gerbil

Haven't a clue; best post a log... apart from it just sitting there, browsing has gotta be the least load you can put on a sys. And that's not a teddybear, that looks like Ee-ore!

I see nothing there, yogi... you could do these things for a more in depth check: Clean up first: ==Get CCleaner from [url]http://www.ccleaner.com/[/url] - and put it in a new folder. You should aim to keep this one for general use. I set the installation checkboxes only to open from …

Doug, HiJackThis: ==download hijackthis: [url]http://www.majorgeeks.com/download5554.html[/url] -install it to a new folder alongside your program files and then... rename hijackthis .exe to imabunny.exe -in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis. -click the Scan and …

Could you try swapping, even reseating, your RAM sticks? If you have more than one, try running with just one in slot #1, then the other....

The system idle process...to put it simply the figures in that column you are looking at, CPU time, represents the time being allocated to a process and are expressed in parts per 100, where 100 represents full CPU utilisation. A process is assigned a portion of total CPU time in …

Heya, soldier, this should start sorting things out for you... ==Download SmitfraudFix (by S!Ri) from http://siri.urz.free.fr/Fix/SmitfraudFix.zip Extract the content (a folder named SmitfraudFix) to your Desktop. - Restart your computer in Safe Mode - Open the SmitfraudFix folder and double-click SmitfraudFix.cmd, select option #2 - Clean [type 2 and Enter] …

In your log 3 entries show with file missing, use HT to fix those [one O2 and two O3's] -tht just tidies stuff up, won't speed up stuff. Lose the Compete toolbar and ALL the Google desktop aids and toolbars - say what happens.

minesz, follow dortz' instructions to th Edit button and put up a copy of the notepad that opens, cos what you folks are discussing is clear as mud. Pretty much.

The O22 entry shown below is your problem's source, I think - it is a Smitfraud variant, but the normal and best tool for removing it won't work with Vista.... Your Superantispyware should have detected n removed some of its keys, but it appears to have left this one plus …

I do not have Outlook... but is there any chance you have set the font colour to match the background colour? Sorry if this seems to be a trivial answer... ;)

Hello, andy, you have something with the appearance of a vundo infection. For your next hijackthis scan please delete your copy of hijackthis.exe and download this: [url]http://www.majorgeeks.com/download5554.html[/url] Please then rename hijackthis.exe to imabunny.exe - this is important. ==Please download VundoFix.exe to your desktop from [url]http://www.atribune.org/ccount/click.php?id=4[/url] =Restart your system in Safe …

Use hijackthis to fix this entry: R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe Say how it goes.

Hi, Michael, let's try to see what you have. Because you had a vundo infection please rename hijackthis.exe to imabunny.exe - this is important. I should not doubt Norton's expertise, but... ==Please download VundoFix.exe to your desktop from [url]http://www.atribune.org/ccount/click.php?id=4[/url] =Restart your system in Safe Mode. Double-click VundoFix.exe to start it. …

The log appears clean. It could be your shell32.dll with problems - try going Start, run, type: sfc /scannow -and press Enter, you will probably need your installation CD. If that does not do the job then a windows Repair using that CD would be my next call [you bypass …

Iexplore won't run, huh? Okay, cos you have an active desktop I would remove that [O24], remove all the Google BHO's [uninstall google desktop and fix the google O2's and O3]]. I'm just guessing tht one of your browser addons has killed your browser and hence your active desktop. Clean …

I love fooling round in the dark. Lessee, try this: ==Download fixwareout from [url]http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe[/url] - and save it to your desktop. Double click Fixwareout.exe to start the Fixwareout Setup Wizard, click next and then install. Ensure that Run fixit is checked, and click on Finish. After the fix follow the …

Can you start in safe mode? Windows may have been updating a timezone file for its datetime service... but that should have gone ahead unless you did an abrupt or hard shutdown like a plug pull.

abhi, hello. ==Please download VundoFix.exe to your desktop from [url]http://www.atribune.org/ccount/click.php?id=4[/url] =Restart your system in Safe Mode. Double-click VundoFix.exe to start it. Click the Scan for Vundo button. When the scan completes click the Remove Vundo button. You will receive a prompt asking if you want to remove the files - …

It's late, I'm going to just try a guess... Copy this download into the pc. It fits on a floppy. Or use Safe mode with Networking to go directly. ==Download SDFix from here: [url]http://downloads.andymanchesta.com/RemovalTools/SDFix.exe[/url] and save it to your desktop. Dclick SDFix.exe and choose Run to extract it to %systemdrive%, …

that sounds terribly tricky..... is it black as it runs BIOS?

C:\WINDOWS\TEMP\SI5CB5.EXE What is this file? I am always suspicious of pgms that execute from a temp directory. I do not see what started it... You may wish to submit your services.exe for a scan at [url]http://virusscan.jotti.org/[/url] Either browse to the file or paste in the pathname above.

==Download this file to your desktop: [url]http://download.bleepingcomputer.com/sUBs/ComboFix.exe[/url] ==Download SmitfraudFix (by S!Ri) from [url]http://siri.urz.free.fr/Fix/SmitfraudFix.zip[/url] Extract the content (a folder named SmitfraudFix) to your Desktop. - Restart your computer in safe mode. - Open the SmitfraudFix folder and double-click SmitfraudFix.cmd, select option #2 - Clean [type 2 and Enter] You will be …

Hi.. need much more info than that. So... what file did AVG say the trojan was in? ==Get CCleaner from [url]http://www.ccleaner.com/[/url] - and put it in a new folder. You should aim to keep this one for general use. I set it from the installation checkboxes to only open from …

Hello, start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked. O4 - Startup: PowerReg Scheduler.exe O4 - Startup: PowerReg SchedulerV2.exe ==Get CCleaner from [url]http://www.ccleaner.com/[/url] - and put it in a new folder. You should aim to keep this …

In Add/remove pgms uninstall MessengerPlus3. If you really want it then afterwards reinstall the software but WITHOUT the added "sponsor" - it's LOP adware. Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked. O2 - BHO: (no name) …

Hello, Azriel. You must remove either AVG7 or Symantec AV -simply, two resident AV services will conflict. Realistically, more than one Antisyware service running will just slow your sys down; you have Spyware Doctor, Spybot, AVG AS, Defender...... But the log is clean to me. Loaded, but clean.

Try this scanning site: [url]http://virusscan.jotti.org/[/url] - either paste into the box the pathname of each file [eg C:\windows\system32\wscntfy.exe] or browse to them. Post the results. ==Get CCleaner from [url]http://www.ccleaner.com/[/url] - and put it in a new folder. You should aim to keep this one for general use. I set it …

There are many of em, but the ones you want are listed in your HT log... Most of them are necessary. If you don't have OFFICE and wish to stop ctfmon you must uncheck Language Bar in your Taskbar properties [rclick it]. I think realsched will reload next time you …

empty keys, you mean? don't worry about them... just looka t the overall size of the registry and see how insignificant a couple of null entries are. But cannot delete ANYTHING from reg? Post the keys [export them..]

Show hidden files and folders in folder options, CP; your hosts file is at windows\system32\drivers\etc\hosts You may need to run this to see it: Start, run, paste in this and press enter: attrib -s -r -h %windir%\system32\drivers\etc\hosts You can also view it with hijackthis, misc tools, hosts file manager...

The first one I find interesting [the O14 entry]- do you use this site? If you are happy with it, drop it from the fix list: O14 - IERESET.INF: START_PAGE_URL=www.naver.com O16 - DPF: {325AB8C2-1609-4040-948F-697D52D4CF2B} - O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum455.txt Start hijackthis, select Scan Only, place checkmarks against all the entries …

A naked XP!! You were a sitting duck for this!! It is just FOOLHARDY to not have SP2. So now you've got worms. =Rename the Hijackthis.exe to imabunny.exe. =Please download HostsXpert v4 from: [url]http://www.funkytoad.com/content/view/13/31/[/url] and extract it to your Desktop. =Click the Restore MS Hosts Button and then click OK …

Bloody hell! What a mess! ==Download fixwareout from [url]http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe[/url] - and save it to your desktop. Double click Fixwareout.exe to start the Fixwareout Setup Wizard, click next and then install. Ensure that Run fixit is checked, and click on Finish. After the fix follow the prompts. You will be asked …

t appears that you have a vundo infection, or traces of one, so please rename hijackthis.exe to imabunny.exe - this is important. ==Please download VundoFix.exe to your desktop from [url]http://www.atribune.org/ccount/click.php?id=4[/url] ==Download this file to your desktop: [url]http://download.bleepingcomputer.com/sUBs/ComboFix.exe[/url] =Restart your system in Safe Mode. Double-click VundoFix.exe to start it. Click the …

ello, gerardo, first off you gotta get rid of one of those resident AV's; since you are paying for Norton I suggest you fire AVG7. Now. MyWebSearch Search Assistant - Go to Add/Remove programs and remove MyWebSearch Bar, MyWeb Search and Search Assistant. Start hijackthis, select Scan Only, place checkmarks …

Did McAfee tell you what file the virus is in? First do a cleanup. ==Get CCleaner from [url]http://www.ccleaner.com/[/url] - and put it in a new folder. You should aim to keep this one for general use. I set it from the installation checkboxes to only open from the recycle bin. …

This is your main pest: C:\WINNT\svchost.exe But I see that you have MyWay Search Assistant. We can get rid of it first off.. First see if it is listed in Add/Remove pgms list - remove it if able, then.. Go start > run, paste: MsiExec.exe /X {78d944d7-a97b-4004-ab0a-b5ad06839940} -and Enter. If …

==download hijackthis: [url]http://www.majorgeeks.com/download5554.html[/url] -install it to a new folder alongside your program files and then -in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis. -click the Scan and Save a Logfile button. Post the log …

Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked. O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing) O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya7.0\docs\Wrapper.conf …

CPU usage only 24%? Errr, what's it doing, launching a space shuttle? Lessee, as I type, playing some music, mine is 5%. No music, bout 1%... Check your network traffic while it is [you consider] idle. Course, that does not catch all malware being active, cos some are smart enough …

I can't see what AVG has quarantined, but you should be on safe ground emptying the bin. Please change the name of hijackthis.exe to imabunny.exe. Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked. O2 - BHO: (no …

Um, Vista... right..... First off pls check the properties of this file: C:\WINDOWS\SMINST\launcher.exe ==Get CCleaner from [url]http://www.ccleaner.com/[/url] - and put it in a new folder. You should aim to keep this one for general use. I set it from the installation checkboxes to only open from the recycle bin. It's …

ur using a linux boot loader. Where's jb when you need him?

That R0 entry... that is the homepage that you set up, right? Cos it is html, and would be pulling in a web page...? It works for you?

Sure it's a virus? Test your ActiveX support here: [url]http://pcpitstop.com/testax.asp[/url] -you gota use IE for this, FF n Opera don't use ActiveX. If that is not it... ==Get CCleaner from [url]http://www.ccleaner.com/[/url] - and put it in a new folder. You should aim to keep this one for general use. I …

It appears that you have a vundo infection, or traces of one, so please rename hijackthis.exe to imabunny.exe - this is important. ==Please download VundoFix.exe to your desktop from [url]http://www.atribune.org/ccount/click.php?id=4[/url] ==Download this file to your desktop: [url]http://download.bleepingcomputer.com/sUBs/ComboFix.exe[/url] =Restart your system in Safe Mode. Double-click VundoFix.exe to start it. Click the …

.

MyWebSearch Search Assistant - Go to Add/Remove programs and remove MyWebSearch Bar, MyWeb Search and Search Assistant. Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked. O8 - Extra context menu item: &Search - [url]http://edits.mywebsearch.com/toolbar...p=ZJxdm027YYUS[/url] And then as …

This is important : you MUST remove all but one of your resident AV services. I suggest you keep only Zonelab. You can help us a little by doing this, muffin: -for a start I cannot tell what hijackthis version you have used, so if you have not already got …

tinahakina, if you just do the following it should help. Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked. O4 - HKLM\..\Run: [p73O3nW] ifmdle.exe O4 - HKLM\..\Run: [Winzip Taskmngr] C:\update.exe O4 - Startup: PowerReg Scheduler V3.exe Then delete …