gerbil

This is a pretty common action taken by some malwares to decrease the chance of their being detected. ==Please download Malwarebytes' Anti-Malware from: [url]http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html[/url] or: [url]http://www.besttechie.net/tools/mbam-setup.exe[/url] =Dclick that file, mbam-setup.exe, to install the application, -ensure that it is set to update and start, else start it via the icon. Select …

Hello, spyder, your sys has been knocked silly by some malwares. Being midnight in Aust Cohen has likely wandered off to bed. I see these things in running processes: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup.exe So, delete the folder C:\Program Files\Malwarebytes' Anti-Malware Rename this file C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup.exe to mambo-sup.exe …

Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked. R3 - URLSearchHook: (no name) - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - (no file) O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n …

Hello, irish. Something has damaged your boot sector on the systemdrive. You will need the Recovery Console from your installation cd, and the commands you should run are: chkdsk /r -see if the sys will start after this completes; if not, then: fixboot

Userinit is normally a value [name] in the Winlogon key, and not a subkey of Winlogon. It's data entry would be C:\Windows\system32\userinit.exe Could you export and post that Winlogon key please [before you rerun MBAM]?

This arises because Windows remembers all removable storage devices connected to it, the reason being that it tries to keep track of the file structure that it used when it accessed that device last. Windows cares nought for the drive letter or the drive name you give because you can …

Practice your reflexes on the Pause/Break button to see if you can capture that blue screen. Enter key to continue..

Hello, sham... you have some dodgy registry keys which were used once to unregister your shell32.dll, possibly so as to modify it, so let's fix those and see where we can go from there. Unfortunately at the moment I do not know what software is behind it. Start hijackthis, select …

Delete this file, mobius: C:\DOCUME~1\Ryan\LOCALS~1\Temp\stf8D.tmp I do not see what was used to start it running.

Hello, Graham... ==Download SmitfraudFix (by S!Ri) from [url]http://siri.urz.free.fr/Fix/SmitfraudFix.zip[/url] Extract the content (a folder named SmitfraudFix) to your Desktop. - Restart your computer in Safe Mode. - Open the SmitfraudFix folder and double-click SmitfraudFix.cmd, select option #2 - Clean [type 2 and Enter] You will be prompted: "Registry cleaning - Do …

There is a very good chance that you have been hit by a malicious software that as part of its actions to protect itself disable Safe Mode. What version of XP are you running? Sp number?

Start with this: ==Please download Malwarebytes' Anti-Malware from: [url]http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html[/url] or: [url]http://www.besttechie.net/tools/mbam-setup.exe[/url] =Dclick that file, mbam-setup.exe, to install the application, -ensure that it is set to update and start, else start it via the icon. Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps. …

==download hijackthis: [url]http://www.majorgeeks.com/download5554.html[/url] -copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe -in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis. -click …

Please post that Hijackthis log, you have more than Ispynow on the machine, I think. Delete the copy of MBAM installer [mbam-setup.exe] from your machine, load in a fresh copy from your flashdrive, rename the MBAM installer to mybam-setup.exe, run it. It should work. Then: -ensure that it is set …

Hello, ranger, start with this: ==Please download Malwarebytes' Anti-Malware from: [url]http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html[/url] or: [url]http://www.besttechie.net/tools/mbam-setup.exe[/url] =Dclick that file, mbam-setup.exe, to install the application, -ensure that it is set to update and start, else start it via the icon. Select "Perform Full Scan", then click Scan; the application will guide you through the …

Task Manager. Urk. The figure at the foot of the PF Usage chart is in MB, all other figures are in KB, and the conversion factor is 1024. PF Usage is a misnomer in Task Manager. But the figure at the foot of the Page File Usage monitor is the …

Hello, Salman, I hope things have calmed down considerably over there. Your surfing... I have a problem in that your system has a net filter placed on it on your account [your log-in], and I do not think that I should advise you about removing it. Moving on.. your version …

Without another sys to load programs from, I can only suggest that you search Docs & Settings for files with these names [I don't have some of the extensions]: nah_jpde.exe runhh6110411.exe learn32.dll mscscc.dll rehh vigrs Ina comm3 fsh1 ..and delete them. Once [if] you find some then note the file …

The first is a system file, the others pests. ==Please download Malwarebytes' Anti-Malware from: [url]http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html[/url] or: [url]http://www.besttechie.net/tools/mbam-setup.exe[/url] =Dclick that file, mbam-setup.exe, to install the application, -ensure that it is set to update and start, else start it via the icon. Select "Perform Quick Scan", then click Scan; the application will …

They may actually have the same name as you. You would not normally know their address details. Email them, say Hi.. we share the same name, tell me about yourself..... Well... nigerians fool ppl into giving them bank account details.

My head is spinning from thread hijacks, moving posts.... wheee.. :) Oos, glad you had some malware for Smitfraudfix to work on... it gets dissatisfied if it cannot find any to fix when requested to do so by choice #2, and busts your desktop as revenge. I targetted a specific …

if you can get to safe mode use your xp install disc to run sfc /scannow

codec stands for coder/decoder. As an example, a music file will be encoded, possibly mp3.. the codec unpacks the music from the encoded file, and can also create an mp3 file. Codecs install to [or should be placed in] the folder of the program which will use them. Windows standard …

I think you may have been infected by what was once a simple worm which disables that option so to hide itself. ==Please download Malwarebytes' Anti-Malware from: [url]http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html[/url] or: [url]http://www.besttechie.net/tools/mbam-setup.exe[/url] =Dclick that file, mbam-setup.exe, to install the application, -ensure that it is set to update and start, else start it …

We have a solution to the (too much pie) problem, if you need it...?

Umm.. yes they did: "noticed that one of his hdd on his raid 1 had gone bad..." It could be that your RAID controller is having a near-death experience, like the vid card. It may be having trouble doing dual disk reads? I would split the array, back out of …

Well, no, not without knowing what it was doing. What you have is just a name composed of random letters or groups of letters from a selection the trojan uses. Could be a downloader, backdoor, worm... cannot say without knowing its actions.

Caper, don't do that! Bring back the crook chook. Hello, Mr Wanderer, lessee if this works for MBAM: go into Program Files\Malwarebytes A-M and rename mbam.exe to myjam.exe. Then dclick it to see if it is still blocked [it should set up for the scan]. Make sure to Update it …

Sam, those are per user settings, so you need to be in this key, and this will make one change you desire: Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Hidden"=dword:00000001 But there is a piece of malware tha makes these changes so I suggest you run this first: ==Please download Malwarebytes' …

Julia, believe jb on RegCure. A waste of money, imo. What it detects are benign and useless things like unassigned file extensions, stored "history" items like MRU [most recently used] lists for applications, and some of the keys and values for uninstalled apps. It won't actually fix anything except by …

I think what you may be looking at is a minor disastor. Or a big one... stuff is likely destroyed by a power spike which got through your PS. Swap in a working monitor. Same no-go? Then BIOS is likely not running. If you have a video card, remove it …

What ws the beginning of the message. some process or other should have been referred to... and if it is new software you are installing there is almost no way you could know what info to load into reistry using regedit etc.

Hello, james. Your hardware setup is fine. Your problem is that Explorer is not looking at the drive root when it starts, so as to catalogue the root directories. Can applications access the drive and related files? Possibly not if you have not used them since the reinstallation... If you …

Mmm.. the drive is USB... so SATA etc should not come into the equation? It would be entirely up to the disk controller to deal with disk interfacing from USB. And USB 2.0 drivers were incorporated in SP! and SP2. I like this bit: "as it'd take longer to fix …

Try: ==This one is a general purpose deleter, Unlocker: [url]http://filehippo.com/download_unlocker/[/url] Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.

..and svchost needs access, cos it controls some aspects of networking. Mine maintains a UDP connection with my ISP, it listens on 135 [TCP], does DNS requests, FTP, handles shared access for http....

If you think that the folders may still be on your desktop, but hidden, go start, run, and enter: cmd In the cmd window enter in sequence: cd desktop dir /a/s A file finder which I can recommend is REST2514.EXE -use another machine to dl it to a thumb or …

Easy as... My Documents: Create a new My Documents folder, close ALL documents!! then rclick on My Documents link above My Computer, properties, press Move, browse to the new location, and OK.

iexplore.exe is internet explorer. It appears when you use that browser and also when malware uses it to go on the web for ads or instructions.. whatever. Your MBAM log shows No Action Taken on all found items - may we assume that you did follow through the instructions, and …

You should not have let your Windows "see" the new drive.... it gave it a signature and a drive letter, and your OS now knows that that disk exists. Your OS does not recognise the disk [partitions, actually] by its drive letter but by the signature in the MBR and …

Well, you don't say what graphics you are running... ie your motherboard graohics or vid card... but rclick a blank space on your desktop, choose Graphics Properties or somesuch... else Properties, Settings, Advanced, then your graphics driver tab... and you should be in a menu like that of the first …

I don't really keep up with the legal aspects of M$'s sales.... but I think it is only grudgingly that they let you have a copy of the software when you buy it. Even then you don't actually own it. The agreement says somewhere that you may make a single …

Jim, it is not a memory problem, it is a problem with a program trying to access reserved memory. In other words, it is caused by some sloppy software, and sloppy software is occasionally found in malware. So firstly: ==Please download Malwarebytes' Anti-Malware from: [url]http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html[/url] or: [url]http://www.besttechie.net/tools/mbam-setup.exe[/url] =Dclick that file, …

It is Hillsborough County Public Schools.. do you or staff have anything to do with this?

You might read this site for information. Chkdsk is normally run at each startup.

ok, here's a boot disc with a recovery console on it; the console runs from the cd so you don't need an xp cd or any files from your C drive. I know it works. All you need is an image burner like Nero 6, CD Writer... Tips... unzip the …

I don't use an mp3 player but I would have thought that there would be some proprietary software loaded onto it to control files on the chip, and I would think that formatting it would risk losing that. If reformatting to FAT32 is what you want then you have to …

==Get CCleaner from [url]http://www.ccleaner.com/[/url] - and install it in a new folder. You should keep this one for general use. Choose carefully at the installation checkboxes, I set them to only open from the recycle bin. It's neater that way, but won't suit your purpose. [you can then run CCleaner …

Heh.. you could run a script FROM that account: [url]http://www.dougknox.com/security/scripts_desc/regtools.htm[/url] . It will require a restart. Or you could load that User's hive [their NTUser.dat file] with regedit from YOUR account and edit the policy in this key:HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System Simplest is to give that ac temporary Admin rights.

A problem with the page file will lock your sys down solid, if it is trying to access it. Think hdd problems.