hard drive has started running on its own? laptop dead slow

If you have Kazaa and Grokster installed, uninstall them.

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps below:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Scan Spyware is a rogue tool and not to be trusted. See: http://www.spywarewarrior.com/rogue_anti-spyware.htm

 

You did not install HJT as requested. You installed it exactly where requested not to install it.

C:\Documents and Settings\jacko\Desktop\HijackThis.exe

 

Download LSP - Fix

Run LSP-Fix.

Check the Box labeled "I know what I'm doing" and then click on the newdotnet6_38.dll file (in the “Keep” section) to select it.

Then, Select the >> button to move newdotnet6_38.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.
If it is already in the Remove section, just click Finish.

Do you know what the below it for?
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe

 

To get hijackthis.exe extracted from the ZIP File into the location we requested do the following.
The below will work for WinXP based system since it can deal with ZIP files.
You need to create the C:\Program Files\HJT folder. Do the following:
- Click START and select Explore.
- Select the drive where Windows is installed (normally C
- Navigate to the C:\Program Files folder and select it.
- Now click the on the top menu where it says File and then select New.
- Then select Folder
- A new folder is created and highlighted.
- Just type HJT to overwrite the default name (New Folder)

To extract hijackthis.exe:
- locate the HijackThis.zip file you downloaded and right click on it
- Select Extract All and click Next
- Browse your way to the C:\Program Files\HJT folder created above
- Select the folder and click Next

 

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing <--- LSP-fix may have fixed this already


After clicking Fix, exit HJT.

Boot into safe mode and use Windows Explorer to delete:
c:\program files\newdotnet <--- the whole folder


If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.


Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

You did not indicate how things are working.

Did you fix those lines with HijackThis and did you reset web settings exactly as requested?

You must not have C:\Program Files\Internet Explorer\IEXPLORE.EXE running when using HJT !

 

You should have indicated that when you posted your log. Not a problem! It was probably already gone.

Answer what I asked in my last message?

 

I already said

You really should not be online while doing these steps. Unless you are posting from another computer.

 

Okay! So are you still having any problems?

 

You're welcome. Now that you are clean, let's try to keep it that way by following the steps in the below thread:

How to Protect yourself from malware!

 

IE is not defunkt. You will still need it to connect to some websites. Especially Microsoft sites. Without it, you cannot do updates. Make sure you fix the settings as directed.

I would expect that all the default settings in Firefox should work OK.
When did you get the message about majorgeeks? When you connected to www.majorgeeks.com or when you tried to login to the forums?