Help to remove roings

You mean the READ ME FIRST: Basic Spyware, Trojan And Virus Removal sticky. Did you run everything in that thread?

Check this out:
http://www.pestpatrol.com/PestInfo/r/roings_com.asp

What version of Ad-aware did you run? I seem to remember reading that they fixed this.

 

Okay Jeff! Post you HJT log as a .txt file attachment and I'll take a look at it. Make sure you have HJT version 1.98.2.

 

Jeff,

That's not an attachment. That's inline text.

I changed it to an attachment for you. Notice the difference?

 

First thing you need to do is get HijackThis off your Desktop and into its own folder. It's safer for storing backups that way. (It automatically creates a folder called backups).

Read thru the below stuff first to decide (where I have comments/questions) what you need to fix . Then run HijackThis and put check marks on all the lines put DO NOT CLICK FIX until you exit all browser sessions including the one you are reading this message in:
These 4 lines must be fixed:
O2 - BHO: jimmyhelp.CBrowserHelper - {85F7096C-E5F6-436D-BBB4-A25C5240C8B0} - C:\WINDOWS\knhnoxcof.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/...bin/actxcab.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} -

If you put the below restrictions in place using SpyBot (or some other program) leave the two O6 lines alone. Otherwise have HijackThis fix those two line:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Do you recognize the below IP addresses:
209.153.128.4 = [ dns.voyager.net ]
OrgName: Voyager Information Networks
OrgID: VIN
Address: 4660 S. Hagadorn Suite 320
City: East Lansing
StateProv: MI
PostalCode: 48823
Country: US
NetRange: 209.153.128.0 - 209.153.191.255

169.207.1.3 = [ asteroid.execpc.com ]
OrgName: Executive PC Inc.
OrgID: EXPC
Address: 2105 S 170th
City: New Berlin
StateProv: WI
PostalCode: 53151
Country: US
NetRange: 169.207.0.0 - 169.207.255.255

If not fix the O17 line too with HijackThis:
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCBAF29D-3166-4175-8961-B3CB74159C73}: NameServer = 209.153.128.4 169.207.1.3

After fixing all the above.
Enable viewing of hidden files and folders: http://forums.majorgeeks.com/showthread.php?t=37650
Reboot in safe mode: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
And delete the file:
C:\WINDOWS\knhnoxcof.dll

 

Your log looks okay now. Has far as those restrictions (the O6 lines) you may have done that using SpyBot S&D in advance mode, tools, IE tweaks. Look at the miscellaneous locks to see if you have any check marks. There is nothing wrong with doing this. I just wanted to make sure you did it and not some malware.

 

You're welcome Jeff. Happy I could help!

 

Jamjas,

Welcome to MG's! You should start your own thread for your problem. But before starting a thread try following the steps in the following thread: READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

 

Sounds to me like a false positive. See the following:

http://forums.net-integration.net/index.php?showtopic=24257

http://support.microsoft.com/kb/q182598/