malware removal - I don't its name!

Couldn't do it because "file is being used...."

Ran Avenger and got the attached log file - got the same answer "can't rename etc." when I tried moving Hosts into a new Hosts folder!!

 

It is attached to this one!

 

Round 1 : Windows ahead on points!

 

Round 2 : TimW wins with a KO!:clap - see attached log.

Unfortunately, screen repainting and opening anthing is still very, very, sloooow.

I am now going to reboot into SafeMode to run smitfraudfix.

 

I finally got into Safe Mode without difficulty and ran Smitfraudfix - I attach the log file.

Incidently in Safe M|ode I noticed that the speed of response was much faster - normal in fact.

I trust my attempt at humour is now clearer

 

I have no idea - I do not improvise when following your instructions, especially when operating in Administrator mode and manipulating system files, even in the unlikely event that I see another way of doing what I think you want me to do.

 

here they are attached.

No I didn't, though I did inadvertently select that mode - however I will try it after this message.

As for Device Manager, do I not have to be logged on as Administrator to see it? I have seen the directory with the marks you indicate and indeed resolved a conflict issue 12 mnths., but at present I find only MSN device manager. I have for the last few weeks logged on as a user, because it is more secure. How do I change that to Administrator? Windows Help is frigging useless in this respect!

 

Opened in Safe Mode Networking with the same speed of opening Photoshop as was normal afew weeks ago - i.e. bloody fast!

Another curious thing, when shutting down Windows I always close important programs (Opera, Word, Photoshop, etc.) before selecting Turn off Computer on Start Menu. The last 2 or 3 times I see a pop-up saying that Opera is not responding and am given the option to End Now or Cancel. Which is curious because this last time I am 100%certain that Opera was shut down before logging off.

 

There is nothing shown.

I monitor Task Manager almost on a daily basis and the only abnormality I note is that Opera starts off (after a shutdown) running at 14Mb memory use and over a few days increases to 250Mb and 50% memory use. There definitively is not a second image running.

I do all here, as a general rule, once a week approx.

I have this time! And I swear I did last time, but obviously I am not doing something to ensure their attachment.

 

I don't f****** well believe it!!:banghead
No attached files?
Let's try again.

 

Bloody good job, then, that I didn't try to delete it! When I did a mouse-over it showed up as an MS file which, despite their crap reputation for issuing half-baked software, I doubted very much was a trojan! Incidently, when something is corrected, as chaslang did on this occasion, it would be much, much better if it were clearly and plainly stated that "xyz is wrong and should read abc" - not hidden in "edited by nnn". Don't forget that your reader may not be the most observant! I barely noticed the correction, but I was already suspicious of the statement about vmiprvse.exe.

HJT is resident on D: because it is my default backup USB caddy. Will you please tell me why the fact that HJT is run from D:, not C:, makes any difference, when the files being checked are still all on C:?

On the subject of my redundancy of security programs, I have uninstalled Ad-Aware 2007 and SpyDetector. I am loathe to uninstall anything else because they have been present, with the exception of a2Free and Sophos Anti-RootKit, since before this current speed problem manifested itself, and therefore are not culpable. I might add that I installed a2Free simply because it is recommend by this forum as a useful addition to firewall protection.

 

I overlooked two points made by chaslang - the first is regarding

which I have uninstalled (no idea where that came from!!).

The second point regards

which again sneaked in under my radar but is now uninstalled.

I tried to uninstall CounterSpy but am unable to delete some files because "access is denied" - there is no uninstall provided by the program. How can I overcome this denial of access? please.

 

In the meantime I removed the surplus security programs and everything is now running at normal speed! So, problem solved.

Thank you very much indeed for your help.