gerbil

Looking at your processes, windows defender and Spyware Doctor are blowing you outta the water, CPU time-wise. And what is winlogon doing using so much time? - it should be quiescent. Zero time, just barely showing..

Nothing shows as bad in that log. Use hijackthis to clean up by fixing these two entries: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (file missing) Cheers.

It appears that you have a vundo infection, or traces of one, so please rename hijackthis.exe to imabunny.exe - this is important. ==Please download VundoFix.exe to your desktop from [url]http://www.atribune.org/ccount/click.php?id=4[/url] Double-click VundoFix.exe to start it, click the Scan for Vundo button. When the scan completes click the Remove Vundo button. …

Use hijackthis to fix these two entries to clean up. That's it...:) O2 - BHO: (no name) - ¸?

497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: (no name) - ˆ?

49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

You don't get to be a squillionaire by being nice. You can smile, but not be nice. M$ has burnt you. Call em. And get Mozilla firefox or Opera. Anyway.

Hello, tooth. This should help. ==Download SmitfraudFix (by S!Ri) from [url]http://siri.urz.free.fr/Fix/SmitfraudFix.zip[/url] Extract the content (a folder named SmitfraudFix) to your Desktop. - Restart your computer in safe mode. - Open the SmitfraudFix folder and double-click SmitfraudFix.cmd, select option #2 - Clean [type 2 and Enter] You will be prompted: "Registry …

Assuming that it is the first, 39MB partition that you wish to lose, why not use a partition manager to merge it with C:? Windows may complain when you disturb its immediate environment [it knows where it lives and its immediate neighbours], but that is easily fixed by trashing a …

Oh, that is sneaky and so neat... all they have done is reverse the order of a standard hosts file entry - it looks like it could be right.... :), but breaks your access. First off, please move HijackThis from your desktop to a folder alongside your pgm files folder. …

==Download SmitfraudFix (by S!Ri) from [url]http://siri.urz.free.fr/Fix/SmitfraudFix.zip[/url] Extract the content (a folder named SmitfraudFix) to your Desktop. - Restart your computer in safe mode. - Open the SmitfraudFix folder and double-click smitfraudfix.cmd, select option #2 [type 2 and Enter] You will be prompted: "Registry cleaning - Do you want to clean …

Luke, toss us a hijackthis log, will you? HiJackThis: ==download hijackthis: [url]http://216.180.233.162/~merijn/files/HijackThis.exe[/url] -install it to a new folder alongside your program files and then rename the Hijackthis.exe to imabunny.exe. -in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer …

Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked. O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - [url]http://dl.tvunetworks.com/TVUAx.cab[/url] O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Plus\rtemehd.html Good. Now navigate to and delete this file and its folder: C:\Program …

If you have XP SP2 you cannot uninstall IE6 - it's integral. You pretty much reinstall or repair SP2, or repair just IE6.

...polite cough....

Hi, nerd, a few things to do. First, we cannot work with hijackthis where it is - it's risky for you. Delete it from there and extract a new copy, install it to a new folder alongside your program files and then rename the Hijackthis.exe to imabunny.exe. Done that? Good, …

Please retain only ONE resident AV - that is important. Remove the others now. Good. For a start you have/had a vundo infection... so just in case something else is hidden would you rename hijackthis.exe to.. umm... imabunny.exe for the next scan, please? Now move it from your desktop to …

==Download fixwareout from [url]http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe[/url] - and save it to your desktop. Double click Fixwareout.exe to start the Fixwareout Setup Wizard, click next and then install. Ensure that Run fixit is checked, and click on Finish. After the fix follow the prompts. You will be asked to reboot your computer, and …

This should help, Thierry: Either: go Control panel > folder options OR: in an explorer window > tools>folder options; - then view tab, and press Show hidden files and folders. ==Download fixwareout from [url]http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe[/url] - and save it to your desktop. Double click Fixwareout.exe to start the Fixwareout Setup Wizard, …

First things first - with resident AV pgms more is DEFINITELY not better. You must remove, now, one of either Norton or Avast AV's. Good. For a start you have a vundo infection... so just in case something else is hidden would you rename hijackthis.exe to.. umm... imabunny.exe for the …

If it is the same as with XP you cannot remove it, you can only stop it. It is a windows component. Icon is on the left. Upgrade over the top of it.

You could fix these two.... R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file) 2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) ..and that's it. Done.

cdg, for you as user the internet start page setting is blank: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = So set a new one as home page. There are no obvious problems in your log, when I see problems such as you describe the first thing I suspect are OS problems. …

If you were to run a hijackthis log and check the O4 entries doubtless you would find an entry something like this.... O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\system32\adrotate.dll (file missing) Am I right? Good, check that entry and press Fix Checked... HiJackThis: ==download hijackthis: [url]http://216.180.233.162/~merijn/files/HijackThis.exe[/url] -install it …

Files move when files/folders are on the same partition, they copy to files/folders on different partitions. To force the move rclick and select move when u drag.

Looks fine, Shane. Just fix this entry: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Cheers.

Get yourself a cheap registry cleaner - any half-decent one will recognise an entry that points to a file that no longer exists. And they don't come cheaper than CCleaner... CCleaner: ==Get CCleaner from [url]http://www.ccleaner.com/[/url] - and put it in a new folder. You should aim to keep this one …

A week or two old? That is a warranty job. You are paying for it, so get some value.

Hmmm, fish, this is what you wrote last time: "Hello there.Once again my browser has been hijacked by pop-ups. It's strange because I have AVG antivirus/spyware protecting me, but it's happened again. Is AVG not doing its job? What is a good piece of software to actually stop my browser …

Holy Cow!! What a selection! First things first, so please do these things in this order: For a start you have a vundo infection... so just in case something else is hidden would you rename hijackthis.exe to.. umm... imabunny.exe for the next scan, please? And move it to a new …

Actually, serunson, what is the difference between "folder" and "file folder" in that list of file types? I have my various lclick settings [rclick options] for general folders under "folders", and am happy wiht the way things work. I do not know what file folders are... d:(

Please move hijackthis from its current location - I suggest you install it into a folder alongside program files. Next go to add/remove pgms and remove Get Torrent. Delete its pgm folder. Then start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and …

A nice read, DMR. Thanks.

Try this. If it is possible to open the recovery partition to the i386 folder.... -Open an Explorer window, search for msoe50.inf -the default location for this file is in the C:\Windows\Inf folder. -Right click the Msoe50.inf file, and then click Install. -in the window that opens browse to the …

Looks clean. Remove this old Mcaffee item by fixing it with HT: O2 - BHO: (no name) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)

===Download SDFix from here: [url]http://downloads.andymanchesta.com/RemovalTools/SDFix.exe[/url] and save it to your desktop. Dclick SDFix.exe and choose Run to extract it to %systemdrive%, which commonly will be C:\ ===Restart your computer in Safe Mode:- press F8 several times while POST is running and before IDE detection completes. - On the Windows Advanced …

godz, how much trouble would it be for you to format and reinstall? You have two backdoor hacks in there allowing remorte control of your computer - read up on these: msnntlp.exe & csrrs.exe -Google them. But that is not all you have... spammers and infostealers. We possibly can clean …

Not much is ever assinine witha puter, tigerlily [spelt it like that cos it's easier than doing a letter by letter job with your's]. Your log is clean. With a suspected vundo issue though it pays to rename hijackthis to something else because some variants detect it running and stop …

Well, that is good, you don't want it found :) Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [mgea1908] RUNDLL32.EXE w002763f.dll,n 006a19020000000a002763f O4 - …

Jay, when it finally does boot up, run checkdisk. Go Start, run, type: chkdsk /f -and Enter. Answer Y to the window, shutdown and restart. Come back with what happens.

A couple of things to deal with, Denis, and you should be clean. First, did you add this to your trusted zone? O15 - Trusted Zone: *.westlaw.com If not, add it to the list of things to fix with Hijackthis.. which is pretty short. Fix this entry with Hijackthis: O4 …

"And I followed a few of the links in one of the stickies, but as slow as this compuer is..I really don't feel like downloading and installing 20 different programs just to find out which one will make a log of what nasty trojans/viruses/etc stuff is on my computer." If …

Hi, miss, would you run these tools please and post also another hijackthis log. But first please install Hijackthis to a new folder alongside your program files and then rename the Hijackthis.exe to imabunny.exe. CCleaner: ==Get CCleaner from [url]http://www.ccleaner.com/[/url] - and put it in a new folder. You should aim …

Ok, goman, sre you ready to work? Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked. F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ajxgjla.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (file missing) O2 - BHO: Yahoo! IE …

Start hijackthis, -select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked. O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - …

Can you ping, say, google? In that cmd window of before, type, or paste: ping [url]www.google.com[/url] You should get a reply within a sec. I'll have to leave it to kylcrow to comment on the ipconfig result cos it means very little to me.

For a start you have a vundo infection... so just in case something else is hidden would you rename hijackthis.exe to.. umm... imabunny.exe for the next scan, please? Please download VundoFix.exe to your desktop from [url]http://www.atribune.org/ccount/click.php?id=4[/url] Double-click VundoFix.exe to start it, click the Scan for Vundo button. When the scan …

While in Safe mode start chkdsk with parameter /f ... If that reports no errors then run sfc /scannow with your XP installation CD in the drive.

jb, did you find that grub trying to maul your winlogon.exe, or was it something else? AVG 7 is a great AV, I rarely do AS scans - only when i suspect something is amiss..., Spywareblaster is a good blocker, and either ZA or Kerio as walls. jb... how much …

try running chkdsk on it from your xp installation cd [recovery console...] chkdsk /p And then slave it and copy off. Or use a recovery cd to get a copy command going.

Ri-ight. Start hijackthis, and select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked. O2 - BHO: (no name) - {E2B8CF8C-E0B0-4A16-8500-30C04EC8CD00} - C:\WINDOWS\system32\jkhff.dll (file missing) O8 - Extra context menu item: Crawler Search - tbr:iemenu O9 - Extra button: PartyPoker.com - …

What? another one who's lost control of add/remove? with photoshop? by any chance do you have a 64bit processor? anyway.. I may be barking up the wrong tree, but perhaps if you navigate to this key in your registry [go Start, run, type regedit and press OK]: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall -then rclick …