Windows Memory mgmnt has it under its control. If you are looking at Task Manager, Available physical memory, and wondering why it is so big, possibly more than half your installed RAM, be assured...

Good morning.
Installing Recovery Console is a precaution in case Combofix breaks your sys. If you have a bootable XP cd you do not need it on your hard drive- it is then just a convenience.
This...

It will. If it returned once.... Okay, there are files there that I cannot see, to protect and regenerate malware. I suspect a rootkit, and this tool will flush out most problems:
==Download this...

Norton/ symantec. The latest product seems to be performing better in the mix. Anyway, trot along to this page and get the correct removal tool for your version of Norton - use it to completely clean...

Good stuff, bushoi.
You can close and open explorer.exe at will, it is nothing special. Think of it as similar to IE. Well, it doe share a lot of functions.
browseuiad.dll seemed to be a modified...

You would need to close all browsers [well, IE uses it... not opera or firefox] and also explorer, firstly. Delete via cmd.exe :
cd\
del /f /s /q /a C:\WINDOWS\system32\browseuiad.dll
Or there is...

Okay, thanks for that report. Because browseuiad.dll is unknown and its CLSID unregistered you should do the following:
Start hijackthis, select Scan Only, place checkmarks against all the entries...

Get Process Explorer from Winternals. The tool for the job. It will show you the handles and dlls used by any running process.

Check to see that you have this file in your sys: c:\windows\system32\browseui.dll -report back on this.
Virus Scan:
==Please go to this web page http://virusscan.jotti.org/, click browse and...

For a far more complete listing of startups you should use the Misc Tools section of Hijackthis. Msconfig gives you results from just a few registry keys.

Ah... I see where you are. Files and folders are it, just build a good structure with different aspects well separtated for easy location. I start right from the top with different partitions for...

A database?

I think you will find that the disk controller is in the hard disk package... Why? Because it alone knows where everything is on the disk surfaces. The OS just asks for things to be...

And rubbing with your fingertip with toothpaste is a great way to remove those minor scratches on the cd surface. True.
So, pits washed with warm soapy water, and cleaned with toothpaste, it's all...

Cool. Well, that seems to be all taken care of.
Cheers, Geoff. Good luck out there.

The name of its creator? Obviously you have checked for that, and one is not there. It did not delete, which is interesting.... so rename it and see what complains, if anything, ever - it has not...

That looks better, illahae. Just one thing, what does this file relate to : c:\windows\NV32643396.TMP ?
If it is benign [check its properties] then remove a few of those specialist tools you have...

Skynet. A rootkit. So that is what was hiding msiebbar.dll
This should not take long, but because there are still two drivers to delete we will use Combofix to delete them, in case they are...

Get CCleaner [see below].
Right. This method kinda ramps up... stop when you win. When you do, fix the O18 entry with hijackthis, and then run CCLeaner.
For a start, in an Explorer window, go...

Ah, okay, illahae.. It is gone, so you are pretty clear to go too. Ignore my post re SAS and Registry Editor - not required.
Cheers.

An example would be C:\ autorun.inf
Just use Explorer, expand each drive [partition] if it exists. If not, just run MBAM. These files are usually found in software cds to automatically start the...

Okay, It slipped my mind your having Superantispyware: Please disable it from starting with Windows via the system tray control centre. Restart your sys, and then fix that O18 entry with hijackthis,...

Aw... please don't run registry cleaners. They just don't do anything worthwhile. If you really want to speed up registry access then remove spaces and defragment it - sysinternals have a pgm for...

Okay on the MBAm action... did you miss fixing this one with hijackthis?:
O18 - Filter hijack: text/html - {27ad87fe-f8bf-4593-8e1e-9e7ca6a99ca6} - C:\WINDOWS\system32\msiebbar.dll
It is a protocol...

I might have known it.. there actually is a bestsitetobe.com

Okay, when you type in a URL, say http://www.bestsitetobe.com, the web does not recognise that as a valid machine address, so it is converted to one, an IP address, say 234.34.121.005 which is linked...

To elaborate on what godspeed posted.. those IP addresses are for an address in New Delhi : is that valid for you, plastered? They have persisted throughout all your posted logs, including those in...

Neitz, check in the root of each affected drive to see if there is a file called autoruns.inf: if so, delete it. Then...
==Please download Malwarebytes' Anti-Malware
from:...

Please do not use Rapidshare for posting logs. Post them here.
Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked....

In safe mode.. rename your MBAM and hijackthis exe files to say, mm.exe and ht.exe, try then to run them.

I bet heaps that Crunchie is going to ask for that comboFix log... it's in C:\.

I'm hoping so.
Cheers.

It is probably the log that some installer makes and refers to when installing software, also may be used by an uninstaller. If you are concerned about malware run a scan.

Well, that is interesting behaviour, not at all what I expected.
This is the file that concerned me.. it is a virus capable of spawning 100s of other files: C:\WINDOWS\system32\fokubino.dll
It was...

Ok, we shall try this, MBAM is blind to them for some reason.
==Download this file to your DESKTOP: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
.....or this file:...

And so give administrator privileges to any malware that would be interested in possessing them.

Bit of infection still in there, so for a start:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or:...

Well, simplest way is to rclick your IE icon, go Properties, Shortcut, Advanced. You will work it out from there.

Do i agree that it is a painfully long process...? Yep, getting your sys setup back how you like it certainly is.
So first, I wouild try system file checker... you know, Run..
sfc /scannow
And...

:)
I did mean the firewall, not utorrent.
Which, I guess, means KIS itself. you are going to need the cleaning tool to do it properly.