thank you for taking all this time. I will follow your instructions.

Lady,

Should I be using "Quarantine" and "Immunize" when I run adware SE and Spybot? AND should I be running these in safe mode? .....So much for my day off....

@Darus Don't fix this entry with hjt:

O17 - HKLM\System\CCS\Services\Tcpip\..\{489E7FB5-7D42-4162-BDA4-B0AF737276A2}: NameServer = 64.136.28.120 64.136.20.120

I have removed it from the fix list.

Hey Guys,

@Darsus, sorry about your day off sir, but think how well your computer will be running. If you also have Adaware and Spybot, by all means use them as well, make sure their updates are current before booting into safemode. I usually run them after ewido, before HJT.

@Joe, don't leave us hangning Joe, you know I bow down before your superior knowledge. Where did I make the mistake? The file didn't associate with NetZero, please tell us so we can learn. :kiss:

TTFN

LGW

http://samspade.org/t/lookat?a=64.136.28.120+

OK, is Juno a provider for NetZero? The 017 entries always make me crazy.

Should I be looking at who is instead of googling an 017? Thanks Joe, you're knowledge and guidance is as always greatly appreciated.

TTFN

LGW