It shouldn't look like that if you are clean! Here they've 'removed' the entire hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows key...
Jooske - just thought I'd let you know I forwarded the file I recieved to submit@diamondcs.com.au
Actually - altho' I can't pin it at this point I think I would try the 30 day trial of TDS-3 if you haven't already http://tds.diamondcs.com.au/
Should be this one O4 - HKLM\..\Run: [SysUpd] C:\WINXP\sysupd.exe plus the O1 hosts entries...
I'm not entirely sure what's up with the exe file association What shows for an '.exe' entry under HKEY_CLASSES_ROOT What you could try is to...
Actually - I don't recognize it at all What have you previously removed by way of R1 R0 entries ?
I'll see if I can figure out what it was let me know if it comes back
Whatever it is - It'll take me a while to sort out - it's encrypted and has a bad DOS header (if it's a real exe ? ) If you can get it off the...
Are you simply typing notepad or notepad.exe Can you look in C:\windows and c:\windows\system32 for a 'notepad.com'(instead of exe) and can you...
Can you forward that file I asked for - or is it not found?
Me stupid = not around for a day or 2 and I'm a 1R :-[ Listen to FAL - she knows what she's talking about Here's another possible link...
Let's get rid of some not so necessary stuf with HJT - but save the backups - you may want to put some of these back O4 - HKLM\..\Run: [MSConfig]...
If this fails then ------ Download about:Buster from either of the following locations. http://www.atribune.org/downloads/AboutBuster.zip or...
Re: Recurring Trojan Horse Dialer ..... 8)
The folder should be there - it's part of IE - but it shoudl have 4 (mostly) empty subfolders
Have a look again for it or as an alternate name such as __NS_Service_2 or similar Wee could try guessing that frying these 3 files might resolve...
start by fixing the file association for exes http://www.dougknox.com/xp/file_assoc.htm Run HijackThis again, push Scan and place a check mark...
I edited the above It's along the lines of the one at http://computercops.biz/postp211843.html You'll want to terminate the "Network Security...
Additionally - I don't recognize ""zremote.sys"" ------- edit = hold on I've just glanced through it again and seen this Network Security...
Before you try anything Download Process Explorer Unzip the package to a location where you will keep it for future use. Run the extracted...
It's likely LOP trying to install as a result of installing O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe" In...
I didn't see anything and thought it might be false positives
Does turning off teatimer (from within SpyBotSD) help ?
There are indications of further problems R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank Download FindnFix...
Use Taskmanager (Ctrl-Alt-Del) to end these running processes if you can (or use Process Explorer) C:\WINNT\system32\enptuu.exe Run...
Separate names with a comma.
