Posts by TallCool1

You have three messengers starting on boot - I left them alone, but don't recommend you allowing them to autorun - instead get Trillian, remove all three of them, and start it yourself.

Or, you could try GAIM -- it's a little lighter on resources than Trillian, and it's truly free.

it just doesn't work anymore, i go 2 open a new window, a new window opens, but just freezes and but doesn't load.

Have you tried opening an Internet Explorer Window? If so, what happens?

Since the AOL browser is built on IE, this will tell us useful information.

The About:Blank homepage problem is back.

You have been hijacked again!
LolaWeb.winhost--and a dialer. You also might want to install some free prevention measures, including SpywareBlaster and SpywareGuard. These will stop malicious ActiveX installs, a major part of your problem.

Remove these, boot in to Safe Mode, and remove the associated files, if present:

O2 - BHO: (no name) - {8EA3B1C3-CC54-4508-803E-F13A26275DED} - c:\winnt\system32\efabfa.dll (file missing)

O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)

O4 - HKLM\..\Run: [Winhost] C:\WINNT\winh.exe

O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_US.cab

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Resource wasters, remove:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/21a2d5aa2b87f2...ip/RdxIE601.cab

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

For security reasons, you will also want to update Adobe Reader to v6.01 and WinZip to v9.0--or, better still, try the free 7-Zip instead.

When i go on a website where i want to download something IE xploer 6.0 wont show the download icon whether. icons which have links to other websites work--it's just the ones which u click to download files.

No direct idea (you may have been hijacked), but try this as a test and work-around: right-click on the link and select Save Target As... from the drop-down menu and see if that works. The first thing you should test it on is HijackThis (for the instructions--you may have to download from one of the listed mirrors). Follow the instructions, and see my article (link below) for more information, then post the log here.

I really appreciate your help. Here's the my new Hjt log

I forgot to mention CoolWebSearch. You're infected with that, so you need to run CWShredder, too.

Every time I add a fav., it shows the website's icon...few days later it gets replaced with the blue 'e'.
Any way to keep ie from doing this?

This has been discussed before. See: http://www.daniweb.com/techtalkforums/thread5002.html

My computer had a virus for months and i couldnt use it. it was called trojanhorse.exe or something like that. well, when my computer finally got fixed, my javascript stopped working and so did microsoft virtual machine. the error message says microsoft virtual machine cannot be found. class not registered.

One work-around is to download and install the Sun Java Runtime Engine--it's more compatible and complete, anyway.

JavaScript is a separate issue, actually. Even I didn't know that until recently. The browser controls that. I'm locked out of my Windows partition right now (don't ask). Maybe someone else could step you through that aspect.

Everytime i run AVG now i get , Trojan horse PSW.Bispy A and B. infected, embedded object... 2 sets of them, Total of 4.

It appears to infect system files, but it's unclear exactly which ones. That's is why it can't be removed by the virus checker. I used the search term Bispy to find what I could on it, but not much specific information.

I haven't a clue how to get rid of cool switch - power menu - I don't know where they came from.

PowerMenu is easy, though it doesn't seem to be a problem. Just delete the icon from the Startup folder and remove the directory it "lives" in. CoolSwitch is part of the Windows XP PowerToys suite, and should be removeable from the Add/Remove Programs menu.

The Google toolbar has a good pop-up stopper, among other things.

The only line that seems to remain is:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

The above is just MY technical assessment on your issues... Get a second opinion if that makes you more comfortable since I am new to this forum.

I second your evaluation, and add one. Unless you have a strong need for it, disable or remove:

O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe

It's a chipset/motherboard monitor that is a resource hog. If you like that sort of thing, disable it and try Motherboard Monitor instead--but I would just plain remove it, myself.

windows explorer not opening

You have been hit by multiple hijackers. The one causing your main problem is the Hungry Hands pr0n hijacker. You can get rid of it with Ad-Aware--just be sure to update the data file first. Also, be aware that Incredimail is adware, possibly spyware, and a known cause of instability. Run Ad-Aware and post a new HjT log, then we will deal with the leftovers.

Also: your Internet Explorer needs mucho patching! That's part of your problem, as well. Go to Windows Update for those ASAP.

the`site for the LSPFix

Oh. I'll attach it...

The problem I have is that when I use my mouse to open something, there is hesitation before it opens the command. Sometimes it's worse than others. I try to restart my computer, and sometimes it seems to help, and other times it doesn't.

There are a number of things that can cause this problem, the most likely being that something is using 100% of your CPU cycles. Since you are a novice, we will take a slightly more circuitous route that, still, will get us to a useful place.

Start by doing a "three-fingered salute"--that is, press the [Ctrl]+[Alt]+[Del] key combination once. This will bring up the Task Manager window. Copy down the list of running programs that appears there, and post it.

How do you hook to the Internet? Which anti-virus program are you running? Has your son scanned your system for adware or spyware lately?

I can't get to it. The site is blocked where I am

Which site are you referring to?

F0 - syst>m.ini: Shell=
F0 - R >ystem.ini: Shel>=
F0 - R >ystem.ini: UserInit=

It looks like a corrupted registry. You may want to try a registry cleaner like Ashampoo WinOptimizer to fix this.

Another thing I noticed is that you have WinAmp 3 installed. For security reasons, upgrade to v5.03.

it may be a good idea to make Internet Explorer associated with .gif and .jpeg files by going to "Start" button "Settings" and "Folder Options" and then the "File types" tab.

This has no effect whatsoever on displaying graphics within HTML pages--in fact, IE is about the worst program to use for displaying stand-alone graphics. IrfanView or XnView are much better for that--and they're both free.

I appreciate your input, though.

I take it Mywebsearch is a bad thing. Cause i willingly downloaded it. Ill give it a try, and post my HJT log here. Thanx for the help. B B L.

MyWebSearch is adware. The toolbar that I recommend is Google. It has a pop-up blocker and other useful features.

OK. I need some help getting rid of this "Bridge.dll" Error pop up.

Your main problem is MyWebSearch, which Ad-Aware and/or Spybot - Search & Destroy are able to remove. Make sure that the detection data-files are up-to-date.

Once you have run one or both of these utilities, rerun HijackThis and post the new log.

Once things are cleaned up, there are also some free prevention measures you can take, including SpywareBlaster and SpywareGuard.

I am getting a BRIDGE DLL ERROR.

Not too much going on here, fortunately. Remove these:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Here's some to remove for being worthless drags:

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A couple of things you should update:

WinZip to v9.0 (security)

Sun's Java JRE (newer version)

Having the same issue. When clicking on desktop icons the screen goes blank and then refreshes without opening. also unable to open the control panel.

I moved your original post to its own thread and answered it there. Sorry you didn't find it the first time!

ok im not really following, so if I have 256 256 128 128 then i would not be getting as good performance as if I did just 256 256?

No, that two pairs (128/128, 256/256) beats one-pair-plus-one (128/128, 256/0)--depending on the hardware. This also assumes that you have Windows 2000 or XP, since Windows 98 will choke on more than 512 MB.

Trying to open any shortcuts, my computer, or control panel results in all icons disappearing and then reappearing but without the item opening.

You have several problems, including IncrediFind and Hungry Hands. Before you remove anything, run Ad-Aware and/or Spybot - Search & Destroy. Make sure that the detection data-files are up-to-date.

Once you have run one or both of these utilities, rerun HijackThis and check for the following items. If they are present, remove them:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)

O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)

O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\hhU.dll

O4 - HKLM\..\Run: [rbenh ml710e] "C:\Program Files\RBEnhance\rbenh.exe"

O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://streamp.babenet.com/cabs/videox.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)

O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\hhU.dll

EVERYTHING SEEMS TO WORK AGAIN!

Is it safe to turn windowblinds and cursorxp back on?

Cool! :cool: Yes, you can turn them back on.

My home page in IE is now about:blank. I can manually remove all appropriate registry entries (startpage, etc), and then if I click on the IE icon the arrow turns into an hour glass for 15 seconds or so, then back to an arrow. If I then look at the registry, everything is again set to about:blank. If I click a second time, IE does open.

Before you remove anything, turn off System Restore to keep stuff from coming back. While I cannot identify the hijacker, I can identify which files to remove. You need to remove the 02 - BHO (browser helper object) item, as well:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ankli.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ankli.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ankli.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ankli.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ankli.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ankli.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {D38BDAB3-3A14-45EE-B059-5EFF27D479F4} - C:\WINDOWS\System32\ankli.dll

After fixing, reboot into Safe Mode and delete C:\WINDOWS\System32\ankli.dll

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Here's three resource wasters to remove:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - Global Startup: …

Here is the Log -- 041304

You have multiple problems. After you fix these, you may have a problem connecting because one of your bits of malware has replaced part of your Winsock chain with its own stuff. Here is the link to LSPFix, which should help.

musemaker then responded with: It worked! And here's the process order:

* Run LSPfix.
* Delete all Dial-up adapters and network protcols.
* Delete all Winsock and Winsock2 registry keys.
* Under Add/Remove programs uncheck all of the listings under Communications.
* Reboot and then add back ALL the Communications items (although netmeeting and chat weren't necessary). It didn't work for me the first time as I have no need for a dial-up adapter, but it is the only way to get Windows to add back winsock2.
* Reinstall network protocol settings.

Also, there are some free prevention measures you can take as well, including SpywareBlaster and SpywareGuard. Considering the number of machines you deal with, they might lighten your load.

Now on to what your HjT log shows, and what should be removed:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch

O4 - HKLM\..\Run: [slmss] C:\Program Files\Common …

I get red Xs instead of the pictures, I know they are there as when I reload it or right click show picture it's there.

Your HjT log looks clean. It would appear that your problem lies elsewhere. Note that one image did load. To start with, check this link (image-loading-problem patch). I'll also look into it further and report back.

my life's been a living hell for the past few days with this computer problem.

I see your problem. You have WindowBlinds installed, a clever hack that wedges into the desktop. You have two hijackers: MyWebSearch and HungryHands. The result is massive confusion as the hijackers don't "understand" WindowBlinds.

To start, you need to boot into Safe Mode and disable WindowBlinds/CursorXP, then boot into the normal desktop and run
Ad-Aware and/or Spybot - Search & Destroy. Be sure to update the detection data files before running either program.

After your scan(s), re-run HjT and see if the following have been removed:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program
Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\hhU.dll

Here's one that should be removed, as well:

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

You can read more in my articles and links. See my signature below.

i just reformated my computer and im having a problem. :sad: i didnt make a back up of the drivers and now when i try to install windows its saying the drive is not ready and i dont have a driver floppy disk im trying to find a disk for a Hitachi GD-2500 dvd rom can anyone help. :cry: i dont know that much about computer but i know a little.

No driver is needed. As far as I know, no Windows XP driver is even available. A CD-ROM or DVD-ROM drive is automatically recognized by the system as an ATAPI device. It's the programs recognizing the firmware that make it more. If it's not being recognized, there may be a hardware problem. There have been no hardware changes, have there?

I use Frontpage to design my website...it is very user friendly, a windows based program.

And very Internet Explorer-centric. By default, it creates pages that have problems under Mozilla, Netscape, Opera, and other browsers--and that's under Windows. From character-set choices to the embedded tags it uses, FrontPage is just a bad choice all-around.

That's also worth a shot, but I'm pretty sure HJT would list anything in the hosts file (other than localhost), I've seen it do that before.

Thanks for reminding me. You're right, but the linked page does have some good tips. Just trying to cover all bases, I guess.

I'm interested in buying a laptop for school as well as for work. What are the pros and cons for buying a new or a used machine.

The drawbacks of buying a used laptop are mainly that you don't know how many hours of use that they have had--and no indication of how knocked-around it might have been. Batteries and LCD backlights have a finite lifespan, and both are expensive. I have seen horror stories, even on this site, of people buying a machine that seems fine for a day or so--then crashes-and-burns.

Add to this the fact that a used machine is likely to be "behind the curve" with respect to performance and installed software--and the recent drop in prices ($850 will buy a decent machine these days) indicates that, unless you get a hellaciously low price on a used one, a new one is actually a better value. Also: new machine, new-machine warranty. Of course, your mileage may vary.

Is there any way there could be another setting, or registry key, that could pertain to this problem?

Yes. You may also have a problem with your Hosts file. See http://www.mvps.org/winhelp2002/hosts.htm for information on where to find it and what to do with it, including using it to block ad cookies.

I would also manually clean out your Temporary Internet Files, as well. See Microsoft's Really Hidden Files for more on this issue (warning: potentially offensive site-name and email address).

When I start explorer a different home page pops up and I have begun receiveing many pop ups.

This appears to be a CoolWebSearch variant; hopefully, the newest CWShredder will take care of it. Another possibility is the IEFEATS.A Trojan, though this seems less likely. One good bit of advice from that page, though: remember to turn off System Restore before searching for and deleting these files to remove infected backed up files as well. Also, make sure that there's nothing else running when you run CWShredder or HjT.

I have listed the problem files. After performing the above steps, create a new HijackThis logfile and make sure they are gone. The ones below the tilde-line are optional.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4nb.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4nb.hpwis.com/

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\ietq\mssearch.dll

O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install

O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.dll,Install

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

i've a 80G seagate barracuda 7200.7 which was installed with win xp pro and the master drive. i reformatted it recently n now i can't reinstall my windows xp for some reason.

Have you tried putting the ST drive as the master on the secondary IDE channel?

Please repost your log as a flat file. Your log-file was truncated when you posted it as "code".

i got a question about ram, i have:

slot1: 128 / slot2: 128 / slot3: 256 / slot4: nothing

could i get another 256 and put it in slot 4?

Yes. Another aspect depends on which processor and motherboard that you have. If it's a Pentium 4 with a 533 or 800 MHz front-side bus, pairs are best, anyway. If that's the case, you are taking a performance hit right now by not having 2 pairs.

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programfiler\WinZip\WZQKPICK.EXE

One more suggestion: make sure that you update WinZip to the newest version 9.0 because of this vunerability -- or use the free 7-Zip instead, which is more powerful.

i've a 80G seagate barracuda 7200.7 which was installed with win xp pro and the master drive. i reformatted it recently n now i can't reinstall my windows xp for some reason.

As recent as your motherboard is, I doubt that a size limit is your problem; the limit is probably 137 GB under XP. In fact, your dynamic drive overlay may be part of your problem. If the drive is not the boot drive, the DDO may not be being read properly and lead to what you are seeing.

I removed the coolwebsearch prog from my computer, but now my browser, instead of directing me to smartfinder.biz, it takes me to a blank screen at http:///.

Your logfile looks pretty clean, except for one thing:

O2 - BHO: OsbornTech Popup Blocker - {FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} - C:\WINDOWS\System32\mshelper.dll

From another post, this appears to be a CoolWebSearch variant; hopefully, the newest CWShredder will take care of it.

You may also have a problem with your Hosts file. See http://www.mvps.org/winhelp2002/hosts.htm for information on where to find it and what to do with it, including using it to block ad cookies.

The following should be removed, but that's optional:

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

I have a problem when I try to open the outlook express to check my emails, because it freezes, and I can't even go to tools or whatever.

My computer runs win 2000. Everything runs well, except the outlook express. I had reinstalled ie6 with outlook express, but the problem is still there.

How about your service packs? Your patches? When you got to the Help menu About item, what version of IE does it show? Have you scanned for viruses? Adware/spyware?

You should also download and run HijackThis. Please see my article and links in my signature below.

Worst-come-to worst, as a temporary solution you can download and use Mozilla. It has both browser and a mail reader--no home user should be using OE anyway, due to massive, unfixable security holes.

And now there is not an Internet connection. There was one there, but not now. He connected to the Inter via network. he can get on the network just fine to do his grades, attendence and e-mail (Teachers can't live w/o e-mail).

One of your likely bits of malware replaced part of your Winsock chain with its own stuff. When you removed it, you "broke the chain". Here is the link to LSPFix, (<- clickable link) which should help.

musemaker replied with:

It worked! And here's the process order...

* Run LSPfix.
* Delete all Dial-up adapters and network protcols.
* Delete all Winsock and Winsock2 registry folders.
* Under Add/Remove programs uncheck all of the listings under Communications.
* Reboot and then add back ALL the Communications items (although netmeeting and chat weren't necessary). It didn't work for me the first time as I have no need for a dial-up adapter, but it is the only way to get Windows to add back winsock2.
* Reinstall network protocol settings.

I want to be able to start these offline, so others don't see the automatic *x has signed in* messages and then I can choose whether or not I go on-line, or block or whatever. This would be useful at home on MSN6.1 but even more useful in work Windows Messenger 4.7

GAIM can do this.

I did all you said and this is my new log:

There's a couple of others that will be useful to remove. Have only HjT running and remove these entries:

O4 - HKLM\..\Run: [LoadQM] loadqm.exe
Microsoft "trickleware"--potential spyware. Causes slowdowns.

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
Never very useful and no longer needed.

I also recommend that you update your Acrobat Reader from v5.0 to v6.0.

Have run Adaware and Spybot S&D, but just to make sure

No, a few things are left behind--or you have been hit again. Remove these keys:

R1 - HKCU\Software\Microsoft\Internet Explorer,Default_Search_URL = http://www.searchnow.ws/search/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://best-search.cc/search.php?v=6&aff=2567500

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blinkpro.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2000 Pro\Search Bar.htm

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html

R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

O4 - HKCU\..\Run: [iedll] C:\WINDOWS\iedll.exe

These two are resource wasters, and not needed:

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

After a reboot, find and remove these files:

C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

C:\WINDOWS\iedll.exe

That should do it.

When I open internet explorer page (after connection to the net via dial up [which connects fine]) it displays the DNS error page stating that it cannot display the website etc and cannot connect. This is also the same with MSN!

Any ideas?? What info do you need to help with this?

MSBB is part of a known spyware installation, and can be removed with Ad-aware or Spybot Search & Destroy (Ad-aware is easier, Spybot - S & D is more powerful). Make sure to download the updated data files, as well. You may have to download these and burn them to a CD at a different machine.

If you are unable to connect after the cleanup, let us know. I don't want to overload you, first pass.

If I reinstall don't I have to reformat my hard drive? How do I repair?

If you have the full Windows XP CD, you can run Repair Mode from the CD. If all you have is the OEM disc, read your instructions or go to your manufacturer's web site for further instructions.

My redhat 8.0 box froze up yesterday leaving me no chose but to powerdown. now it wont boot. it getts going but then starts doing file system checks and drops me in to a recovery shell so i can run fsck and e2fsck.

is there a way i can kick this box back in to life without the full re-install?

Use Knoppix. See my sig.

Hey boys ! I've been hijacked.

Remove these keys:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\System32\mihaba.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\System32\mihaba.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\System32\mihaba.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\System32\mihaba.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\System32\mihaba.dll/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\System32\mihaba.dll/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
about:blank

O1 - Hosts: 213.159.117.235 #uto.search.msn.com

O2 - BHO: (no name) - {13D48D0E-FEDC-416B-92BA-D86B6A3FADAE} -
C:\WINDOWS\System32\mihaba.dll

Other than that, you are clean.

I did however find these:

106yzgmz
2ih7t8y
3tgtylzz
9995wko3
b49ihxt1
d382kjdp

are those good files, or should they be removed also?

Remove them. Remove the backups, as well.

I've been hijacked.

Remove these keys:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\System32\mihaba.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\System32\mihaba.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\System32\mihaba.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\System32\mihaba.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\System32\mihaba.dll/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\System32\mihaba.dll/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
about:blank

O1 - Hosts: 213.159.117.235 #uto.search.msn.com

O2 - BHO: (no name) - {13D48D0E-FEDC-416B-92BA-D86B6A3FADAE} -
C:\WINDOWS\System32\mihaba.dll

Other than those, amazingly clean.