Posts by DMR

... and the other is a smaller connection lined with white inside

That's a USB port. Some modems use USB instead of the traditional Ethernet ports; the expectation being (I assume) that the modem will be connected directly to a computer (no router in the picture) through USB.

Unfortunately though, most routers use an Ethernet port for their modem-side connection. Your best bet is to see if your friend can exchange the USB modem for an Ethernet modem, as a hard-wired Ethernet connection between the modem and router usually yields more reliable connectivity.

Glad I could help :)

It sounds as though you may be unfamiliar with the relationship between files and the filesystems on which they are created.

In your scenario, although technically it certainly is altered from the original, the copy of the file made under such circumstances is hardly "worthless"; the substantive data in the file (the data with which users and applications are usually concerned) is still intact.

Take, for example, a Word document created on a Windows machine whose hard drive is formatted with the NTFS filesystem. This Word file can obviously be copied via floppy, CD, etc. to a Mac computer using the HFS+ filesystem and opened/edited/saved/printed/etc. in that Mac's version of Word.
From the user's perspective, the file is a perfectly usable copy of the .doc file created on the PC, right?

During such a transfer though, certain filesystem-specific metadata (like NTFS permissions, for example) will get discarded, as the target HFS filesystem has no need (and often no understanding) of that metadata. Just as a point of interest, note that certain Mac-specific metadata will actually get added to the file once it is living on the Mac's HFS drive, as a Mac file is usually comprised of two forks (the Mac equivalent of Alternate Data Streams): a data fork, and a resource fork.

These "translation" issues are just the (mostly) unavoidable effects of transporting/transferring files between disparate filesystems, given that metadata (such as Alternate Data Streams, Forks, Extended Attributes, Permissions, etc). are usually specific to …

2. i reformatted my drive c, when i installed win xp sp2...

4. the ones with yellow exclamation points are...

5. when i checked in BIOS, Secondary IDE MAster is CD/DVD COMBO

Ahh- the plot thins... ;)

The info you posted is pretty much the classic list of symptoms that occur when you've reinstalled Windows from scratch but haven't then reinstalled the motherboard chipset's driver package, and perhaps other drivers as well. (Windows doesn't have built-in drivers for some motherboards and/or their on-board components).

If you have the original driver CD that came with the computer, you can reinstall the motherboard driver software from there. If you don't have the CD, you should be able to get the right driver package from your computer manufacturer's website.

If you need help obtaining or installing the driver software, give us the exact make & model of your computer and we can probably point you in the right direction.

newbie here, i also have the same problem, my combo cd rom drive doesnt register in my computer, i have tried the solution you have provided on hte previous thread but it didnt worked....

The xp_cd_dvd_fix.vbs file is only designed to fix one particular problem (a Registry conflict), whose main symptom is the "disappearing drive" phenomenon. While you might be experiencing the same symptom, the underlying cause of your problem might be different, meaning that the file I supplied won't work for you.

We'll need more information in order to help you find the exact source of the problem:

A) Has the drive ever worked properly?

B) If the drive has worked before, can you think of anything that changed in the system (hardware changes, program installations/upgrades/removals, a serious crash, an error message window appearing, etc.) around the time you first noticed the problem?

C) Right-click on your My Computer icon and choose "Manage" from the resulting menu.
* In the Computer Management windows, click on Storage->Disk Management.
* Look in the right-hand pane of the Disk Management window.
Is any identifying info about your CD/DVD drive listed there?

D) Right click on your My Computer icon.
* Choose "Properties" from the resulting drop-down menu.
* Click on the "Hardware" tab.
* Click on the "Device Manager" button.

In the list of your installed hardware, are there any devices which have a yellow exclamation point or …

You're welcome- glad we could help. :)

I have the same problem of missing CD-ROM drive, but my computer has Windows 2000. Can xp_cd_dvd_fix.zip fix the problem on Windows 2000?

Yes- the "disappearing" CD/DVD issue also occurs with Windows 2000, and the xp_cd_dvd_fix script will fix it.

mm the same symptoms still seem to be persisiting though...

That's not totally unusual, but at least now your system is clean, so we don't have to worry about further complications caused by the infections.

Let's have a look at your Event Logs and see if Windows has been able to record any error messages that might offer details of the IE/Messenger crashes/hangs:

* Open the Event Viewer utility in your Administrative Tools control panel and look through your System and Application logs for entries flagged with "Error" or "Warning", especially those whose time-stamps coincide with the occurence of the problem(s).

* Double-clicking on such an entry will open a properties window with more detailed information on the error; post the details from a representative sample of some of the different error messages (please don't post duplicates of a given entry, or flood us with the entire contents of the logs).

* To post the details:
In the Properties window of a given entry, click on the button with the graphic of two pieces of paper on it; the button is at the right of the window just below the up arrow/down arrow buttons. You won't see anything happen when you click the button, but it will copy all of the details to the Windows clipboard. You can then paste the details into your next post here.

.

Hi top.tucnak- welcome to DaniWeb!

Please read my previous post (directly above yours) regarding our reasons for asking members to start their own new thread when they have a malware problem they need help with.
If you could post your HijackThis log in your own new thread, that would be very helpful to us; this thread is already cluttered with enough HijackThis logs from different members that it has become hard to follow. By starting your own thread you'll get much more focussed attention from us, as we will be able to concentrate on your log and your log alone.

Thanks :)

Sorry- I should have had you check to make sure that the service was disabled before we attempted to delete it. HijackThis can't delete a service if it is running. This should do the trick:

1. Open the Services utility in your Administrative Tools control panel.

* In the list of services, locate the service named ".NET Framework Service" or ".NET Connection Service" and double-click on it.

* In the General tab of the Properties window that opens, click the Stop button.

*Once the service is stopped, choose Disabled in the "Startup Type" drop-down menu and then click OK.

* Close the Services utility.

2. Open HijackThis, and in the main window, click on Config, then Misc Tools, and then press the Delete an NT service.. button. When it opens, copy-n-paste the following in the deletion box and press OK:

.NET Connection Service

* Close HijackThis after that.

Let us know if that works, and give us a new HijackThis log please.

Good job- except for one leftover, your log is clean now :)

Having you manually search for the 4 files and two folders was just a double-check to verify that they were really deleted by the utilities (which they appear to have been).

1. Run another HijackThis scan, put a check in the box to the left of the following entry, and then click the "Fix checked" button. This time, do not close HijackThis yet:

O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

* In HijackThis' main window, click on Config, then Misc Tools, and then press the Delete an NT service.. button. When it opens, copy-n-paste the following in the deletion box and press OK:

.NET Connection Service

* Close HijackThis after that.

2. Disable and then re-enable your System Restore feature to delete the contents of the Restore folder. Instructions for doing that, as well as an explanation of why you're doing it, are posted here.

3. Once you've completed steps #1 and #2, please run a (hopefully) final HJT scan and post the new log. Also let us know how the system seems to functioning now.

Thanks for the new log. I see signs of at least 4 different adware/spyware infections in that log, so it might take a few passes to get them all removed. Please be patient, and follow any instructions fully, carefully, and in the order given.

You will need to close/quit all web browser programs and disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.

1. Download ATF-Cleaner and save it to convenient location.

2. Download the free version of AVG Anti-Spyware (formerly ewido). Save the installer file to your desktop or any convenient folder.

* Run the installer, accepting the default options. Run the program once installed, click on the Update icon at the top of the main AVG window, and allow the program to download the most current components.

* Close AVG once the updates have been downloaded.

3. Run another HiajckThis scan, put a check in the boxes to the left of the following entries, and then click the "Fix checked" button. Close HijackThis once it completes its fixes:

R1 - HKLM\Software\Microsoft\Internet Explorer,(Default) = 1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: VoiceIPObj Class - {00000250-0320-4DD4-BE4F-7566D2314352} - C:\WINDOWS\VoiceIP.dll
…

You're welcome- glad we could help :)

Since the issue is now resolved, could you please ckick the "Mark as Solved" link at the top of this thread? Thanks.

So, the plot thickens... joy.
Let's take a closer look at what's going on in your system. We aren't going to change/fix anything in the following procedure; we're just going to see if any obvious suspects come to light:

Download the free HijackThis utility. Once downloaded, follow these instructions to install and run the program:

* Create a new folder for HJT outside of any Temp/Temporary folders and move the HijackThis.exe file to that folder now. A folder such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

* Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".

* Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". The log file will open in Windows Notepad once you save it.

* Cut-n-paste the entire contents of the file from Notepad and post it here.

The log contents will tell us a lot about the state of your system, and once we analyse the log we can tell you what to do from there.

I don't think there is any need to panic since there is a very slim chance that something like this would be implemented -- either this or the people making this law are really smoking something suspicious...

Oh- they're smoking something, alright.

Unfortunately though, we in the US have a history of passing laws which were seemingly written in a drug-induced haze. Just look at paraniod and interest-driven laws like the DMCA or the *cough* "Patriot" Act; those laws were passed almost unanimously.

Face it- when it comes to governments, it is rarely safe to use logic when predicting what they may or may not do. The actions of politicians seldom come from any real knowledge of the area/issue which they are attempting to legislate; regardless of the issue, their actions are usually instead based on personal/party gain or, as in this case, a "moral" stance that may or may not be supported by the general population. (Of course, over-inflating or misrepresenting an issue or "threat" is a crucial tactic in getting the general population to think that they support such issues.)

Well, that question does point up one of the absurdities of trying to force one government's "morality" on a meta-national structure like the Internet, doesn't it?

my internet connection seems to be spottier than usual after I took out my ethernet card and then put it back in.

I'd try:

1. Opening the case again and double-checking that all cards/cables/etc. are properly and firmly inserted.

2. Updating the drivers for the network card(s); because of the reinstall, you are now using the original Windows drivers again.

What do I do next?

Why- you celebrate, of course.... [IMG]http://www.stevewolfonline.com/Downloads/DMR/Visuals/Smilies/party.gif[/IMG]

SmitfraudFix looks to have done its job, and your latest HijackThis log is clean. :)

Does everything seem to be running properly now?

if you just witnessed a crime, are you breaking the law if you don't run down to your local police station and report it?

If this law passes, you, as the owner of Daniweb, would be breaking the law by not reporting certain crimes. :sad:

Linksys' firmware is based on Linux components, which falls under the General Public License (GPL). This forced Linksys to open source their firmware. The bottom line is, many developers have created their own firmware that can be installed on Linksys routers which seems to have greatly increased their reliability and efficiency.

Yes it is, yes it does, yes it does, yes they have, and yes it has. :mrgreen:
Some of the OSS firmwares have added useful features to the Linksii as well...

A strange, but very interesting, workaround.

If the implications weren't so truly frightening, I'd be LMAO:

http://news.com.com/SenatorIllegalimagesmustbereported/2100-1028_3-6142332.html?tag=nefd.lede

From the article:

Millions of commercial Web sites and personal blogs would be required to report illegal images or videos posted by their users or pay fines of up to $300,000, if a new proposal in the U.S. Senate came into law.

According to the proposed legislation, these types of individuals or businesses would be required to file reports: any Web site with a message board; any chat room; any social-networking site; any e-mail service; any instant-messaging service; any Internet content hosting service; any domain name registration service; any Internet search service; any electronic communication service; and any image or video-sharing service...

A McCain aide, who did not want to be identified by name, said on Friday that the measure was targeted at any Web site that "you'd have to join up or become a member of to use."

*sigh*...
Welcome to the United States- The Land of Frightened Sheep.

Let's get AOL out of the picture for a few moments: Close down the AOL browser entirely, fire up Internet Explorer, and enter Yahoo through IE.
Do you experience the same problems as you do when using the AOL browser?

We're not done yet- many of the infections were cleaned, and the symptom may have been removed, but pieces of the nastiest one (a Smitfraud/SpySheriff variant) are still active.

This is normal, as the Smitfraud infections need to be removed with a specific tool and procedure. A download link to the SmitfraudFix tool and instructions for its use can be found here. Please follow the instructions fully and carefully.

When you have completed the removal procedure, please run HijackThis again and post the new log here. Also post the contents of the SmitfraudFix report log, which is named rapport.txt; it will have been created in your root (C:\) folder.

Hi shelli- welcome to DaniWeb :)

If you can give us as much detail on the problem as possible, the forum moderators will have a better idea of which of our forums your question should be moved to (we don't actually troubleshoot problems in this particular forum; it's just a place to introduce yourself). Here are some things that it would be helpful to know:

* Does the message appear right after Windows starts up, when you run a certain program or perform a certain action, or does it seem to just appear randomly?

* Have you recently installed, upgraded, or removed any software applications or Windows components?

* Have you recently removed any viruses or spyware, or do you have any indication that your computer might currently be infected?

IE 6 never did that...

Maybe not, but unfortunately that has little (if any) bearing on how IE7 might behave.

there has to be someway to fix it

Not necessarilly, but this might yield us some helpful clues:

Open the Event Viewer utility in your Administrative Tools control panel and look through your System and Application logs for entries flagged with "Error" or "Warning", especially those whose time-stamps coincide with the occurence of the problem(s). Double-clicking on such an entry will open a properties window with more detailed information on the error; post the details from a representative sample of some of the different error messages (please don't post duplicates of a given entry, or flood us with the entire contents of the logs).

To post the details:
In the Properties window of a given entry, click on the button with the graphic of two pieces of paper on it; the button is at the right of the window just below the up arrow/down arrow buttons. You won't see anything happen when you click the button, but it will copy all of the details to the Windows clipboard. You can then paste the details into your next post here.

Have you tried adjusting the horizontal and vertical size settings on the monitor itself?

Hi zhen87- welcome to DaniWeb :)

The HijackThis log you posted definitely shows that you have infections, but the version of HijackThis that you are using is extremely out-of-date and therefore isn't giving us the complete picture.
Please delete the old version, download the latest version (1.99.0), run a new scan with it, and post the new log file.

"Nasties" may be responsible, but given your description, they wouldn't be my first suspicion. We can check out the possibility, though.

Before we head in that direction: Does this only happen through AOL, or only in Yahoo groups, or only in some combination of the two, or do you experience this at other sites and out side of Yahoo?

Try the Knoppix CD- you may very well be able to access the data through Linux. YOu'll obviously need some backup media to rescue the data to, but Knoppix should automatically set up networking and CD-burning for you, so those are two options. Knoppix probably won't be able to do much in terms of repairing your Windows install, as Linux has very limited support for writing to NTFS-formatted volumes.

Just FYI:

1) "missing or corrupted \WINDOWS\SYSTEM32\CONFIG\SYSTEM".

The windows\system32\config\system file is a component (called a "Hive") of the Registry, and yours appears to have become corrupted. The hives are unique to the system on which Windows was installed, so you cannot just replace them with copies from another computer.

* Booting into the "Last known good configuration" might do the trick, although it often doesn't. It is the easiest fix though, so it's worth trying.
To boot into that configuration, start tapping the F8 key right after your computer starts up (that is- well before you see the Windows startup graphic/logo). This should bring up the boot options menu, where you can choose the "Last known good" menu item.

* There are a couple of other ways to fix the corruption, which are discussed in these links:
http://www.kellys-korner-xp.com/xp_sys32.htm
http://support.microsoft.com/kb/307545/en-us

2. Hal.dll-related errors can be caused by a few things, including a pooched MBR or a corrupt boot.ini file. The BOOTCFG, FIXBOOT and FIXMBR tools available through the recovery …

Although we actually discourage members from posting HijackThis logs in any forum other than the Viruses, Spyware, and other Nasties forum, it's a good thing that you did- your log shows signs of infections, which should be cleaned up before any further troubleshooting.

Please run a new HijackThis scan and post it, along with the details of the networking problems, in a new thread in the above forum.

.

how to cut and join the cables with the clips?

Your question is a bit unclear. Do you mean that you want to connect the two computers directly together with an Ethernet cable, as opposed to networking them together with a router or a switch?

The PC runs for a while connected to the internet and suddenly a blue screen pops up

Does this occur only when you are connected, or does it happen at other times as well.

says some error codes and Says "If this is the first time you are seeing this restart your comp if else go to........"

gerbil is right- posting the full and exact error message that the blue screen gives you will help us, because the alphanumeric codes in the error actually do mean something.

Also- if this is the same computer that we're working on in this thread, let's keep all discussion of that machine in that thread. It would be a Bad Thing to be working on two different problems at the same time, especially when one of the problems involves malware infections.

... Changed the AGP Aperture...

You've got to be kidding... that bit of techno-voodoo actually worked??!! [IMG]http://www.stevewolfonline.com/Downloads/DMR/Visuals/Smilies/eek3.gif[/IMG]

You posted your question in our virus/spyware forum; do you have any specific reasons to believe that such nasties are the root of the problem? If so, please tell us the details.

There are a few different infections which display bogus alert warnings, let's see if we can find out which variant you have.
Please do the following:

You will need to close/quit all web browser programs and disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.

1. Download ATF-Cleaner and save it to convenient location.

2. Download the free version of AVG Anti-Spyware (formerly ewido). Save the installer file to your desktop or any convenient folder.

* Run the installer, accepting the default options. Run the program once installed, click on the Update icon at the top of the main AVG window, and allow the program to download the most current components.

* Close AVG once the updates have been downloaded.

3. Run another HiajckThis scan, put a check in the boxes to the left of the following entries, and then click the "Fix checked" button. Close HijackThis once it completes its fixes:

R3 - URLSearchHook: ScriptInocUI Class - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\iMediaCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [w03c6cb0.dll] RUNDLL32.EXE w03c6cb0.dll,I2 00011aaa003c6cb0
O4 - HKLM\..\Run: [w001cdbb.dll] RUNDLL32.EXE w001cdbb.dll,I2 00011aaa0001cdbb
O4 - HKLM\..\Run: [w06e9a83.dll] RUNDLL32.EXE w06e9a83.dll,I2 00011aaa006e9a83
O4 - HKLM\..\Run: [w1b8e5c0.dll] RUNDLL32.EXE w1b8e5c0.dll,I2 00011aaa01b8e5c0
O9 - …

* The 2wire device is one of their integrated modem/router models, yes?

* If the 2wire has an Ethernet port, connect the Thinkpad to it with a CAT5 cable. That will at least help to determine if this is an issue with your wireless hardware or with your networking setup in general.

* Do you pick up your TCP/IP settings (IP address, DNS server addresses, etc.) from the 2Wire automatically via DHCP, or do you enter that info manually in your network card's TCP/IP properties?

* Can you enter an IP address in your browser and reach a site that way? See if you can get to Daniweb by enttering the following location in Internet Explorer and Mozilla:

http://74.52.33.82/

I've heard of people resolving this exact issue by changing such seemingly unrelated BIOS settings as the AGP Aperture, or simply trying the reinstallation again and again until it worked. I'm not suggesting that you do these things; I'm just bringing up the fact that the "32 minute" stall is an irritating problem for which there hasn't seemed to be one single solution.

Maybe we can glean something illuminating from your system specs; can you post as many details on your system's hardware configuration as possible please?

Thanks for that- your HJT log show the presence of a couple of active pieces of malware, as well as some leftovers from previous infections.

Before we begin the removal, please tell us what's going on with the McAfee entries. It looks to me like you've uninstalled McAfee for the most part, and if so, we should remove the components that remain. We should also get you a good antivirus program to install in its place.

If you haven't uninstalled McAfee, then it will need to be uninstalled and reinstalled, as it isn't working properly at the moment.

I disabled something that said "Onboard SiS900 Lan DEVICE"

That would be it, unless you have an add-in PCI Ethernet card or a wireless networking card. If so, remove those as well.

So I go into BIOS setup and disable any USB or Firewire devices

No, only disable Firewire (IEEE 1394) devices; you should leave USB settings alone.

In order for us to help you most quickly, please give us specifics when you mention infection alerts, error messages, etc.

I run Kaspesky antivirus, and each time i restart my cpu, it sais i have same trojans on my computer.

Please post the names and locations of the infected files that Kaspersky reports.

after like 3 or 5 minutes after i boot, Internet explorer pops automaticly up with an erroe message

Please post the full and exact text of the message.

D:\Install\Ahead.Nero.v7.2.7.0.Incl.Keymaker-EMBRACE\keygen\keygen.exe -> Trojan.Agent.ye : Cleaned.

That is a key cracker program, and we don't help people with issues involving illegal software. You're on your own there, but I'd suggest you delete all cracked programs and cracking utilities, because they often contain malicious components.

D:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP124\A0022901.exe -> Worm.Banwarum.f : Cleaned.

You should disable and then re-enable Windows' System Restore. Instructions and explanation are given here.

Hijackthis is the most widely-used adware/spyware diagnosis tool I know of, and those of us who specialize in removing these nasties have been using it for years. Here's the deal:
You have an adware infection, and you've asked us to help you get rid of it. If you follow our instructions fully and carefully, your computer will be back to normal very shortly. :)

Having a Windows installation stall at 32 minutes left, while "installing network" is not totally uncommon. You can:

1. Disable any on-motherboard network and firewire adapters via the BIOS setup. Re-enable them after the Win setup completes.

2. Physically remove all PCI network adapters from the computer. Reinstall them once the Win setup completes.

Very good- let us know how the reinstall goes... :)

Your log does shows signs of a few different infections. It also indicates that you have quite a few optional (but non-malicious) items configured to run at Windows' startup, and these programs are unnecesarilly chewing up some of your system resources.

For the malware infections, please do the following to begin with:

You will need to close/quit all web browser programs and disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.

* Download ATF-Cleaner and save it to convenient location.

* Download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

• Install AVG Anti-Spyware by double clicking the installer.
• Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
• On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Click on Change state next to Automatic updates. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesfull message.
• Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update AVG.
AVG Anti-Spyware manual …

Bleh! Yup- you've got Nasties.

A) A pictorial walk-through of the removal procedure for the "VirusBursters" infection can be found here. Please follow those instructions carefully and fully.

B) Once you've completed the VirusBursters removal procedure, please do the following:

You will need to close/quit all web browser programs and disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.

* Download ATF-Cleaner and save it to convenient location.

* Download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

• Install AVG Anti-Spyware by double clicking the installer.
• Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
• On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Click on Change state next to Automatic updates. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesfull message.
• Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update AVG.
AVG Anti-Spyware manual updates.
Download the Full database to …

Compaq does not use recovery partitions as I have had this for 4 years and know everything about it.

That's nice; I guess HP/Compaq don't know what they're talking about, but you do?

From HP's support site:

HP and Compaq Desktop PCs - Performing an HP System Recovery in Windows XP

Use the following steps to perform a recovery from the hard drive:

1. Backup files from the My Documents folder and from other folders you may have created.
2. Disconnect all connected devices (such as the Personal Media Drive, USB drives, printer, and fax), remove media from drives, and remove any recently added internal hardware. Do not disconnect the monitor, keyboard, mouse, and power cord.
3. Turn on the PC.
4. Just after the first screen appears (the logo screen), press the F10 key repeatedly until a recovery menu appears.
   [IMG]http://h10025.www1.hp.com/ewfrf-JAVA/Doc/images/c00370937.jpg[/IMG]
5. Select one of the following procedures, depending on which recovery type you want to perform:
   • To perform a standard system recovery, click Next, and then click Yes
   • To perform a destructive recovery, click Advanced, (select Destructive Recovery) and then click Next.
     CAUTION: A destructive recovery will format the hard drive. This will delete all the information on the hard drive and reinstall Windows XP and the original software that came with the computer.
6. Read and respond to each window and screen that appears.
7. After the System Recovery is complete, the PC restarts and continues into Windows setup. Complete the setup screens and wait until the …

Have you tried scanning in safemode and changing your default DNS settings?

Unfortunately, restoring the correct DNS server entries and/or switching web browsers may resolve the redirection problem, but it does nothing to remove the infection itself.

Once the bogus DNS server IPs have been fixed, the system should be scanned for malware using one of the online scans below and/or a good anti-spyware program such as AVG Anti-Spyware.

Online Scanners:

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options.

Panda ActiveScan
http://www.pandasoftware.com/actives..._principal.htm
Make sure you tick Disinfect automatically under Scan Options.

Housecall at TrendMicro
http://housecall60.trendmicro.com/en...rp.asp?id=scan
Make sure you tick Auto Clean.

eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Also run this online trojan scanner

TrojanScan

Post logs from the ones you ran along with a new hijackthis log.

AVG Anti-Spyware:

* Download the free version of AVG Anti-Spyware (formerly ewido). Save the installer file to your desktop or any convenient folder.

* Run the installer, accepting the default options. Run the program once installed, click on the Update icon at the top of the main AVG window, and allow the program to download the most current components.

* Close AVG once the updates have been downloaded.

* Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as …

I appears your system is loading Internet Explorer first.
Uninstall Firefox, reboot, then reinstall it...

The underlying problem has nothing to do with a browser conflict, and there is certainly no need to reinstall Firefox (and doing so won't fix the problem anyway).
What is happening is that the malware infection which is responsible for the ad.firstadsolution pop-up is being triggered when it senses that the user has made a connection to the Net. While the infection uses Internet Explorer to do its dirty work, it doesn't care what browser actually initiates the Internet connection.

-------------------------------------------------------------------------------------------------------------------
stone_cold,

Let's start the malware removal process by doing the following:

Download the free HijackThis utility. Once downloaded, follow these instructions to install and run the program:

* Create a new folder for HJT outside of any Temp/Temporary folders and move the HijackThis.exe file to that folder now. A folder such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

* Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".

* Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". The log file will open in Windows Notepad once you save it.

* Cut-n-paste the entire contents of the file from Notepad and post it here.

The log contents will tell us …

Your first error is due to a corruption/conflict with the monitor.exe component of the Acer eRecovery utility. I can't give you an exact fix, but either of these suggestions may make the error go away:

* Click the "Run..." option under your Start Menu, type MSCONFIG in the resulting "Open:" box, and then click OK. This will open the msconfig utility. In the utility, locate the PCMService (it would be under either the Services or Startup tab) and enable it.

* Run HijackThis again, put a check in the box to the left of the following entry, and then click the "Fix checked" button:
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

----------------------------------------------------------------------

Your second screenshot shows a bogus alert from a Smitfraud or Vundo malware infection, and your HijackThis log shows one of the infecting files (drvfoh.dll). Please do the following:

You will need to close/quit all web browser programs and disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.

1. Run HijackThis, put a check in the box to the left of the following entries, and then click the "Fix checked" button. Close HJT when it ompletes the fixes:

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvfoh.dll,startup
O23 - Service: Active Common Service - Unknown owner - C:\WINDOWS\system32\commserv.exe (file missing)

2. Download ATF-Cleaner and save it to convenient location.

oops, i think i should have posted this in Windows/security.... sorry, you can move it inthere, i just didnt notice your announcement.

Nope, you're cool here- this is the "Windows Security" forum, or at least that was its original name. We renamed it to "Viruses, Spyware, and other Nasties" some time ago, but obviously forgot to update the Announcement posts. Oops... :o