Posts by DMR

At the very least, your log shows signs of the Aurora/Nail.exe infection. Please read this post for hte Aurora removal procedure.

The procedure will probably clean out some other infections as well, so follow the instructions carefully, and then post a new HijackThis log after that.

If you're talking about a white box with a red X being displayed within an IE browser window, that usually indicates that IE isn't able to render/display a certain element on the web page. If you can give us more specifics about the problem we can probably help you further.

Thanks for the loads of helping information.

We are volunteers here, and provide help in our own spare time (of which we have precious little). The fact that your particular problem was not addressed within 14 hours is not unusual on this support forum or any other.

By the way- your system is very infected, judging from hte HJT log you posted. You may have solved the immediately visible symptoms, but I highly doubt that your system is entirely clean. Feel free to post a new HJT log if you'd like; we can tell you if it still shows signs of infections.

I'll have to look further into the specifics of your mobo and RAM sticks tomorrow, but I'll bet the RAM modules you have are not entirely/fully compatible with the mobo, hence the SPD error.

What did the Shoot the Messenger program say? Does it tell you that the Messenger service is disabled?

Please give us a full and exact description of the bogus message that you're getting.

"about:blank" can be a valid Internet Explorer home page; it doesn't necessarilly indicate that you have the dreaded "About:Blank" infection. If, in your Internet Options control panel, you set your IE home page to a blank page by clicking the "use blank" button, your home page's address will display as simply "about:blank".

The definitive test would be to run HijackThis and look at the log. If you see log entries similar to the following, you have the infection; if not, you most likely don't:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

Yoiks! You tried to run XP on 64M of RAM?! :eek: :eek:

Does memzip identify a particular program/process as being the source of the excessive resource usage? If so, please tell us what that process is.

BIOS setup pages are accessed by pressing a certain key (or keys) just as the computer starts to boot up. The exact key varies between BIOS makes/versions, but some common keys are F1, F2, Del, and Esc.

Look at your startup screen just after you power on the computer; you may see a message which says: "Hit F1 to enter setup" or something similar. If your BIOS/boot messages are hidden by a startup logo, try hitting Esc to bypass the logo and view the BIOS screen.

There's no need to zip the log before posting it, but DO NOT post the log in this thread! All HJT logs need to be posted in our Viruses, Spyware, and other Nasties forum. Please start a new thread in that forum and post the log there.

To post the log, just open the log file in Windows Notepad and copy 'n paste the entire contents of the file into your new post.

Your log indicates signs of a couple of infections, and there may be more than that.

Please perform the following general cleaning procedures:

You will need to disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.

1. Run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

2. Download, install, and run the following (free) detection and removal tools (use each program's online update function before running them to make sure you have the most current updates installed).

After each utility completes its fixes, reboot before continuing on to the next utility; have the utilities fix all of the problematic/malicious items they find:

ewido Security Suite - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
Ad Aware SE Personal - http://www.lavasoftusa.com/
SpyBot Search & Destroy - http://www.safer-networking.org/

3. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for …

1. Drop your firewalls while troubleshooting, regardless of whether or not you think they have nothing to do with the problems. One less variable is one less variable.

2. If possible, connect the problematic machines via Ethernet as a test. IOW, determine if the problems are only related to WiFi, or not.

3. Do the page-load problems occur only with one browser, or do any/all web browsing programs exhibit the problems?

4. Do your system and/or application logs hold any clues? Open the Event Viewer utility in your Administrative Tools folder to view the logs; look for entries indicating network-related warnings or errors.

1. To remove the "crazywinnings" and "awmdabest" references:

- First, remove the sites from your Trusted Zone:
Start Internet Explorer, click Internet Options on the Tools menu, and then click the Security tab. Click Trusted Sites, and then click Sites. Click the "crazywinnings" site, and then click Remove.
Repeat the above for "awmdabest".

- Click on the "Run..." option under your Start menu, type "regedit" (omit the quotes) in the resulting "Open:" window, and hit OK. This will open the Registry Editor program.

- In the editor, press F3 to bring up the Find window, type crazywinnings in the find box, and hit enter. There may be more than one "crazywinnings" entry, so you need to keep repeating the find until you get the message "finished searching through the registry". Delete all instances of "crazywinnings" entries you find.
Repeat the above for "awmdabest" entries.

Do not delete or modify anything else in the registry!!!

2. Make sure that Windows Messenger Service is disabled:

Download and run Shoot The Messenger. Disable the Messenger service if the utility reports it to be enabled.

3. I'd suggest installing the absolutely most current updates for ewido and your Norton Anti-virus, rebooting into Safe Mode, and running full system scans with each. Let both programs fix any malicious components they find. Reboot normally when finished.
(You should also download, install and run Microsoft Antispyware beta.)

…

Please do the following:

Download the latest version of HijackThis:

http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe

Once downloaded, follow these instructions to install and run the program:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

Bridge.dll is a component of a particular malicious infection, but your log shows signs of other infections as well.

Please follow the suggestions in the following thread:
http://www.daniweb.com/techtalkforums/showthread.php?p=138737#post138737

You don't have to install all of the anti-malware utilities mentioned, but I'd suggest downloading and running Ad-Aware, SpyBot, Microsoft Antispyware, and ewido Security Suite. After following the general cleaning procedures mentioned in the thread and running the utilities I mentioned above, please run HijackThis again and post a new log.

...every single file that comes up with .tmp should be deleted, right?

:)

Yup.

Hi asianpanthers,

You are running an older version (1.99.0) of HijackThis. Please download the latest version (1.99.1), run it, and post the log that it generates.

Welcome, nameeta! :)

:rolleyes: .........

You're welcome. :)

Ok:

Broadband routers like the ones made by Linksys and Netgear are really two devices in one: a router, and a switch. The LAN ports (the ones you connect your computers to) are part of the switch section, which doesn't really need any configuration; it just ties together all of the computers connected to it. The router portion of the device manages traffic between the external network (connected via the "WAN" port) and the computers connected to the switch portion.

The basic connection scheme in your case would be:

Internet
|
|
V
[WAN Port ] Router
[LAN Ports] A
| |
| |
| |
| | Router B
| L>[LAN Ports]-----> Computers
|
|
| Router C
L>[LAN Ports]------> Computers

*All connections to/from Routers B & C are on LAN ports.

If Router A is configured to assign IPs to computers on the network through DHCP, there shouldn't be any more to it than that.

If you are assigning IP addresses manually, all computers IP addresses should be in the same network range, and the LAN-side IP address of router A should be entered as the gateway IP on each of the computers on the network. Obviously, with manual configuration you'll also have to enter the correct subnet mask and DNS server IP on each of the computers as well.

Due to the fact that the member who originally started this thread has not responded in more than one year, this thread is considered abandoned and has been closed.

In accordance with our posting rules, other members having similar problems should start their own threads and post their questions there. In order to help us help you most quickly, please include as much information about your problem as possible in your posts.

If the member who originally started this thread wishes to have the thread reopened, please send your request, including a link to this thread, to one of our moderators via email or Private Message.

Thank you.

A monitor/TV repair shop can most likely repair it for you, but depending on the value of the monitor, the repair cost might not be worth it.

Before going that route though, I'd ut the defective monitor on a working computer first. If the monitor still exhibits the problem, then the fault does lie in the monitor.

1. Your log is clean now. :)

2. Somewhere in the BlackIce firewall program you should be able to find a graphical view of the connection attempts which will tell you if the attempts were successfully blocked or not (each event should have a small alert icon next to it). The text log reports some info on the connection attempts, but not the actions taken.

Those log entries are indicating probes/connection attempts from the outside world; they aren't indicative of activity by malicious programs on your computer. If your firewall software is sucessfully blocking these queries, you should be OK.

In addition to a firewall, you can tighten up your security even more by making configuration changes to Windows' services (system-level programs which provide certain functions). Windows, by default, runs more than a few unnecessary and potentially vulnerable services, so it's a good idea from a security standpoint to limit some of these services or disable them entirely. This isn't something that you should do if you're not familiar with services though, as modifying the wrong services can cause all sorts of trouble.

A list of suggested service settings which will secure your computer more thoroughly can be found here:
http://www.tweakhound.com/xp/security/page_3.htm

1. If the hits are being reported as coming from the outside world, that's normal; there are a lot of malicious programs and people out there trying random IPs and network ports to see if they can find a way into your system.
Do your firewall logs give you any specific details? If so, you might want to post some of them so that we can get a better idea of what the hits are all about.

2. There are a couple of loose ends in your HJT log; have it fix these entries:

R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)

Here's the culprit in your particular case:

O2 - BHO: ohb - {98640C3B-0699-4D51-ADB4-A6FC48ACB966} - C:\WINDOWS\system32\nst1C.dll

1. Go to Start -> Programs -> Accessories -> Command Prompt; this will open a DOS box. Type the following command at the DOS prompt and then hit Enter:

regsvr32 /u C:\WINDOWS\system32\nst1C.dll

2. Run HijackThis again and have it fix:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: ohb - {98640C3B-0699-4D51-ADB4-A6FC48ACB966} - C:\WINDOWS\system32\nst1C.dll
O16 - DPF: {DE910060-8EFB-44B9-B492-75180696643F} (iiittt Class) - http://www.hotsearchbar.com/toolbar30/hsrb.cab

3. Reboot into Safe Mode. You get to the Safe Mode boot menu option by hitting the F8 key just as your computer is starting up (before Windows starts).

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- Locate and delete the following file:
C:\WINDOWS\system32\nst1C.dll

- For every user account listed under C:\Documents and Settings, delete the entire contents of the following folders (but not the folders themselves):

(Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!)

1. Cookies
2. …

Routers are normally used to connect computers on different networks/subnets; if you really want all of the computers to be on one network, replacing routers B and C with switches would be the recommended way to go.

However, if you connect the A router to one of the LAN ports (not the WAN/Internet ports) on the B and C routers, you'll only be using the switch portion of the B and C routers, bypassing the hassle of disabling NAT and the other configuration tweaks that it would take to get all of the routers on the same network.

...so this is giving me login issues.

I don't see any obvious signs of infections in your log. Can you give us specific details of the problem please?

1. In your latest log, I don't see anything indicating that you installed MS Antispyware beta. Did you install and run that program in addition to ewido? If not, please do that now.

2. Click Start – Run - and type in:

services.msc

Click OK.

In the services window find: Power Manager (PowerManager)

Right click and choose Properties. On the General tab under Service Status click the Stop button to stop the service. Beside Startup Type in the dropdown menu select Disabled. Click Apply then OK. Exit the Services utility.

Note: You may get an error here when trying to access the properties of the service. If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.

3. Boot into Safe Mode.

a) Open Hijack This and click on the "Open Misc Tools section" button. Click on the "Delete an NT Service" button.

Copy and paste this line in that box:

PowerManager

Click OK.

b) Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- For every user account listed under C:\Documents …

Hi goldencavalier,

We ask that members not "tag" their questions on to a thread originally started by another member; all members who have a question need to start their own thread for that question. In light of that, I've split your question out from the thread in which you originally posted.

Your log shows signs of the ISTbar infection, but there are probably other "unwanted guests" in your system as well.

1. Open MS Antispyware; use its automatic update function to make sure that you have the most current threat definitions installed. Don't run a scan yet, though.

2. Do at least 2 or three of these online scans; let each scanner fix what it finds. If a scanner has an "autoclean" or similar option, make you select/check that option:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

3. Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up). Once in Safe Mode, run a full system scan with MS Antispyware and have it fix what it finds.

4. Run HijackThis again, post the new log, and let us know if the original problem still persists.

Hang in there MelissaH, we're still with you. Since crunchie is already working through a procedure with you I won't interfere, but he should be online soon.

Your log indicates the presence of two files named "svchost.exe"; one in your C:\WINDOWS\system32 folder, and one in your C:\WINDOWS folder. Only the one in C:\WINDOWS\system32 is legit; the other is almost certainly malicious.

There are probably other infectious components still present in your system as well. Please download, install, and run the following two utilities:

Microsoft Antispyware beta
ewido Security Suite

Be sure to use each program's automatic update feature to get the most current detection databases installed before actually running the scans/fixes. If you initially receive a warning message from ewido saying "Database not found" when you first run the program, just click "OK" for this. Next- in the main screen, click "Update" and click "Start Update". After the update completes, run the full system scan.

Once you've done the above, run HijackThis again and post the new log. Also post the scan report log that ewido generated.

Which program? If you, or Windows itself, are launching multiple instances of the same program, you may see mutiple instances of that program in the taskbar. It could also be a "glitch", though.

I can go into the gory details if you want, but it all really comes down to the fact that the that physical drive space itself is finite.

Physics, my friend... pure physics.

On the most superficial level, think of the physical drive platters as a parcel of land upon which you want to build some houses. Sure- you can get more houses on the property if you build smaller houses, but you'll still eventually reach a point where you simply cannot fit more houses, regardless of how small you make them. Additionally, before you even reach that point of saturation, you'll reach the point where the houses become so small that they aren't suitable for storing people. The same holds true of drive sectors used to store data.

The full answer is of course much more involved, but that's the overall gist.

How old is the computer? If the drive refuses to recognized disks which work perfectly in other computers, there's a good possibility that the physical floppy drive itself has failed.

Before running out and buying a new drive, I'd open the case and make sure the data cable to the floppy drive is firmly seated on both the drive and motherboard ends, though.

If the old monitor still exhibits the half-screen problem when attached to another computer, and another monitor works fine with your current video card, a likely explanation would be that you've had a failure in the vertical scanning circuitry inside the monitor.

Hi gracess, welcome to the site! :)

We don't deal with technical issues in this particular forum, but if you post your question in a new thread in our Viruses, Spyware, and other Nasties, we can help you out there.

Hi Sorsonel, welcome! :)

Hey phenetic, welcome to the site! :)

Browse around, get familiar with our layout, and feel free to ask questions if aanything crops up.

Give it a try. If the dll is loading even in Safe Mode, you may still not be able to delete it. If that's the case, try the following:

* Click on the "Run..." option under your Start menu, type "cmd" (omit the quotes) into the resulting "Open:" box, and hit enter.

* In the DOS box that opens, type the following command, and then hit Enter:

regsvr32 /u full path of filename

For example, if sshook.dll lives in your C:\Program Files\Trend Micro\Tmas folder, the full command would be:

regsvr32 /u C:\Program Files\Trend Micro\Tmas\sshook.dll

See if you can then delete the file (you might need to reboot before attempting the deletion.

Hi All!!!

To resolve this problem:

Svchost.exe Takes 99% of CPU memory Usage

go to my Home and read the article!

Regards,

aSeptik

justsched.exe is certainly one culprit, but unfortunately, there are many more causes for excessive resource usage than the one given on your page.

sshook.dll may still be being loaded by the system. If so, you will not be able to delete the file, because it is in use.

Try deleting the file when booted into Safe Mode.

Please print out these instructions, as you will have to disconnect from the Internet for some of the following cleaning procedure.

1. Run HijackThis again and have it fix:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.s1s1s1search.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.s1s1s1search.com/sp2.php
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O4 - HKCU\..\Run: [strtas] lockx.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-62-602-0000156.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-62-602-0000156.exe

2. Reboot into Safe mode again.

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- Locate the following files and delete them if found :

C:\Program Files\Common Files\Windows\mc-62-602-0000156.exe
C:\Program Files\Common Files\mc-62-602-0000156.exe
C:\WINDOWS\System32\lockx.exe
C:\WINDOWS\System32\msdirectx.sys
C:\xz.bat

- Locate and delete the following folder entirely:

C:\Program Files\DNS

- Empty your Recycle Bin and reboot normally.

3. Run HJT again and post the new log.

nope, its the same exact issue word for word.

i h8 this,

We ask that members not tag their questions on to a thread previously started by another member, regardless of how similar your problem might seem. Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforu...b_faq#faq_rules

Thanks for understanding.

Your log shows signs of a few different infections.

Please perform the following general cleaning procedures:

You will need to disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.

1. Run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

2. Download, install, and run the following (free) detection and removal tools (use each program's online update function before running them to make sure you have the most current updates installed).

After each utility completes its fixes, reboot before continuing on to the next utility; have the utilities fix all of the problematic/malicious items they find:

ewido Security Suite - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
Ad Aware SE Personal - http://www.lavasoftusa.com/
SpyBot Search & Destroy - http://www.safer-networking.org/

3. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- For every …

Ouch; that's a pretty heavily infested system. :(

Please perform the following general cleaning procedures:

You will need to disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.

1. Run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

2. Download, install, and run the following (free) detection and removal tools (use each program's online update function before running them to make sure you have the most current updates installed).

After each utility completes its fixes, reboot before continuing on to the next utility; have the utilities fix all of the problematic/malicious items they find:

ewido Security Suite - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
Ad Aware SE Personal - http://www.lavasoftusa.com/
SpyBot Search & Destroy - http://www.safer-networking.org/

3. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- For every user …

You have a variant of the W32/SDBot worm, as evidenced by the "lockx.exe" file mentioned in your HJT log. Please do the following:

1. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders (but not the folders themselves):

Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!

1. Cookies
2. Local Settings\Temp
3. Local Settings\History
4. Local Settings\Temporary Internet Files

- Delete the entire content of your C:\Windows\Temp folder.

- Delete the entire content of your C:\Windows\Prefetch folder.

Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, …

Hi Rat Boy,

You're running an outdated version of HijackThis (1.99.0). Please download the latest version (1.99.1) and post a new log from that version.

Hi doug2k9,

First of all- welcome to Daniweb!

1.

Logfile of HijackThis v1.99.1
Scan saved at 11:36:00 PM, on 9/30/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

The above info in your log indicates that you are sorely behind on your Windows XP and IE updates. Please use Windows' Automatic Update to download and install the most current versions of XP (or at least Service Pack 1) and IE. The updates contain many fixes for security loopholes in the system, making your system less prone to the effects of viruses and spyware.

2. Before we dig in with HijackThis, please follow the protection/detection/removal suggestions in these threads:

http://www.daniweb.com/techtalkforums/thread27519.html
http://www.daniweb.com/techtalkforums/thread27570.html

3. C:\Documents and Settings\Douglas\Local Settings\Temp\HijackThis.exe

The log entry above indicates that you are running HJT from within a Temp/Temporary folder. Please do the following:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!
Temp/Temporary folders are just that- Temporary. They are not meant for permanent storage, as their contents are often delete in the course of …