Posts by DMR

What are the exact keyboard/mouse failures or other problems that you're having when trying to get to Safe Mode? Being able to boot into Safe Mode is often necessary to do the most thorough job of disinfecting a system, so we should get you to point where you can do that as soon as possible.

I have'nt restarted the PC since then, so whether these will re-install them selves I don't know... I'm guessing they've altered my registry and are creating these on each startup

Yes- it's possible that some of the nasties might "respawn", and it's also possible that there are still registry changes which would contribute to that.

To best eliminate the chance of the infections returning, you might want to run a few more utilities such as Microsoft's Antispyware beta and CCleaner, and also do a few other online scans as well.

Our member dlh6213 has posted a lot of good information on general cleaning procedures in his thread here.

Glad we could help you get it sorted out, sldout1. :)

If your system really does appear to be "clean" now, can you please give us final confirmation on that so that we can call this one done and mark the thread as "Solved".

Thanks.

Hi rocker16x,

First of all- welcome to our site. :)

We don't troubleshoot technical problems in our Community Introductions forum, so I've moved your question to a forum which is more appropriate and will get you more responses from our other members.

Hi amelia,

First of all- welcome to our site. :)
We don't troubleshoot technical problems in our Community Introductions forum, so I've moved your question to a forum which is more appropriate and will hopefully get you more responses from our other members.

Hi funhouse,

First of all- welcome to our site. :)

We don't troubleshoot technical prolems in our Community Introductions forum, so I've moved your thread to a forum which is more suited to your question, and in which you will get more responses from our other Linux-savy members.

In terms of the problem:

As I'm sure you know, the power outage obviously corrupted one or more of your filesystems by shutting down the system before it could properly flush cached state information to disk. You are being dropped to the shell because the auto-fsck failed, and it is now basically telling you that you should run fsck manually from the command prompt.

Before you do though, it wold be good get more info on your partition and filesystem types/layouts, as running fsck incorrectly (using the wrong switches/specifying the wrong options) against a damaged filesystem could make matters worse. Also tell us what distro you're using, including hte specific version.

Hi rocker16x,

First of all- welcome to our site. :)

We don't troubleshoot technical prolems in our Community Introductions forum, so I've moved your question to a forum which is more appropriate and will get you more responses from our other members.

A couple of things to start with:

1. Is it only IE that gives you that error message, or have you had other programs exhibit similar problems as well?

2. Have you noticed any other abnormal things happening with IE that might help us narrow down the possible causes?

3. Virus or spyware infections are often the cause of crashes in IE. Have you run any scans with anti-virus and/or anti-spyware software? If so, tell us what you've tried so far. If not, have a look at this thread for suggestions on detecting and removing malicious infections.

4. Open the Event Viewer utility in your Administrative Tools control panel.

In the Event Viewer, look through the System and Application logs for entries flagged as "Warning" or "Error"; double-clicking on any of those entries will open a "details" window with more information about the error/warning. If you find any entries that seem to relate to the IE hangs/crashes that you're having, post the full and exact contents given in the detail windows.

That's OK; we'll be here. :)

Thanks for the update.

There's nothing in your log which looks directly related to the problem you're having, but there are some "leftover" entries from a previous infection or two which we should clean up.

1. You need to take care of one thing before we continue:

C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

The log entries above indicates that you had at least 2 instances of Internet Explorer running when you ran HijackThis.

Before fixing problems with HijackThis, you must make sure to close/quit ALL instances of your web browser! HijackThis cannot fully perform its fixes while browsers are running.
In general, it's a good idea to close all other programs when working with HijackThis or other spyware/virus removal tools.

2. Once you've taken care of the above:

* Scan with HJT again and have it fix:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)

* Open Windows Explorer and look for the C:\Program Files\Common Files\WinTools folder. Delete the entire WinTools folder if it still exists.

3. In terms of the problem installing programs, what exact error messages do you get when you try installations?

Hi santfekuss,

1. There's nothing suspicious in your HJT log. That being the case, can you give specific information about the symptoms you're seeing, error message you may be getting, etc.?

2. Please download and install the free trial version of ewido Security Suite.

* Run the program (the first time you do, you will receive a warning message saying "Database not found". Just click "OK"; this is normal.

* In the main screen, click "Update" and click "Start Update". This will install the detection database that the error message above refers to.

* Once the update is complete, run a full system scan. Post the resulting scan report after that; the report may tell us some things that HijackThis can't.

Hi Raelin,

Your HijackThis log shows no signs of infections, incorrect settings, or any thing else that would account for your connection problems.

Which websites in paticular are you having trouble accessing? We've had a lot of previous threads on problems with connecting to Hotmail, MSN, etc. accounts and or other sites which use secure logins. Are these the types of issues you're having?

OK- you're logs in that thread do look pretty infested. Let's keep following through with cleaning procedures in that thread for now.

In terms of the Recycle Bin problem though, you obviously don't want to empty the Bin given what you've described. Let's see if there are hidden items in the Bin:

* Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

* Locate the "Recycled" folder and double-click on it.

Does anything show up in there now that you've configured Explorer to show hidden files and folders?

OK- the error logs aren't giving us much that narrows things down, as most of them are just reporting "faulting module unknown". However- the two .DLL files mentioned in the "winlogon" errors don't look familiar, and your HJT log does show some signs of infections, so we should be able to get at least some of the problems cleared up.

There will be pieces of the infections living in areas of your system that HJT doesn't deal with though, so please go through the general cleaning procedures below first:

You will need to disconnect from the Internet for some of the following, so you'll need to print out the following instructions, or save them into a text file with Notepad.

1. Run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

2. Download, install, and run the following (free) detection and removal tools (use each program's online update function before running them to make sure you have the most current updates installed).

After each utility completes its fixes, reboot before continuing on to the next utility; have the utilities fix all of the problematic/malicious items they find:

ewido Security Suite - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
Ad Aware SE Personal -

Hi crazyquilter,

Your latest HijackThis log is incomplete; it shows only your running processes, but nothing else.

Can you please run another scan with the program and post a full log?

jasonatpanama,

Does your last post mean that swatkat has helped you fix the problem entirely?

If so, please give us a definite response on that that, as we can mark this thread as "Solved" if so.

Thanks.

Hi KingSix,

1. Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

The above entries in your log indicate that you are quite behind on your Windows and IE updates. Please use the Windows Update utility to install the most current security patches and bug fixes; installing those will fix some "holes" in areas of Windows and IE that allowed the infections to get into your system in the first place.

However- Do not choose to upgrade to XP Service Pack 2 at this point; doing so on an infected system such as yours can cause major problems. Only update to Service Pack 1 with all of that version's most current patches. HijackThis will report a properly-updated Windows XP Service Pack 1 system as follows:

Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

2. Once you've done the above, please follow these (somewhat "about:blank"-specific) spyware removal instructions; I know that you indicated that you've done at least some of this before, but please do not skip any of the steps below because of that:

* Run these specific "about:blank" removal tools and post a new HJT log once you've done that (before scanning/fixing with about:buster and CWShredder, use their online update features to make sure you have the most current updates installed):

CWShredder - http://www.intermute.com/spysubtrac...r_download.html
about:Buster - http://www.majorgeeks.com/AboutBuster_d4289.html
HSRemove - http://www.majorgeeks.com/HSRemove_d4286.html
Sp.html-Se.dll Hijack …

... is this a bad thing that i don't even have it? if it is... how would i get it back? or a new shiney one.

Oh no, you definitley don't want it back- nail.exe is a component of the Aurora infection.

The error regarding nail.exe is due to a partial removal of the Aurora infection which left "dangling reference" to the nail.exe file in particular.

Please do as dlh6213 suggested in terms of posting a new HijackThis log.
Doing so will give us a pretty good idea of what progress the removal steps you've already taken have made, and what further work we need to do.

Also- please do keep all of your questions/responses/etc in this thread. We (the moderators) honestly just don't have time to track the multiple threads you've started on this problem and things related to it.

Thanks.

is it related to the other problems i've been having?? what with viruses and spyware?

Which other problems?

If you've posted threads relating to those problems, please give us links to those in your next post in this thread.

If not, please descibe the "other problems" in detail in your next post in this thread.

Hi berlyniki,

First of all- welcome to our site :)

1. Buffer overrun errors in rundl32.exe do not necessarilly mean that infections are at the root of the problem, although they certainly can be. Please do the following to see if we can find more specific info on the exact cause (this assumes that you are using Win 2000 or XP):

* Open the Event Viewer utility in your Administrative Tools control panel.

* In the Event Viewer, look through the System and Application logs for entries flagged as "Warning" or "Error"; double-clicking on any of those entries will open a "details" window with more information related to the general rundll32 error/warning. If you find any entries that seem to relate to the hangs/crashes that you're having, post the full and exact contents given in the detail windows.

2. If that yields nothing useful, please post a HTJ log for us to review:

Download the (free) HijackThis utility:

http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe

Once downloaded, follow these instructions to install and run the program:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder …

Looks good now. :)

Judging from the history of references to downloaded games and the like in your logs though, I'll put this out there:

Many of the sites/companies that offer games and other such "free" downloads need to make money on their offerings in some way, and they often do that by bundling their downloads with adware/spyware components. At the very least, you should look carefully at the privacy and terms of use agreements of such products before downloading/installing them.

Thats good to know ,will knoppix recognize a USB Burner if there isn't a internal burner .

Yes, the latest version of Knoppix should, although older versions may not.

No, unfortunately it didn't. This forum usually sends me an auto-notification email whenever someone responds to a thread I'm working on, but that feature stopped working for me about a week and a half ago. Since then I've had to track my threads manually, meaning that some have slipped through the cracks. :(

1. I honestly don't see anything obviously problematic in your log; it all looks normal as far as I can tell.

2. Concerning AVG's alerts about changes in the Partition Table:

* That isn't something that a HijackThis log would give any direct clues on, but judging from what the log does show in regard to the programs you're running, I don't see any possible suspects there.

* Certain types of legit programs such as third-party boot managers or "drive overlay" utilities will alter info in the MBR, but I don't get the feeling that you're using any such tools.

* A Boot Record virus is definitely a possibility. As we can't seem to get the exact name of the possible virus from AVG, look into the info on, and suggested fixes for, boot record viruses in general given in the links of the following Google search:

http://www.google.com/search?hl=en&lr=&q=%22boot+record%22+virus+remove+&btnG=Search

No way am I going to Vegas in 120+ degree heat. :eek:

120+?? Yoiks! I don't blame you; I'm having a hard enough time with mid/upper 90s that we've had in my area for the last two weeks...

Do keep us posted though; it would be interesting to see how things turn out.

That's much better now; I don't see any obvious nasties in your latest log. Good job. :)

1. I'm always a bit suspicious of things like the following; is Video Strip Poker a program you knowingly installed?:

O4 - HKLM\..\Run: [Microsoft Tray] C:\Documents and Settings\JDG\Desktop\Josh\My Shared Folder\Video Strip Poker 2002.exe

2. About the O23 - Service: SmartFinder Uninstall entry:

In my last post I forgot to include instructions on what to do if you get the error about a service being in use. Basically, we need to disable the service before HijackThis can delete it:

* Open the Services utility in your Administrative Tools control panel.

- In the list of services, locate the service named "SmartFinder_Uninstall" and double-click on it.

- In the General tab of the Properties window that opens, click the Stop button.

- Once the service is stopped, choose Disabled in the "Startup Type" drop-down menu and then click OK. Close the Services utility after that.

* Once you've done the above you should be able to go back into HijackThis and repeat the service deletion procedure:

- Click on the "Config" button in the lower right corner of HijackThis' main window.

- In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Type the following in the box and click OK:

SmartFinder_Uninstall

- Close HijackThis

...someday I will need all this info!!

Yeah, the Linux method is pretty handy in situations where Windows-based tools just don't work. In terms of grabbing the data off of a hosed drive, the Knoppix package does also have burning programs, so if you've got another CD-ROM in the system you could burn the data to discs locally.

Hi Jayden,

Your log does show a couple of signs of infections, and there may be other components of malicious infections hiding in areas that HijackThis does not scan as well.

Please do the following and post a new log when done:

You will need to disconnect from the Internet for some of the following, so you'll need to print out the following instructions, or save them into a text file with Notepad.

1. Run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

2. Download, install, and run the following (free) detection and removal tools (use each program's online update function before running them to make sure you have the most current updates installed).

After each utility completes its fixes, reboot before continuing on to the next utility; have the utilities fix all of the problematic/malicious items they find:

ewido Security Suite - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
Ad Aware SE Personal - http://www.lavasoftusa.com/
SpyBot Search & Destroy - http://www.safer-networking.org/

3. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder …

So ,Im gessing that along with the knoppix cd [witch i have ]]you need a good drive to copy to ,right ,like if the computer is not on a network ,you would need to add another drive to the computer to copy the data to , right .

Yes- you're right. In my case, the client did not have a second hard drive in the system (but I brought a spare one with me just in case). He did have a USB "keychain"-type flash drive which Knoppix detected just fine, but it was one of the older 256M version; once we discovered that Knoppix could read the entire contents of the hosed Win drive, we needed a larger backup device than that.

Since Knoppix was able to see the shares on the networked Win computer, we decided to go that route; ti made more sense since the end result of that method was that the client has all of his rescued data backed up ontp one of his computers/drives.

i told him it probably boiled down to the memory possibly having gone bad. somehow i get the impression he doesnt believe me cos hes taken the PC to work with him. he's a trainee PC technician.

he thinks its got something to do with the graphics card or the motherboard again. suppose anythings possible really in todays world of computing though i have to agree with you about the 0x8E errors (read two or three books over the last few days about these).

I understand what you're saying. I've worked with a lot of techs who misdiagnose a problem simpy because they don't keep an open mind and consider all of the options, or because in their training they were told that problem "X" is 99.9% of the time due to failure "Y", and they take that as "gospel".

However- he might very well be right. Microsoft really isn't very good at publishing the exact reasons for many of their STOP errors, but both RAM and video problems/conflicts are often listed as probable suspects for many of those errors. Part of the reason for that is that it's not uncommon for systems to dedicate/set aside a portion of general RAM for graphics use only; this obviously ties the two together in a way that can't be separated without further and more in-depth testing.

Regardless of the outcome, keep us posted. Any further information that you can post will obviously be helpful to our members as a whole.

The hd is now in Las Vegas...

Hmm, I see... and gambling away all of its free GigaBytes too, yes? There's the problem. :mrgreen:

to be honest I didn't even consider the Linux option....
... All I got from him was that the drive would not boot up due to a virus. He stating trying to boot up as a slave, but that didn't work as well. So there you have it.

Your post is strangely timely- I've just gotten back from a service call involving a corrupted Windows XP drive that contained all of a client's business data; contact info, billing info, the whole works. Nothing he had tried before I visited (booting into the Recovery Console from the XP CD, going through the computer's built-in factory diagnostics with a Dell support tech, etc.) had worked.

He had called to schedule the appointment a couple of days ago, so in the mean time I'd gone and downloaded the iso of the lastest version (3.9) of Knoppix Linux and burned it to CD. The CD is a "live" CD, meaning that the OS boots from CD and runs entirely in RAM. It doesn't use/need a hard drive at all, but it does support and understand Windows-formatted (FAT/FAT32/NTFS) drives

When I got to the client's site I stuck in the Knoppix CD, booted from it, and it automagically detected the crippled Windows hard drive. It also auto-detected and configured his network card, so I just set up …

I am not even able to get into the BIOS setup any longer.

Hmm- that's obviously not good.

1. You could try a "brute force" BIOS/motherboard reset:

* Unplug the AC power cord from the machine
* Remove the CMOS battery (the small, flat wristwatch-type battery) from its socket on the motherboard.
* Let the system entirely discharge by leaving it unplugged and with the battery removed for an hour or so.
* Reinstall the CMOS battery, plug the power back in, and start it up again.

2. If the reset doesn't work, remove all non-essential components (extra RAM modules, network card, sound card, CD-ROM drives, etc.) and see if the system boots. If so, start replacing the components you removed one by one. If the system only stalls when one particular component is installed, chances are pretty good that the component is faulty and needs to be replaced.

Yeah; P-IIs are worth ziltch these days to begin with, and given how old the machine must be, you might not be too far away from seeing signs of failures in other components in the beast.

Your thread won't get buried, but please bear with us.

We're a bit shorthanded helper-wise in this this forum right now, and the flood of "spyware"-related problems posted here are a rising at a pretty fast rate.

1.

Would it basically be like having the computer from when I got it with nothing really on it?

Yes, a full "clean" reinstallation would mean starting all over again; you would have to reinstall and configure Windows and all of your programs from scratch.

2.

how would you recommend I do it exactly. What files should I save (what exactly would be critical, word and excel files type thing?

I can't really give you exact information on what you would need to save or instructions on how to do that, because that would depend on exactly what you use your computer for.

Things like Excel and Word documents are obviously things people normally need to save, but you may also have other items that you want to keep such as your address book, your email files/folders, Quicken or Palm Pilot files, MP3s, etc.

If it really does turn out that rebuilding the system is your best (or perhaps only) way to get it back to a clean state, you should get help from someone who is familiar with doing data backups and system restoration. That may even mean paying a computer tech to do the job, but if your data is critical, the cost of doing the job correctly would be justified.

3. The anti-spyware utilities that you've run should have done a much better job of removing your infections, but judging from the logs you've posted it doesn't look …

Had a problem with motherboard built in LAN driver...

That would do it. Good job on finding that :)

To start with- when you post, please use full words and sentences.

The lack of proper punctuation in your posts, combined with your use of contractions and substitutions (such as using "n" instead of "and", "4" instead of "four", "2" instead of "to", etc.) makes your posts more than a bit difficult to follow.

- Your description of your network setup is still unclear. For example, you said: " the comps r both 'client' n the host comp can ping itself". What host? What clients? You originally said that you have two computers, but what I just quoted above makes it sound like there are three. Please clarify.

- How are the computers networked together? You didn't tell us if you're using a router or switch, or if the computer are simply connected directly together with an Ethernet cable.

- If one of the computers can't even ping its own IP, that is a problem. On both computers, please run the following command from a DOS window and post the results that the command gives you for each machine:

ipconfig /all

1. I don't see anything suspicious in the HJT log. However, HJT isn't meant to be used for diagnosing program crashes in general, so it's quite possible that you do have a legit problem somewhere.

Open the Event Viewer utility in your Administrative Tools control panel.

In the Event Viewer, look through the System and Application logs for entries flagged as "Warning" or "Error"; double-clicking on any of those entries will open a "details" window with more information about the error/warning. If you find any entries that seem to relate to the program hangs/crashes that you're having, post the full and exact contents given in the detail windows.

2. I only mentioned the battery mostly because of the time/date weirdness, but also because of the freezing even before Windows has started. The battery might not have anything to with those problems, but as you said- new ones are cheap, so it can't hurt to try the replacement.

i dont think that this is software related more like hardware now.

Yeah- if it even bombs during a reformat, that does start ot point toward hardware.

Check your RAM first; Microsoft lists that as the primary cause of 0x8E errors, especially if they happen during the setup/reinstall process.

- Download and run the free memtest86 RAM-testing utility. It runs from a bootable CD or floppy, and it will do a pretty thorough battery "stress tests" of your RAM and give you the results of any errors it finds. Let the test cycle run for a few hours or more for the best results.

- If you've got more than one RAM module installed, run the computer with only one of the modules installed at a time. If you find that the system only crashes when one particular RAM module is being used, replace that module.

Yeah- you'll definitely need something better than a soundblaster card if you want the finished product to sound more "pro".

There are two versions of Pro Tools that you might want to check out- the "LE" version, and the "M-Powered" version. Digidesign has a pretty informative run-down of both packages on their website.

The hardware peripherals available for those systems are much more affordable than the hardware associated with full-blown TDM Pro Tools rigs. There's also a decent range of specific devices to choose from, so you should be able to put together a hardware package that fits your recording needs (sufficient mic/line inputs, etc.) without putting you in debt for life.

The software part of the packages should definitely have enough virtual tracks, effects plug-ins, and other "bells 'n whistles" to give you a good, pro-sounding mix.

... I addressed them in my first post...

My apologies- I've been experiencing some problems accessing this site for the last week or so, which has made it a bit difficult for me to correctly follow all of the threads I've been working on.

However: you mention DNS problems, and determining if your problem lay in that area was exactly why I asked you to try the pings (both by IP and URL) of Google at the times that your browers were not able to reach that site. A ping by URL relies on DNS in the same way that a browser request for a URL does; if a URL ping works, but a browser's site request by URL does not, it's usually indicative of the fact that DNS-related functions are working.

When I rebooted I first noticed the date was set back all the way to 2004... strange that freezes would occur before Windows even started loading, and also as it was loading. I even set my BIOS setting to fail safe defaults,

Given all of that, I would be supicious of a failed CMOS battery or the like. If you've seen the freeze occur before Win even starts to load, that would be indicative of a problem whose cause lies at a lower level than Windows or relae software/drives.

The "cmdcons" folder will exist on your system if the option to run the Windows Recovery Console from the hard drive was installed by the person/company that built your computer.

1. Open the Event Viewer utility in your Administrative Tools control panel.

In the Event Viewer, look through the System and Application logs for entries flagged as "Warning" or "Error"; double-clicking on any of those entries will open a "details" window with more information about the error/warning. If you find any entries that seem to relate to the IE hangs/crashes that you're having, post the full and exact contents given in the detail windows.

2. You can try running the free IEFix utility; it won't hurt anything

3. Regardless of the tools that you've already run, infections might still be responsible for the problem. Download/run the lastest version of HijackThis and post the log it generates:

Download the (free) HijackThis utility:

http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe

Once downloaded, follow these instructions to install and run the program:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the …

Post whenever you can; we're not going anywhere... :mrgreen:

I agree with your brother on this one: a P-II certainly has no real value anymore, so it isn't worth dumping any $$ whatsoever into fixing it given that new machines are pretty cheap.

The update to the video drivers would definitely be a prime suspect. Go into video card's Properties windows in Device Manager, click on the Driver tab, and try the "Roll back dirver" option.

If that doesn't work, you may be able to use System Restore to roll the entire system back to a date just prior to when you started getting the STOP errors.

As you might have noticed from the logs you've posted, your system is very seriously infected. Given that, I'm going to toss out the suggestion that it might be more efficient time-wise to back up your critical data, reformat the drive, and do a fresh install of Windows.

If you don't want to (or can't) go that route, though:

1. You will need to disconnect from the Internet for most of the cleaning procedures, so you should print out the following instructions or save them into a text file using Notepad:

2. In addition to your current utilities, also download these programs if you don't have them already:

ewido Security Suite - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en

Open each of your anti-spyware tools and use their online update features to get the most current updates installed. Do not run scans/fixes with the utilities; just close them after they finish updating.

2. Your logs consistently indicate infections in certain areas your system that the removal programs are not doing the job of cleaning; you should manually clean these out yourself:

- Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up) and log in as the administrator or a user who has administrator permissions.

- Open Windows Explorer, and in the Folder Options->View settings under the …

Since your system appears clean now, you might want to flush out your old System Restore points and set a new, clean Restore Point. More information on why you should do this, and instructions on how to do it, can be found here.

That's better, but there's a bit more cleaning to be done.

1. Download the Killbox utility and save it to your desktop, but don't run it yet.

2. Run HJT again and have it fix:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {D62594E2-75A1-6B2B-4FAE-446C6B595631} - C:\WINDOWS\system32\crys.dll
O2 - BHO: Class - {F197B1B9-0AAF-D47B-4EDC-FF4944D4BD3C} - C:\WINDOWS\nthr32.dll
O4 - HKLM\..\Run: [iecp.exe] C:\WINDOWS\system32\iecp.exe

3. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).

- Open the Killbox.

A) In the "Full Path of File to Delete" box, copy and paste the following:
C:\WINDOWS\system32\iecp.exe

- Select the "Delete on reboot" option and then click on the button with the red circle with the X in the middle.

- Click Yes at the Delete confirmation prompt.

- Click NO at the next request to actually reboot.

B) In the "Full Path of File to Delete" box, copy and paste the following:
C:\WINDOWS\system32\crys.dll

- Select the "Delete on reboot" option, but this time also select the "Unregister dll before deleting" option.

- Click on the button with the red circle with the X in the middle.

- Click Yes at the Delete confirmation prompt.

- Click NO at the nxt request to actually reboot.

C) Repeat step …

There are talented troubleshooters on many of the online support forums, but there's really no way that I could know who will definitely be able to fix your particular problem. It's obviously usually more difficult for any online person to diagnose a problem than it is for a technician who can physically work on the computer; you might want to find such a person in your area and have them take a look at the problem.

However, since you said that both pings worked while your browser wasn't working, I'd look into that further first:

- Download and install a different browser and see if it exhibits the same symptoms.

- Reinstall/repair your current browser. If you're using Internet Explorer right now, you can try the free IEFix utility.

1) a broadband router and zonealarm and AVG(with current updates)... is it sufficient in itself? (Exlcluding reckless usage)

That's a good start, but there's more that you can do in terms of overall protection. There's more information on that in this article.

2) Why is it not advisable to have Avast and AVg running together?

The answer is basically that because the two would be trying to perform the same jobs at the same times, they may conflict with each other's actions. For example, one anti-virus program could interpret the other program's scanning and/or fixing as "suspicious activity" and try to block it.

3) Zonealarm and my expired Norton Internet Security together?

Having an expired version of security or anti-virus products is pretty much useless; renew the Norotn subscription if you plan to continue using that product. In terms of using Norton and ZA together, you can, but if you do you shouldn't use the firewall component of Norton's package. As with running two anti-virus programs, running two firewall programs can cause conflicts and confusion.

Hi civic,

1. Your current log definitely does show signs of infections, but you're using an older (1.98.0) version of HijackThis which does not examine all areas of possible infections on an XP system. Please download the most current version of HJT (1.99.1) from teh link in my sig below and post the log that new version gives you.

2. Also- before posting the new log, please perform the general cleaning and protection procedures described in the following threads before we dig into taking care of the leftovers of your specific infections with HijackThis:

http://www.daniweb.com/techtalkforums/thread27570.html

http://www.daniweb.com/techtalkforums/thread27519.html