Tarun

Create a new admin user and then delete the old one.

Just part of the tools I make use of when I work.

You can save the batch file to your desktop. Unlocker may be a better method for you.

O4 - HKLM\..\Run: [plvhirg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\plvhirg.dll,sknyisb To delete this line, enter this line in a notepad. cd C:\Windows\System32\ del /f /q plvhirg.dll Save As... DeleteMalwareDLL.bat Or, you can get Unlocker and navigate to C:\Windows\System32, then use Unlocker on the plvhirg.dll. Also, schedule a boot-time Avast virus scan to remove all the malicious files.

Because they do not have to be deleted, as they are not malicious. However, if you delete them there will be a performance boost or other positive effects such as faster bootup, etc.

You can use VistaBootPRO to clean up the new boot management.

Have you tried Dial-a-fix?

Dial-a-fix can repair your permissions.

Start > Run > notepad Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion] "RegisteredOwner"="YOUR DESIRED NAME HERE" Save as... RegOwner.reg

I personally do not trust anything that was at one time listed on the Spyware Warrior Rogue/Suspect Anti-Spyware page. From their site: Note on Spyware Detector: Spyware Detector was listed on this page because of concerns with false positives. Testing with the latest version of Spyware Detector indicates that the problems with earlier versions have been satisfactorily resolved. Thus, we can no longer consider Spyware Detector to be "rogue/suspect" anti-spyware.

The optional items are totally safe to delete (and recommended) too.

Still shows this picture badly on my site.. This may be why: <span id="joomla" style="filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(src='http://www.wincert.net/templates/jw_onemorething/ images/omt_joomla_trans.png',sizingMethod='scale');"></span> DXImageTransform.Microsoft.AlphaImageLoader caught my attention. I might try... <span id="joomla"><img src="http://www.wincert.net/templates/jw_onemorething/images/omt_joomla_trans.png" alt="Technews" title="WinCert.net Tech News"></span>

Those are old generic DNS server IPs. They were first with AT&T and slowly spread out. The ones offered in the original post offers Anti-Phishing and better speeds.

Reset everything in IE7 to the defaults.

Cleaned out misinformation again. More vital services and other items were being ripped out. If people are unsure what something is, do not guess, just want for someone who is an expert in the field to post. Tal, once you have completed all of the scans please post a new log. Closed

Incorrect. If they were to return there would be a name and a file associated with them.

It's late and I had a busy day so I'll chat with you tomorrow about it

Avast - English

Run Avast and then my Anti-Malware Pro package (just updated it tonight with the rest of my site)

I did read your post thoroughly. If you had checked off items like these and did the fix, they wouldn't return. Items such as these wouldn't be there again. O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: (no name) - {7B6020C8-7F87-70B3-1AAC-B50F918B8A79} - (no file) Do you need more help with using HijackThis?

Refer to this post, as nothing has changed. What to do in HijackThis: Scan for a log but do not save it. Next, every item listed in the referenced post should have a checkmark beside it in HijackThis. After they have been checked, you click on Fix Checked.

Still shows this picture badly on my site.. This may be why: <span id="joomla" style="filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(src='http://www.wincert.net/templates/jw_onemorething/ images/omt_joomla_trans.png',sizingMethod='scale');"></span> DXImageTransform.Microsoft.AlphaImageLoader caught my attention.

Looks fake to me. Poor grammar and everything in it as well. Notice how there are no spaces after the commas for each continent/area?

Indeed, don't use them. The parts of upgrading IE is right on; but actually using the browser... ...what's the point?

The post was removed due to incorrect information that was provided telling the user to remove services and other needed files through HijackThis when the files existed and were properly functioning. HijackThis has a bad bug where it can report items such as services as missing when the files actually exist. This is further proven by reading the running processes of the user's log. Help with HijackThis logs is appreciated; however, not reading the logs fully with a proper analysis is not appreciated as you are essentially telling the user to rip out vital parts of their services and other required items for functionality. Two of the four Avast services are listed as missing as seen below. Now, looking into the running processes we find the following. Clearly, we can see that the "file missing" reports from HijackThis are not actually missing, but are present and running properly. Again, helping with the HijackThis logs is fine; but please read over them completely and nothing less. As the user has posted a new log and this one does not need to be remain open for further discussion, this topic is now... Closed.