Matt

Hi illmatic rob! Welcome to Besttechie! I will be assiting you in cleaning p your computer! Please print out these directions and all directions I give you for use if/when you cannot access this page. One thing I need you to do first is to place HiJackThis into a permanent folder. The reason for this is so that when HJT makes backups, they will be stored in a safe place. *Go to Start > My Computer > and double click on C:. * Now right click an open area and click New > folder and change the folder name to HJT. * Extract HijackThis from the zipped file into this new folder. First,

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Found this sweet site; not sure how long its been around, so you may already know about it. Its called Pandora. The idea works like this: Once you have an account, you tell it artists/songs you like. It will create a full-fledged radio station streaming songs by the artists you said you like AND Artists its finds is similar to your likings. If you it plays a song/artist you don't like, just tell it, and You'll never hear it again. I find it very cool, and love having my own personalized radio station! Very Cool!

Hello everyone! Neat game you got here Bubba Bob, I see if I can find some clever pics for this. Just a reminder folks, Please be courteous to those people who host these images. While we have no rule against hotlinking images, it isn't proper netiquite, as it can cause the hoster to suffer. It would be nice if for images you are going to use, you create a photobucket or similar account to store them. Just common courtesy the net.. Carry on..

Glad I could help! Its great to hear you got it back to normal! I live about 40 miles north of cincinnati, but oddly, I am a Bills fan (go figure, lol) The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again. Firefox- Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera is good as well. Spybot Search & Destroy - Uber powerful tool

Hi Heydc, I will be taking over for Danny as he will be out for a few days. Sorry for the delay. Since it has been a while since your last post, lets run a few things. Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at

Copy the contents of the Code box to notepad. Name the file out.reg Save as type:All files Save it someplace where you will remember it, like the desktop. REGEDIT4 [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoChangingWallPaper"=- "NoAddingComponents"=- "NoComponents"=- "NoDeletingComponents"=- "NoEditingComponents"=- "NoCloseDragDropBands"=- "NoMovingBands"=- "NoHTMLWallPaper"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoActiveDe

Hi Ineedsanswers, I will be taking over for Danny as he will be out for a few days. Sorry for the delay. Since it has been a while since your last post, lets run a few things. Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click

Hi greenswyzl! Welcome to Besttechie! You'll love it here! Mac's a great guy, and anyone he invites is welcome! Enjoy!

garmanma, Please print out these directions for use when you cannot access this page. Please download FixWareout from one of these sites: http://downloads.subratam.org/Fixwareout.exe http://swandog46.geekstogo.com/Fixwareout.exe Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Plea

Just making sure, Jotti's malware scan came up clean on both files? Can you post me the results from the Jotti Scan anyway? Boot into Safe Mode: Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Once in safe mode, find and delete the following folder: C:\Documents and Settings\Mark\Favorites\cool stuff Boot back into windows normally and post those Jotti reports for me. After that, tell me how your system is running. Matt

Please go to Jotti's malware scan Copy and paste the following file path into the "File to upload & scan"box on the top of the page: C:\WINDOWS\bootstat.dat [*] Click on the submit button Repeat the steps with the following file also: C:\WINDOWS\system32\SHELL32.dll [*] Please post the results to both scan in your next reply. Please download Rootkit Revealer (link is at the very bottom of the page) Unzip it to your desktop. Open the rootkitrevealer folder and double-click rootkitrevealer.exe Click the Scan button (bottom right) It may take a while to scan (don't do anything while it'

Try changing your background as you normally would. Does it work? Download WindPFind Extract WinPFind.zip to your c:\ folder. Reboot your computer into Safe Mode Then open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

Great news! I got it fixed. Thanks to Aaron (from the chat) I was sent here. Worked like a charm. Thanks for all the input everyone! Matt

No I havent, but I will do, thanks marty. You dont think it is actually a vital folder, and criple my system if i lose it do you?

It is a Dell, but marty, this huge size points directly at this folder. It cant be an unknown partition because it would not say an empty folder is over 6 gigabytes, it would just show the harddrive as not adding up correctly. There's something wrong with this folder...

As far as I know, you cannot uninstall IE on an XP machine. However, do you know of a way? I've never been able to..

True, but I really doubt that has happened. He guards the thing like its his life. If nothing else works, I will check however.

Hey Bubba Bob, yep. folder's still empty. Ive tried deleting it, but windows wont let me, says its vital to its functioning..

Tony, he's never been connected to the internet..

Here's something odd. While searching for what's eating up my step-dad's harddrive, I came across his temporary internet files folder. Under properties, it is listed as a little over 6 Gigs. The weird thing is, he's never been connected to the internet. There were two files in there, and I deleted them. But the folder remains over 6 gigs, even though it is empty. All hidden files/folders are showing. Ive gone through all the methods I can think of to clear Temp. Internet files, and nothing changes anything. Why is this folder reporting such large contents even though it is empty, and h

Boot back into Safe mode Once in safe mode, find and delete the following folder: C:\ProgramFiles\Topconverting\ Reboot your computer into windows normally. Please download the Killbox by Option^Explicit. Note: In the event you already have Killbox, this is a new version that I need you to download. Save it to your desktop. Please double-click Killbox.exe to run it. Select: Delete on Reboot then Click on the All Files button. [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\WIND

Hi rfert! Welcome to Besttechie! I will be helping you clean up your computer! Please print out these directions for use if/when you cannot access this page. Your log is pretty clean, just a few things to take care of. Please scan with HiJackThis, and place a check next to the following items: O1 - Hosts: 137.99.107.146 sbvacuum O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D

garmanma, after running that, how is your system running now? Your log is coming up clean, but so did the smitrem log. Is your desktop still hijacked? Are you experiencing any more issues? Matt

garmanma, you are doing someting incorrectly, or there is something wrong with your download. The log you gave me is not nearly as long as it should be... Let's try again. Download smitRem.exe ©noahdfear, and save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop. Next, please reboot your computer in SafeMode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8. Instead of Windows loading as normal, a menu should appear Select the first option, to ru