Posts by DMR

What exactly did happen when you tried to download Nailfix from my FTP site? I tried the download myself as a test and it worked fine.

O4 - HKCU\..\Run: [AutoUpdate] C:\Program Files\Serials3k\s3k_autoupdate.exe

alright this is a program i download because spyware doctor detect a lot of spyware but to clean the spyware i need to regist it and this program auto update itself to get the last version of the serial of many kinds of programs.

Yes, I know what Serials3k does; that's why I asked for more information.

Unfortunately, because you are using a keygen/serial code crack program to avoid registering/paying for Spyware Doctor, we can no longer help you; it violates one of our terms of use here. From our Posting Rules:

"...do not post anything warez relaetd or related to other illegal acts. This includes tech support troubleshooting pirated software or P2P programs (i.e. Gnutella, Kazaa) used to obtain pirated software."

Because of the above, I'm closing this thread now.

However, I will suggest some free alternatives to Spyware Doctor so that you don't have to worry about this issue in the future:

Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
Ad Aware SE Personal - http://www.lavasoftusa.com/
SpyBot Search & Destroy - http://www.safer-networking.org/

If I've misunderstood you, or you feel my action to be a mistake, please feel free to contact me via PM.

Thank you for the quick advice.

You're welcome Todd.

Unfortunately, I am not able to Download Nailfix (http://www.noidea.us/easyfile/file....050515010747824) as for the past 3 hours I continue to receive the message "cannot find server." Is there a way to address the issue without Nailfix? or is there another way I can get the zipfile for Nailfix?

You definitely need the Nailfix program, but the site I linked to does seem to be down; I can't reach it either.
Try this alternate download from my FTP site; it should work for you.

...my computer very very very slowly is being scanned by Ewido in safe mode (12% finished after 3 hours).

Erm. that doesn't sound right. The scan should take nowhere near that long, but let it go anyway. Regardless, once you download the Nailfix program, you should repeat the ewido scan as per the entire removal process I posted earlier.

If the 'puter has been wiped and Windows has been freshly reinstalled, then you're probably right- the Dell Diag. partition might very well have been deleted.

You said that you were able to find msconfig. Were you able to run it and use it to trim down your startup time?

Hi Finman101,

First of all- welcome to TechTalk. :)

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

Thanks for understanding.

Hi GoodmanHR,

1. dlh6213's assesment of your log looks pretty much right to me, however, I'd like more info on two items in your log if possible:

O4 - HKCU\..\Run: [AutoUpdate] C:\Program Files\Serials3k\s3k_autoupdate.exe

and

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

2. In terms of your question of Spyware having possibly damaged your drive, the answer is almost certainly no, at least in terms of physical damage. Of course, that assumes that the clicking you hear really is the drive, although that would be the most likely suspect; not much else in a system other than drives makes mechanical noises.

There are tools to test drives, and most drive manufacturers provide those as free downloads. Give us the make and model of the drive and I'll try to give you a link ot the apprpriate utility.

I've moved this to our Viruses and Nasties section, where you will get the appropriate help.

Thanks CatWeazle. :)

porquat,

Let's start with the following so that we can get an initial idea of exactly which infections have invaded your computer:

Download the (free) HijackThis utility:

http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe

Once downloaded, follow these instructions to install and run the program:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

Congratulations; that's a clean log! :)

I wouldn't worry about the items that you couldn't find. They should have been fixed in the course of the cleaning proceedures, but I was just having you double-check to be sure.

Now that your log is clean, you might want to do the following to tidy up any loose ends:

Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders (but not the folders themselves):

Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!

1. Cookies
2. Local Settings\Temp
3. Local Settings\History
4. Local Settings\Temporary Internet Files

- Delete the entire content of your C:\Windows\Temp folder.

- Delete the entire content of your C:\Windows\Prefetch folder.

Note- If you get any messages concerning the deletion of system files such as desktop.ini or …

1. Your log still has a reference to a piece of the Aurora infection, as well an indication of another infection.

Please close all open programs and Explorer windows, run HijackThis again, and have it fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tzikdoqiht.com/oa6dWnq7G..._FnD4pp4vxS.htm
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

2. Once HJT completes the fixes, open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

Search for C:\WINDOWS\Nail.exe and delete it if it still exists.

3. Empty your Recycle Bin, reboot, run HJT again, and post a fresh log.

4. In terms of protective measures that you can take to minimize your chances of infection, here are a few suggestions (some of which you've already got in place):

1. Enable Windows Automatic Update function to keep your system as up-to-date as possible with the most current Microsoft security and bug fixes.

2. Stop using Internet Explorer as your web browser. Because IE is so closely tied into the Windows operating system itself and contains so many security flaws, switching to another browser such as Netscape, Firefox, or Opera will reduce the avenues through which spyware/adware/hijackers/etc. can infect your computer.

3. Install preventative utilities such as SpywareBlaster and SpywareGuard (links are in my sig below), especially if you absolutely have to …

In terms of posting a HijackThis log:

I definitely agree that leaving the infected computer offline is a good idea; some of these nasties will "phone home" to redownload themselves if they aren't entirely removed from your system. To get around this, you can save the HJT log as a text file in Notepad, copy it to a floppy/CD/whatever, take it to another computer, and post it from there. Please do that when you can; the log might give us some info on the new infection(s) you have.

If you haven't installed Microsoft's AntiSpyware beta yet, you might want to do so; it's a good compliment to SpyBot, ewido, Ad Aware, etc. If you don't want to download it directly onto the infected computer, download it elsewhere, burn it to CD, and install it on the infected comupter that way.

Due to the fact that the member who originally started this thread has not responded for almost 1 year, this thread is considered abandoned and has been closed.

In accordance with our posting rules, other members having similar problems should start their own threads and post their questions there. In order to help us help you most quickly, please include as much information about your problem as possible in your posts.

If the member who originally started this thread wishes to have the thread reopened, please send your request, including a link to this thread, to one of our moderators via email or Private Message.

Thank you.

Hi 14G_Tiger,

First of all- welcome to TechTalk!

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

Thanks for understanding.

Hi kashres, welcome to our site. :)

Your log does shows signs of Aurora, as well as few other "unwanted guests". However, we need to take care of one thing before proceedign with the fixes:

C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

The log entry above indicates that you are running HJT from within a Temp/Temporary folder. Please do the following:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!
Temp/Temporary folders are just that- Temporary. They are not meant for permanent storage, as their contents are often delete in the course of troubleshooting, by running disk clean-up utilities, etc.
-----------------------------------------------------------------------------

The following procedure is the standard Aurora fix; it should also clean up some, if not all, of the other infections. Please follow the instructions carefully and fully:

You will need to disconnect from the Internet for most of the cleaning procedures, so you should print out the following instructions or save them into a text file using Notepad.

Download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install …

As the member who originally started this thread has not responded in well over a year, this thread is considered abandoned and has been closed.

In accordance with our posting rules, other members having similar problems should start their own threads and post their questions there. In order to help us help you most quickly, please include as much information about your problem as possible in your posts.

If the member who originally started this thread wishes to have the thread reopened, please send your request, including a link to this thread, to one of our moderators via email or Private Message.

Thank you.

Hi PicX, welcome to our forums. :)

Please see my posts above regarding the need to start your own thread for your question. Please follow the advice I gave, and we'll help you out from there.

OK- you've confirmed that 192.168.1.1 is the correct IP for the router, so:

1. With the computer connected to the router:

- Under your Start button, go to Programs->Accessories and click on Command Prompt.

- In the resulting DOS box/window, type "winipcfg" (omit the quotes) and then hit Enter.

- Post the information that the command gives you.

2. Did you try configuring you computer with the static IP info I posted above? If not, please do that. Once done, see if you can at least ping the router's IP address:

- Open a Command Prompt window again, type the following command, and then hit Enter:

ping 192.168.1.1

If the ping works, you should get a response similar to the following:

Pinging 192.168.1.1 with 32 bytes of data:

Reply from 192.168.1.1: bytes=32 time=1ms TTL=254
Reply from 192.168.1.1: bytes=32 time=1ms TTL=254
Reply from 192.168.1.1: bytes=32 time=1ms TTL=254
Reply from 192.168.1.1: bytes=32 time=1ms TTL=254

Ping statistics for 192.168.1.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms

If it fails, give us the error message.

i'm 200kms from civilization at a fly-in fishing resort so if i have to return it i'll have to wait for the next flight out of here and mail it.

Lol. In all of my years of doing tech support, that has to be the best (or worst) excuse I've heard yet. :cheesy:

Seriously though- it's quite possible that the router is defective, but don't abandon that sort of fishing trip just to return it. I need to log off for the night now, but I'll follow up with this tomorrrow

i didnt installed some things cuz i tought it was useless....

That isn't going to help us help you to get your system clean. If we suggest that you do/install/run something, please do it. We're not going to suggest that you do anything that will cause you problems, but if you don't follow our suggestions fully, and give us full feedback about what happened during the process, we're not going to be able to do our job.

Hi leventib,

First of all- welcome to our site :)

In terms of the HijackThis log you posted- it shows no signs of infection as far as I see; it's actually a very clean log. Given that, and the other problems you described, it sounds like the problems you're experiencing are of a more general nature.

Can you give us anything more specific to go on concerning when the problems started to occur, what you might have done already to try to fix them, etc.?

1.

i did all that already ...

I didn't know that; you didn't mention it in your last post. Also- if you did do everything I suggested, your latest HJT log does not reflect that. I see no signs in the log that you've visited the online scan sites I linked to, nor do I see any indication that you've installed ewido or MS AntiSpyware beta.

2.

if u have msn ... plz ADD me and help me ! i am kinda CRAZYYY and desperate ! plz ^^

I know that your need to solve your problem is urgent, but in all honesty, it's no more urgent that any of our other members' needs to solve their problems; please be patient. Also understand that those of us who work here are voluneers; we help people here on our own free time, and we do not get paid to do so.

I would like to thank all who helped. Without volunteers many peoples' computers (including mine) would be ruined. Thanks.

First of all- thanks for the appreciation, and you're welcome. :)

The version of ewido you downloded is only a trial version. Some of its functionality will expire after the trial period, but it's still worth keeping around, as the full system-scanning part of it will still be available to you.

MS AntiSpyware and Ad Aware are also good programs to keep in your "toolbox".

OK- unfortunately, that particular error message doesn't contain any specifics that could help us. Please work through the rest of the suggestions I posted previously and get back to us with the results (and, of course, a new HijackThis log).

I am trying to follow your iinstructions the best I can.

Please understand that the instructions we give should be followed exactly, completely, and fully in order to entirely kill the infections. If you only complete part of the removal processes, or perform them in an order other that specifiied, some components of the infections will remain on your system and may enable the infections to "resurrect" themselves.

Please do the following:

1. In addition to ewido, download and install the following utilities. Use each program's online update function before running them to make sure you have the most current updates installed:

Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
Ad Aware SE Personal - http://www.lavasoftusa.com/
SpyBot Search & Destroy - http://www.safer-networking.org/

Run a full scan with each utility (the order doesn't matter). After each utility completes its fixes, reboot before continuing on to the next utility; have the utilities fix all of the problematic/malicious items they find. If you find that the utilities can't fix something, try running them in Safe Mode instead.

2. Boot into Safe Mode again and repeat the ewido/NailFix procedure dlh6213 described ealier, but do not reboot; stay in Safe Mode.

3. Run HijackThis again and have it fix the following entries. (The names of the "04" entries may have "morphed"; these infections can do that in order to make them harder to find and delete. ):

F2 - REG:system.ini: …

Hi LisaMichele,

You need to start your own thread for your question. When you do, please describe the problem you're having in as much detail as possible, and also do the following:

Create a folder outside of any Temp/Temporary folders for HijackThis and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

What's the exact model of Linksys router? Most of their gear uses 192.168.1.1 as the default IP, but some models use other IPs.

Before doing a full reinstall, you can try a Repair install. The repair process will replace your damaged/infected/missing Windows system files with fresh copies from the CD, but will (or at least should) leave your programs and data intact.

Step-by-step instructions for doing the repair can be found here:
http://www.michaelstevenstech.com/XPrepairinstall.htm

The following is a specific fix for the Aurora infection, but it should clean up some of the other infections evident in your log:

You will need to disconnect from the Internet for most of the cleaning procedures, so you should print out the following instructions or save them into a text file using Notepad.

Download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Download Nailfix from here:
http://www.noidea.us/easyfile/file.php?download=20050515010747824
Unzip it to the desktop but please do NOT run it yet.

Next, reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml

Once in Safe Mode, double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then run Ewido, and run a full scan. Save the logfile from the scan.

Next run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except …

First of all, please do the following:

Download the (free) HijackThis utility:

http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe

Once downloaded, follow these instructions to install and run the program:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

My Anti-virus keeps finding a couple of problems, so does Spybot and Ad-Aware occasionally.

I see a couple of things in your log that don't look quite right, but nothing explicitly malicious. Can you give us specifics as to exactly what your a-v program, SpyBot, and Ad Aware find and the locations (folders) in which they find problems?

First of all, we'll be able to help you much more quickly if you include the full and exact text of any error messages you get instead of just stating: "pop up the messege Generic Host Process for win 32 bla bla bla bla". Regardless of how cryptic the full information in an error message might seem; it can be helpful to us.

Your log does indicate some signs of infections, and I'll bet there are more "nasties" on your system than HijackThis is reporting.

- You have SpyBot installed. Make sure you have the most current version of the program and run a full system scan. Also do the following:

1. Run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

2. Download, install, and run the following (free) detection and removal tools (use each program's online update function before running them to make sure you have the most current updates installed).

After each utility completes its fixes, reboot before continuing on to the next utility; have the utilities fix all of the problematic/malicious items they find:

ewido Security Suite - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
Ad Aware SE Personal - http://www.lavasoftusa.com/
SpyBot Search & Destroy - http://www.safer-networking.org/

…

Hi stretch85 ,

First of all- welcome to TechTalk!

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

If you would like us to help you with your particular problem, please start your own thread in this forum and we'll take it from there. In your post, please include as much information as possible about the infection and what you've done so far to try to remove it.

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

Thanks for understanding.

ermm u said no infections ?... i deleted the infected file from C:\WINDOWS\system32\spool\PRINTERS before my 1st post (that i did with Trend AV help)...

Yes, but the infections you had were something you took care of before you posted here.

However, we didn't work on any malicious problems in this thread; we were solving a Windows problem not related to viruses/spyware/etc. Because of that (and this is purely from a forum organization/maintenance standpoint), I moved the thread to a forum more fitting the actual problem that was solved.

OK- that's a clean log now. :)

In terms of the file and folder you didn't find, they could have been cleaned/deleted already, although after a quick review of this thread I don't see any proceedure we performed that would have done that.

Just to make sure that loose ends are cleaned up, you should probably do the following:

1. Get the lastest updates for your SpyBot and Spyware Doctor programs and run full scans with both of those.

2. In addition to those utilities, do the same with these:

ewido Security Suite - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
Ad Aware SE Personal - http://www.lavasoftusa.com/

After each utility completes its fixes, reboot before continuing on to the next utility; have the utilities fix all of the problematic/malicious items they find.

3. To sweep up the final crumbs, download and run CCleaner.

Hi,

I am wondering if you carry a cell phone with you or a wireless phone, or perhaps always use some electronic gadget where you are at.

That's always a possiblity. One of the problems with wireless computing is that a heck of a lot of other wireless devices use the 2.4GHz transmission band, and their interference can play holy hell with your connection.

I was visiting a client a few months ago and he was telling me about all of these weird, random connection problems he'd been having lately. It turns out that in the process of rearranging his office a few weeks prior, he'd stuck his wireless router on a shelf directly above his cordless phone's base station. Bingo, we had a winner! Move router away from phone, problem solved. :mrgreen:

It wouldn't look good if everyone would delete their old posts. If you delete some posts here and there, threads would change and possibly good content would disappear. It would also make threads hard to follow if some posts would refer to other post that would not be there anymore.

Right on all counts, belama. :)

If a member does need a post deleted for some reason, they can PM their request to one of the forum moderators and we'll take care of it.

Definitely can't browse, use AIM or anything when the connection isn't working. The system as far as I can tell is perfectly clean. Any other ideas??

So you can't even ping a website, right?

A few suggestions and questions to try to isolate the source of the problem:

1. Are you going through a wireless Access Point connected to a wired router, or are you just using a wireless router? Please post the exact makes/models of your wireless devices.

2. When the Internet access dies, can you at least ping the IP of the router and/or Access Point, or the IPs of any of the other computers on the internal network?

3. Check your system log files to see if Windows is recording any error messages related to the connection drops in those logs:

Open the Event Viewer utility in your Administrative Tools control panel.

In the Event Viewer, look through the System and Application logs for entries flagged as "Warning" or "Error"; double-clicking on any of those entries will open a "details" window with more information about the error/warning. If you find any entries that seem to relate to network errors, post the full and exact contents given in the detail windows.

4. To determine if the problem lies specifically with your wireless connection or with your network software in general, connect the laptop to the router via an Ethernet cable and see if you still experience the problem.

Note: Since this problem turned out not to be related to malicious infections, I'm going to archive it in a more appropriate forum now.

You're welcome; glad that worked. :)

The problem could happen again at some point. If it does though, just do the fix again.

ok, when i looked for C:\Documents and Settings\Owner\Application Data\eetu.exe i did show hidden folders. I looked for it again and couldn't find it. I couldn't find C:\WINDOWS\system32\iosdt either.

Are you sure you had Windows Explorer set to show hidden files and folders as I described in my last post?

I tried to fix O23 - Service: distributed.net client (dnetc) - Unknown owner - C:\WINDOWS\system32\iosdt\iosdt.exe (file missing)
and then when i did that next step... it said it was still running. ...if its not that serious i'll just leave it.

You should never leave a piece of an infection active on your system, because many of these infections can "heal" themselves if you don't totally kill them.

If the "dnetc" service is still reported to be running, you need to disable it before it can be removed:

1. Open the Services utility in your Administrative Tools control panel.

2. In the list of services, locate the service named "distributed.net client" or "dnetc" and double-click on it.

3. In the General tab of the Properties window that opens, click the Stop button.

4. Once the service is stopped, choose Disabled in the "Startup Type" drop-down menu and then click OK. Close the Services utility after that.

5. Run HijackThis and try delting the service again:

Click on the "Config" button in the lower right corner of HijackThis' main window. In the next window click on the "Misc Tools" button …

OK- just skip the online scanners and start from step #2. Post a new log after you've run the anti-spyware utilities and cleaned out the folders I listed.

1. The things I posted about the spoolsv CPU usage were just some suggested fixes for a few of the common causes of the problem. If you've never installed any printer/fax/etc. software, I doubt they'll apply in your case. I'd check out the possibilities anyway; if you (or anyone else) has ever used a printer on the machine, software/driver issues could be the problem.

2. In terms of the "Trying to access the Internet" messages, those can be misleading sometimes. Many processes/programs open up/listen on network ports on your local computer, but that doesn't necessarilly mean that those programs are trying to access the Internet. Personal-use firewall software often only reports the overly-simplified "Trying to access the Internet", probably because a more technical differentiation would just confuse the average user.

It's definitely not spyware as this computer is fairly new and has been cleaned of anything it had on it using HiJack This, Spybot S&D, etc

Don't rule out the possibility of malicious infections; I've seen perfectly clean systems get infected after less than 30 minutes of being online.

When you loose the ability to browse:

- See if you can reach sites by their actual IP addresses instead of their URL. For example, if you find that you can't reach http://www.google.com, put the following in your browser's location/address box instead and see if the Google home page comes up:

http://66.102.7.147

- If you can't reach a site through your browser, see if you can at least "ping" the site. Again using Google as an example:

- Under your Start menu, go to Programs->Accessories->Command Prompt.

- In the DOS window that opens, type the following command at the prompt and then hit Enter:

ping www.google.com

- If that works, you should get 4 positive replys followed by some summary info. If it doesn't work, try to ping by IP address:

ping 66.102.7.147

I have SBC Yahoo DSL here in San Francisco.

Sorry to hear that. Send me an email; I'll come down from Marin over the weekend and fix it for you. :mrgreen:

I have been reading on the threads and other sites that tells me that in general, for SBC Yahoo DSL the setting on the Router should be PPPoE not DHCP. I haven't tried PPPoE. Do you think that is the problem? If not, then what is?

By the way, http://192.168.0.1 shows that my DSL Modem is on PPPoE mode already.

Please help! Thank you in advance.

Yes, the WAN-facing (connection to the modem) side of the router should be set to PPPoE for SBC. The LAN-facing (your internal network) side of the router should either be set to DHCP, or you can set up all of your devices with static IPs.

Personally, I find it more reliable on small/home networks to turn off the DHCP server function of the router and just give everything a static setup.

Start simple: if you haven't already, turn off any features that could possibly interfere with establishing a proper connection (WEP, any firewall software, etc.).

Is the network card in your computer configured to obtain an IP address via DHCP? If not, set it to do that so that it can pick up an IP from the router. The setup program will have trouble finding it otherwise.

Alternately, you can assign yourself static IP info that puts your system in the same range as the router's default IP (192.168.1.1). For example:

computer IP: 192.168.1.2
subnet mask: 255.255.255.0
gateway IP: 192.168.1.1

By the way: you don't need to use the installation software to configure the router. If you configure static network settings as I posted above, you should just be able to point your browser to http://192.168.1.1 to access the router's built-in web-based configuration pages. In the login window, leave the username blank, and enter the default password "admin".

Did you burn the installation CD? If so, did you burn it correctly?

1. A very common mistake is to download a Linux iso images and then just burn it to CD as a file instead of burning the iso as a disk image. Insert the Linux CD into your drive while you're booted into Windows; if you just see one large .iso file on the CD, that's what's happened.

Info on burning disk images cn be found here.

2. Either the downloaded iso or the CD burn could be corrupt. Use MD5Sums to verify the download, and make sure to use your burning software to verify the disk after burning.

3. If you got the CD out of book/magazine/etc., it could be a bad disk. This is pretty common.

Any prevention frm this beast coming again?

For Aurora specifically? Not that I know of.

However, following the suggestions posted by Trevuren in this thread will go a long way toward tightening up the vulnerable areas of your system.

A. Your log indicates multiple infections, but it also seems to be missing a section at the end. A HJT log from a Windows XP or 2000 system usually has a list of "O23 - Service:" entries after the "020" entries. Are you positive you posted the full text of the log?

B. To get most of the infections cleaned up automatically, please do the following:

1. Run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

2. Download, install, and run the following (free) detection and removal tools (use each program's online update function before running them to make sure you have the most current updates installed).

After each utility completes its fixes, reboot before continuing on to the next utility; have the utilities fix all of the problematic/malicious items they find:

ewido Security Suite - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
Ad Aware SE Personal - http://www.lavasoftusa.com/
SpyBot Search & Destroy - http://www.safer-networking.org/

3. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and …

That log looks good- updates are showing there now, and there are no signs of infections. :)

A Required.DLL file, OLEACC.DLL, was not found.

Certain versions of Win 98 either did not have that dll at all, or had an outdated version of it. The following Microsoft article tells you how to get the right version of the file:

http://support.microsoft.com/default.aspx?scid=KB;en-us;810684

1.

I didn't find C:\Documents and Settings\Owner\Application Data\eetu.exe to delete it

Did you have Explorer set to show hidden files and folders?:

Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

2. Your log is looking pretty good. Please do the following to clean up the one loose end:

a) Close all other programs, run HJT again, and have it fix:

O23 - Service: distributed.net client (dnetc) - Unknown owner - C:\WINDOWS\system32\iosdt\iosdt.exe (file missing)

b) Once HJT completes the fixes, click on the "Config" button in the lower right corner of HijackThis' main window. In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Type the following in the box and click OK:

dnetc

c) Delete the entire C:\WINDOWS\system32\iosdt folder.

d) Empty your Recycle Bin, reboot, run HJT again, and post a new log.