When i get on the internet my computer restarts. When i start my computer in safe mode with networking then my computer does not restart. Help?

There's a very good possibility that virus/spyware/etc. infections are causing the problems you've described. Given that, I'm moving this to the forum which I think will be most appropriate.

Please do the following:

Download the (free) HijackThis utility:

http://www.stevewolfonline.com/Downl...HijackThis.exe

Once downloaded, follow these instructions to install and run the program:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".

Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

here you go

Logfile of HijackThis v1.99.1
Scan saved at 12:03:54 AM, on 6/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\xipcmg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\LOL\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netster.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust...//my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 69.50.173.4 lycos.com
O1 - Hosts: 69.50.173.4 www.lycos.com
O1 - Hosts: 69.50.173.4 amazon.com
O1 - Hosts: 69.50.173.4 www.amazon.com
O1 - Hosts: 69.50.173.4 aol.com
O1 - Hosts: 69.50.173.4 www.aol.com
O1 - Hosts: 69.50.173.4 earthlink.net
O1 - Hosts: 69.50.173.4 www.earthlink.net
O1 - Hosts: 69.50.173.4 ebay.com
O1 - Hosts: 69.50.173.4 www.ebay.com
O1 - Hosts: 69.50.173.4 go.com
O1 - Hosts: 69.50.173.4 www.go.com
O1 - Hosts: 69.50.173.4 icq.com
O1 - Hosts: 69.50.173.4 www.icq.com
O1 - Hosts: 69.50.173.4 lycos.com
O1 - Hosts: 69.50.173.4 yahoo.com
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [rprhmgrj] C:\WINDOWS\System32\xrcrvihk.exe
O4 - HKLM\..\Run: [qhsrct] C:\WINDOWS\qhsrct.exe
O4 - HKLM\..\Run: [zehet] C:\WINDOWS\zehet.exe
O4 - HKLM\..\Run: [ecyxdgd] C:\WINDOWS\System32\bveg\ecyxdgd.exe
O4 - HKLM\..\Run: [rvxcs] C:\WINDOWS\System32\vukeaf\rvxcs.exe
O4 - HKLM\..\Run: [gbfeo] C:\WINDOWS\System32\mtuf\gbfeo.exe
O4 - HKLM\..\Run: [dlhr] C:\WINDOWS\System32\vvvaynw\dlhr.exe
O4 - HKLM\..\Run: [vygwxkyl] C:\WINDOWS\System32\nsxu\vygwxkyl.exe
O4 - HKLM\..\Run: [5FmR34l] cnvzk32.exe
O4 - HKLM\..\Run: [hhixwt] C:\WINDOWS\System32\qqxqpdk\hhixwt.exe
O4 - HKLM\..\Run: [mxbbsw] C:\WINDOWS\System32\slurrb\mxbbsw.exe
O4 - HKLM\..\Run: [wfxff] C:\WINDOWS\System32\gdtpkotb\wfxff.exe
O4 - HKLM\..\Run: [kehb] C:\WINDOWS\System32\icps\kehb.exe
O4 - HKLM\..\Run: [jvion] C:\WINDOWS\System32\fpeb\jvion.exe
O4 - HKLM\..\Run: [wvndmv] c:\windows\system32\wvndmv.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [dtqvf] C:\WINDOWS\System32\gqrwnj\dtqvf.exe
O4 - HKLM\..\Run: [hshnin] C:\DOCUME~1\Sandra\LOCALS~1\Temp\wyoiikq.exe
O4 - HKLM\..\Run: [SkyH2] C:\DOCUME~1\Sandra\LOCALS~1\Temp\vflxra.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [phyxjx] C:\WINDOWS\System32\bikpbtd\phyxjx.exe
O4 - HKLM\..\Run: [tgatp] C:\WINDOWS\System32\ubsknhb\tgatp.exe
O4 - HKLM\..\Run: [smsg] C:\WINDOWS\System32\kyundxl\smsg.exe
O4 - HKLM\..\Run: [ifollnw] C:\WINDOWS\System32\lqjiwli\ifollnw.exe
O4 - HKLM\..\Run: [iusyanlm] C:\WINDOWS\System32\eisqijd\iusyanlm.exe
O4 - HKLM\..\Run: [qcqvlvx] C:\WINDOWS\System32\frsjkm\qcqvlvx.exe
O4 - HKLM\..\Run: [malvehg] C:\WINDOWS\System32\sijcgitk\malvehg.exe
O4 - HKLM\..\Run: [ttid] C:\WINDOWS\System32\cbmjo\ttid.exe
O4 - HKLM\..\Run: [ewtdy] C:\WINDOWS\System32\gqbkr\ewtdy.exe
O4 - HKLM\..\Run: [jhnq] C:\WINDOWS\System32\njal\jhnq.exe
O4 - HKLM\..\Run: [avuu] C:\WINDOWS\System32\lswf\avuu.exe
O4 - HKLM\..\Run: [xjonynpm] C:\WINDOWS\System32\bwvviiwy\xjonynpm.exe
O4 - HKLM\..\Run: [lytwpqr] C:\WINDOWS\System32\ijvit\lytwpqr.exe
O4 - HKLM\..\Run: [oadyge] C:\WINDOWS\System32\gvlj\oadyge.exe
O4 - HKLM\..\Run: [meaa] C:\WINDOWS\System32\fpkkom\meaa.exe
O4 - HKLM\..\Run: [GMedia2] C:\WINDOWS\System32\GSMedia3.exe
O4 - HKLM\..\Run: [Windows Service Manager] C:\WINDOWS\userint32.exe
O4 - HKLM\..\Run: [AsBPO] C:\documents and settings\lol\local settings\temp\AsBPO.exe
O4 - HKLM\..\Run: [3#ZXQDT4@EKJLN] C:\WINDOWS\System32\Dml7u0Uz.exe
O4 - HKLM\..\Run: [Lsass] C:\word.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [qtfvtj] c:\windows\system32\xipcmg.exe
O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Orsm] C:\Documents and Settings\LOL\Application Data\rlac.exe
O4 - HKCU\..\Run: [Tqdleir] C:\WINDOWS\System32\t?skmgr.exe
O4 - HKCU\..\Run: [sccbase] C:\WINDOWS\System32\sccbase.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Ko55RQJnS] cipialui.exe
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Locators.com Search Bar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\System32\Locators.dll (file missing)
O9 - Extra 'Tools' menuitem: Locators.com Search Bar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\System32\Locators.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Descargas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\eurokazaa3\local.htm (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: dtqvfgqrwnj - Unknown owner - C:\WINDOWS\System32\gqrwnj\dtqvf.exe
O23 - Service: gbfeomtuf - Unknown owner - C:\WINDOWS\System32\mtuf\gbfeo.exe
O23 - Service: iusyanlmeisqijd - Unknown owner - C:\WINDOWS\System32\eisqijd\iusyanlm.exe
O23 - Service: jhnqnjal - Unknown owner - C:\WINDOWS\System32\njal\jhnq.exe
O23 - Service: kehbicps - Unknown owner - C:\WINDOWS\System32\icps\kehb.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: qcqvlvxfrsjkm - Unknown owner - C:\WINDOWS\System32\frsjkm\qcqvlvx.exe
O23 - Service: rvxcsvukeaf - Unknown owner - C:\WINDOWS\System32\vukeaf\rvxcs.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: xjonynpmbwvviiwy - Unknown owner - C:\WINDOWS\System32\bwvviiwy\xjonynpm.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)



Just to let you know I ran Hijackthis in safe mode. Dont know if it makes a difference or not.

Not good; your log indicates some pretty heavy infestation.

You'll need to download and run some anti-virus/anti-spyware utilitities in order to get the majority of this cleaned up; HijackThis alone isn't going to do the trick. If your Internet connection on that machine is unreliable, you can download the programs on another machine and burn them to a CD in order get them installed on the infected machine.


1. If your network connection is stable enough, run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php


2. Download, install, and run the following (free) detection and removal tools (use each program's online update function before running them to make sure you have the most current updates installed).

After each utility completes its fixes, reboot before continuing on to the next utility; have the utilities fix all of the problematic/malicious items they find:

ewido Security Suite - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/d...displaylang=en
Ad Aware SE Personal - http://www.lavasoftusa.com/
SpyBot Search & Destroy - http://www.safer-networking.org/


3. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders (but not the folders themselves):

Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!

1. Cookies
2. Local Settings\Temp
3. Local Settings\History
4. Local Settings\Temporary Internet Files

- Delete the entire content of your C:\Windows\Temp folder.

- Delete the entire content of your C:\Windows\Prefetch folder.

Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.

- Empty your Recycle Bin.

- Reboot normally.


4. Reboot normally, run HiajckThis again, and post the new log.

You will also want to use AVG Free Edition www.grisoft.com you seem to have a few trojans as well.