Now click "Apply to all folders" Click "Apply" then "OK" Now find and delete use the windows search tool C:\windows\btrjsiv.exe c:\windows\qtarvrl.exe Also in safe mode navigate to the C:\Windows\Temp folder. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Logfile of HijackThis v1.97.7 Scan saved at 2:48:06 PM, on 11/20/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe

Reboot normally after doing this & post another log please. Do not confuse scvhost.exe with svchost.exe -- the latter is legit and required in c:\windows\system32 Rollin' Rog, Jan 6, 2005 #2 Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders" Next click on My Computer.

Go to Start > Run and type %temp% in the Run box. Here's my Hijack This Log: Logfile of HijackThis v1.97.7 Scan saved at 9:08:58 AM, on 6/4/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe

Then reboot into safe mode and delete the following:C:\WINDOWS\System32\P2P Networking\ < folderc:\documents and settings\lynn's account\local settings\temp\MGW6.exe < filec:\windows\dllhelp.exe < fileReboot.Please delete your temporary files by deleting all files and folders that Also ensure you do NOT have "hide file extensions..." enabled in Folder Options > View Download and unzip to a convenient location the CoolWebShredder, CWShredder.exe available here: http://www.intermute.com/spysubtract/cwshredder_download.html Then: 1 >> Go to Start > Run, enter %temp% and then click Edit > Select All.

judgesmailes, Jan 5, 2005 #1 Rollin' Rog Use this version of HijackThis and repost with it when ready: Create a new, permanent folder for HijackThis

Its gotta be the "find4u.net" and the mysearchnow.com.Should I deleteR1 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = line as well? When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} -

this is pretty common..but this time i cant seem to get rid of it. here is my hijack this log file.

If it finds anything that it cannot clean have it delete it or make a note of the exact file name and file location so you can delete it yourself. Thanks for your help. There will be no prompts or confirmations. >> run hoster.exe and have it restore your original hosts file >> run the CWS Service remover and have it merge to the registry Empty the Recycle Bin Go here http://housecall.trendmicro.com/ and do an online virus scan.

Also, I generally have to use Netscape to browse because my Internet Explorer usually freezes up. It is strongly suggested that you remove this program in Add/Remove Programs, then fix the related RED 04 item below and delete the associated folder (also in red below). I have absolutley no idea what "Win Min" is, and have no clue how to get rid of this problem..