Posts by DMR

OK, keep us posted.

Also- don't hesitate to ask if you have any questions along the way. Partition manipulation is pretty low-level stuff, and one mistake can wipe out everything on the drive...

You may well have a new nasty that (at the moment) there is only one fix (that I know of) for.

Yes- the indications of the Bube infection are in the log. :mad:

And unfortunately- the last time I heard from CalamityJane (last week), she'd found nothing further on removing the beast aside from the KAV scan. :(

Liz,

Let's hope KAV was able to remove enough of the nasty to enable us to clean up the leftovers:

1. Repeat crunchie's instructions for using HijackThis' process manager to kill the following processes:

C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\isrvs\ffisearch.exe
C:\windows\system32\elitezzl32.exe

2. Hav HJT fix:

O2 - BHO: (no name) - {BE6BD929-1AC3-053B-CDDA-458193C45FE5} - C:\WINDOWS\System32\iofi.dll (file missing)
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitezzl32.exe
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll

3. Boot into safe mode again and:

- try to delete the C:\Windows\isrvs folder entirely.

- delete the C:\windows\system32\elitezzl32.exe file.

- turn off XP's System Restore function if you haven't already. Instructions are here.

- empty your Recycle Bin.

4. Reboot normally and post a new log.

At the least, you have the Narrator/qoologic infection, which HijackThis alone is not going to be able to fix. Please do the following:

Download finditnt2000xp.zip.

http://www.thatcomputerguy.us/downloads/finditnt2000xp.zip

1. Unzip the contents of finditnt2000xp.zip

2. Open the resulting "Find It NT-2K-XP" folder

3. Double-click on find.bat.

A command prompt will open and it will search your computer for malicious files.

(it may take several minutes for the script to run ... please be patient)

Once it has finished a Notepad window will pop up with output.txt.

4. Copy the entire contents of output.txt into your next post.

Your HijackThis log is incomplete; you are also running the program from within a Temp folder, which is not advised. Please follow the directions below:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!
Temp/Temporary folders are just that- Temporary. They are not meant for permanent storage, as their contents are often delete in the course of troubleshooting, by running disk clean-up utilities, etc.

-------------------------------------------------------------------------------------------------------------------

Before fixing problems with HijackThis, you must make sure to close/quit ALL instances of your web browser! HijackThis cannot fully perform its fixes while browsers are running.

-------------------------------------------------------------------------------------------------------------------

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log here. Once we analyse the log we can tell you what to do from there.

-------------------------------------------------------------------------------------------------------------------

Try this:

http://support.microsoft.com/kb/q270008/

Although the article pertains to Win 2000, I've seen the problem occur with XP as well; the fix described for Win 2000 works for XP.

Please note that although the article only refers to the "UpperFilters" and "LowerFilters" entries in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet registry subkey, I've had to apply the fix to the similar entries (if found) in the HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00x subkeys as well in order to make it work.

One common cause for that problem, and the fix:

http://support.microsoft.com/kb/q270008/

Although the article pertains to Win 2000, I've seen the problem occur with XP as well; the fix described for Win 2000 works for XP.

Please note that although the article only refers to the "UpperFilters" and "LowerFilters" entries in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet registry subkey, I've had to apply the fix to the similar entries (if found) in the HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00x subkeys as well in order to make it work.

Is there any way to change the horizontal frequency into an operatable range using another computer that works?

Not exactly. The fix doesn't involve modifying the monitor's settings; you have to change the settings of your video card/monitor configuration in the computer that you want to use the monitor on to something compatible with that monitor.

Starting off using the generic VGA/SVGA drivers or the "generic VGA monitor" setting should at least get you a usable display.

Two things you can try:

1. See if you can delete the file when booted into Safe Mode. You get to the safe mode boot option by hitting the F8 key as your computer is starting up.

2. You may need to unregister the dll before you can delete it:

- Open a DOS box by typing "cmd" (omit the quotes) in the "Run.." option under your Start button menu.

- At the command prompt in the DOS window, type the following command (replace the example path to the msohev.dll file below with the full, correct path to the file's location on your particular system):

regsvr32 /u C:\Program Files\Microsoft Office\Office10\msohev.dll

Close the DOS window after the command command completes and see if you can then delete the file (you might have to reboot before you try the deletion).

This link describes the partitions on your Dell:

http://www.bay-wolf.com/harddrive.htm#23

In terms of manipulating the partitions:

1. I'm honestly not sure if you should muck with the first (EISA config.) partition. Since it only uses about 70M I'd leave it alone.

2. If you're OK with losing the system restore info in the Dell partition, you can delete that partition and leave the resulting free space available for the Linux install. Since you'll probably want more than 3.2G available for Linux, I'd use PM to shrink your current Windows partition to free up even more space for Linux.

3. Given that you're currently only using less than 20G of the 145G available in your C: partition, you could easiliy just leave the two special Dell partitions alone and use PM to carve out a big chunk of C: to make another partition for Linux.

Was rundll32.exe really deleted from your system, or is it a case of the file being present but the system not recognizing it?

Either way, I'd start by grabbing a copy of rundll32.exe from someone who's running the same version of Windows that you are. Copy that file to your machine and see if it makes a difference.

Either a reset jumper or battery removal should do it. You'll have to check the specs of your motherboard to see if it has a reset jumper, and if so, where it's located. The alternative is to unplug the power cord from the computer and remove the CMOS battery. Leave the battery out for 30 minutes or more if possible; it can take a pretty long time for some systems to fully discharge.

Two OS can be on your drives at the same time, they can even share a drive (with exceptions) but they cannot be loaded (Running) at the same time...

Right. Two OSes can be installed on the same drive, but you can only be booted into one at a time. The exception would be running one OS from within another by using third-party software such as VMware or WINE.

Get a bootloader, lilo, grub or other...

Grub is your friend... :D

Switch cables so that 98 is your C drive and reinstall XP

Yes, and if you're careful, you won't even have to reinstall XP entirely.
The key thing to know is that even when XP is installed on a second drive or partition, it still needs to install some of its boot files on the C: drive/partition. Because you installed XP and 98 separately, XP didn't copy the boot files to the 98 partition, so as the system stands right now, you won't be able to boot XP or set up dual-booting.

The trick is to force XP into making the necessary modifications to C: by running the XP installation again and telling it to install to the C: drive (where 98 lives). However, instead of running the full installation, you only let it go through the first part of the install where it copies the initial setup files to the drive. This will put the missing boot files onto the C: drive. After that you have …

OK- give those a try and let us know the results. :)

I remember when I was young, before win. 3.1 no mouse. I would create my own menu in a text file. create bat. files to run programs and name them 1.bat 2.bat ....
A farfetched idea?

lol! I forgot about that; I did the same sorts of things back then as well. I remember how cool it was when I discovered Norton's NDOS, because it was so much more flexible and powerful than MS-DOS in terms of the bat files, scripts, and menus I could create with it.
Sure- it's all dinosaur stuff now, but when you're running DOS 3.3, DOS 5.0, and Win 3.1 on a 286 with a 10M hard drive, maybe 16M RAM, and a couple of 5.25" floppy drives... :mrgreen:

Sorry to say it though, but that doesn't work anymore. There's no such thing as "real" DOS underneath the hood of modern versions of Windows, and the boot processs is much more advanced and complicated that it was in those days.

You say that your CD-ROM shows up as the "D:" drive, but that shouldn't be the case if your second hard drive is configured correctly and Windows is following its usual drive/partition naming convention.. In your case, Windows should assign drive letters as follows:

C: = the Primary partition on the Primary Master drive (where Win XP lives). From what you've said about your configuration, in your case the primary partition is the only partiton on that drive.

D: …

Hello Mr Wison,

Please see my post directly above yours regarding our posting procedures in these forums. You need to start your own separate thread for your question.

Thanks. :)

Might be time for a disk scan and a defrag; you could have some corrupted or heavily fragmented data on your disk.

Hang in there- I've read your latest posts, but I have to log off for the night now.

I've flagged this thread for follow-up, so I'll try to respond as soon as possible tomorrow.

Bumping this up, I think it was forgotten.

Not forgotten at - it's just none of here get paid to do this, so "real life" work that pays the rent/mortgage has to come first. :cheesy:

OK- the pings worked both by IP and URL, so that's a good start. It means that you at least have basic network/Internet connectivity.

Given that you're still having problems browsing, try the following (I just ran this fix on one of my client's systems yesterday, and it worked; she was using AOL dial-up as well):

Download and run WinsockXPFix. Let the program perform its fixes, and once done, close the program and reboot.

Once the system reboots, try browsing the Net again and let us know the results.

Thanks for the additional info Leanne; it helps.

a blue screen comes up saying something about Kernel Data Error...

I'm assuming this the exact kernel error, yes?:

KERNEL_DATA_INPAGE_ERROR

If so, here's what Microsoft has to say about those errors:

http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prmd_stp_fvlq.asp

Unfortunately, it could be a few things, including data errors on your hard drive, the hard drive itself failing, or bad memory.

Here are some links related to STOP 0x7A and win32k.sys errors in general:
http://www.google.com/search?hl=en&lr=&q=%22STOP+0x0000007a%22++win32k.sys&btnG=Search

And here are some relating specifically to laptops:
http://www.google.com/search?hl=en&lr=&q=%22STOP+0x0000007a%22++win32k.sys+laptop&btnG=Search

Try some of the solutions suggested in the above links and repost here with any questions/progress reports/etc.

The slowdown could be the result of something that got deleted, although the removal of the files/folders I specifically asked you to delete wouldn't cause the behaviour (and it certainly isn't being caused by AVG).

Is the slowdown "global" in the sense that it doesn't matter what programs you have running or what you're doing with/on the computer, or does it only occur under certain circumstances such as when you're online?

1. Your log looks clean to me; I see nothing in it which gives any clue as to what program is trying to change your home page. Is there any more specific information that you get from SpywareGuard or elsewhere that would help us indentify the culprit?

2. The "017" entry is just listing the IP address of the DNS server you are using. The exact IP listed in the 017 entry is an AOL address, so I'd assume it's legit.

3. AOL doesn't have to be everywhere. AOL has fooled a lot of people into thinking that they can't browse the Net without using AOL, but I personally try to wean my clients away from AOL; it's become too bloated, all-pervasive, and problematic for me to recommend using it at all. We don't call it AOHell for nothing. Sure, if AOL is your ISP, you at least have to connect through them to access the Web, but that doesn't mean you have to use their software once you're connected.

My win 98 hard drive has a duel slave not a master slave. I will set it on dual s.

I don't understand what you're trying to say there; there's no such thing as "dual slave" or "master slave". Do you mean Secondary Slave as opposed to Primary Slave, perhaps?

Would the cd rom be set as a master on it's own ribben. Master and slave HD s. set on ide 1 cd rom on 2

Yup- exactly.

It's been a long time since I've used Sound Forge, but my guess is that you could try using its own equalizer/filter settings (or a plug-in) to notch out the buzz without perceptively altering the overall audio quality.

To be honest, I don't remeber if there normally are .BAK entries under those subkeys. Just delete the keys exactly as instructed in the link I gave and see if that does anything to help the problem.

I unhid every folder and file and did several searches for boot.ini and found no results. I am running xp pro...

That's weird. From what you've said so far, XP Pro was installed when there were no other drives/partitions/operating systems present. If that's really the case, boot.ini should be in your root (C:\) directory, along with the other XP boot files such as ntldr, bootsect.dos, ntdetect, etc.

Have you also considered running the games in XP in 98 mode? Right click the program and then click the properties, under compatibility you can select Windows 95, Windows 98 and others.

Chester

That can definitely work with some older applications. It may not though, depending on the specific games in question, as "compatibilty mode" isn't the same as running the programs in the true native environment they were designed to run under. Worth a try maybe, I suppose.

1. CPU usage will "spike" (that is- jump up in short bursts) when a certain program or process takes temporary priority control of the CPU's attention to accomplish a task. This isn't necessarilly abnormal if it only happens in short bursts, but if something is gobbling up CPU usage for an extended period of time, or if your CPU usage gradually creeps higher and higher without dropping back down, that can be indicative of a "runaway" process or the activity of malicius programs. If you sort Task Manager's process list by CPU usage, you might be able to see the offending process jump to the top of the list when the usage spikes.

2. Except for "ViewMgr.exe", all of the memory-intensive processes listed are the "normal suspects" when it comes to memory usage. McShield.exe and mcvsshld.exe are components of your McAfee software; the others are normal Windows processes.

In terms of ViewMgr.exe- it's a part of the Viewpoint Media Player program, which you pick up as sort of a "drive-by" install when you visit certain web sites. The program isn't really "spyware", but it does run in the background and at the very least automatically download updates whenever it finds them. Personally, I'd remove it; you can do that through your Add/Remove Programs control panel.

Can you post the solution here please? It could help others who experience the same problem.

Thanks.

Good- the log is clean now. :)

My assumption is that the slight nasties you had weren't related to the slowdown problems, so if you're still experiencing the slowdowns, here are a couple of things to look for:

1. McAfee and other programs will automatically go online to check for and/or download updates. If one of these downloads kicks in while you're doing other things on the computer, the extra load this puts on the system can manifest itself in the ways you describe. AOL/AIM, RealPlayer, Quicktime, and other programs that show up in your system tray have "auto-update" functions; with the exception of McAfee, you should disable auto-updates.

2. When the system first starts to exhibit the slowdowns, Hold down the Ctrl+Alt+Delete keys simultaneously, click Task Manager in the window that pops up, and then click the Processes tab.
Look for any processes which are chewing up a large percentage of your memory and CPU time. Write down their names and post them here if you are unsure what program they are related to.

In a dual drive or dual partition boot scenario with XP and an older version of Windows, the usual method is to install the older Windows on the first partition/drive and to then install XP on the second. That way, XP would automatically detect the existing Windows installation and configure the dual booting for you automatically.

Since each operating system was installed independently of the other in your case, XP is unaware of the 98 installation. This means that you'll have to do some manual configuration in order to have XP's boot loader give you the option of booting either OS.

The following is probably the easiest method, as it only requires adding one entry to the existing XP bootloader configuration file. If it doesn't work there are other ways to make it happen, but try this first:

1. Make the Windows XP drive the Primary Master drive (C:), and make the 98 drive the Primary Slave (D:). I would suggest not using Cable Select, but instead hard-setting the Master/Slave jumpers on each drive to their appropriate positions. Double-check your jumper settings and cable connections before you proceed.

2. Boot the computer; it should boot directly into XP.

3. The file you need to edit is C:\boot.ini, which is a hidden system file. In order to see the file and edit it:

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files …

Your log only has a couple of things that should be fixed:

1. You are using Download Accelerator Plus, which is adware at the very least (as are many/most "free" download accelereators, Internet search tools, and the like). I would suggest you uninstall it through your Add/Remove Programs control panel.

2. Your log also indicates a Wild Tangent infection. Again through the Add/Remove Programs control panel, remove any Wild Tanget components If they're listed there.

Close all open web browsers and all Windows Explorer windows that might be open, run HijackThis again, and have it fix any of the following entries that still exist after doing the above:

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

After having HJT fix the above, locate and entirely delete any DAP, Download Accelerator Plus, Wild Tangent, and wt folders that might be left over.

Empty your recycle Bin, reboot, run HJT again, and post a fresh log.

The BIOS issue makes me think this isn't the problem, but here's a link to a common cause of disappearing CD drives:

http://support.microsoft.com/kb/q270008/

Although the article pertains to Win 2000, I've seen the problem occur with XP as well; the fix described for Win 2000 works for XP.

Please note that although the article only refers to the "UpperFilters" and "LowerFilters" entries in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet registry subkey, I've had to apply the fix to the similar entries (if found) in any other HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00x subkeys as well in order to make it work.

It can be done, but exact "how" of it depends on a couple of things:

Have both drives always been installed in the computer? If so, and you installed XP on the secondary drive while 98 was present on the primary drive, you might be most of the way there. If not, you can still do it, but it will just take a bit more configuration work.

Sounds like you have more than one CD drive. Have you tried to narrow things down by troubleshooting with only one of the drives installed at a time?

When you say "they shut down", to you mean that the system just powers down by itself shorlty after it finishes loading Windows, or do you mean something else?

Read the 2 threads in the following link for an explanation and some suggestions:

http://www.daniweb.com/techtalkforums/search.php?searchid=345719

If my suggestions in those threads yield anything useful, repost here with the details.

The error can be related to faulty RAM, but it's usually a software-related problem. You can download the memory testing utility memtest86 from the following site if you want to get the RAM posibility out of the way:

www.memtest86.com

That's a bit of a strange one; I can't think of any settings in a router that would cause that kind of behaviour, but that's not to say it isn't possible.

1. Can you connect either of the computers to the router via an Ethernet cable instead of wirelessly?

2. Have you done a full reset on the router to see if that clears things out?

FAT32 is newer version of the original FAT (FAT16, technically) filesystem format. It's basic advantages over FAT16 are more efficient use of disk space and support for larger drives, partitions, directories, and files.

FAT16 is basically dead; use FAT32 for the shared partition.

1. Now that you've uninstalled WAV2005, you can safely delete the entire C:\Documents and Settings\All Users.WINDOWS\Application Data\WinSoftware folder (and any other WAV2005 folders that might exist). That will obviously get rid of most of the quarantined infected files the other AV scanners detected. If you still have Norton folders hanging around, you delete them as well.

Once you've done the above, run the online scans again (try the Kaspersky and Trend Micro scans this time too) and have them clean up the leftovers.

2. For a free anti-virus solution, give AVG a try. For more options, a list of free AV, firewall, etc. programs can be found here.

3. Your HijackThis log is clean now. :)

Your modem problem may have nothing to do with the work you were doing with HijackThis. You said that you updated the drivers, but have you totally reinstalled them from scratch?

By that I don't mean just letting Windows reinstall the existing drivers; uninstall the modem from within Device Manager, uninstall all/any modem software, reboot, and then run the modem's entire installation program again.

How do you connect to the modem anyway (USB or Ethernet)?

There's no indication of a broken or hijacked networked connection in your HJT log, but there could be other things going on with your connection. Let's try the following:

1. Open your Internet Options control panel, click on the Connections tab, and then on the "LAN Settings" button. In the LAN settings window, make sure none of the proxy-related boxes are checked, and also try toggling the status of the "automatically detect settings" box.

2. Open Internet Explorer and see if you can reach Google and/or Yahoo by their IP addresses as opposed to their URL. In IE's address/location bar, type in the following locations one at a time and tell us what happens:

http://66.102.7.147
http://66.94.230.37

3. Click on the "Run..." option in your Start menu. In the "Open:" box of the resulting window, type "cmd" (omit the quotes) and hit Enter. This will bring up a DOS window

- At the DOS prompt, type the following commands, hit Enter after each, and tell us the exact results:

ping 127.0.0.1
ping 66.102.7.147
ping www.google.com

- Again at the DOS prompt, type the following command, hit Enter, and post the information returned by the command:

ipconfig /all

4. Do you connect directly to the Internet, or are you going through a router or some other device?

What type of Internet connection …

1.

I did all that you suggested in the previous post, but IE is still not working... Also now I am getting a pop up asking if I want to install a macromedia flash player 7 when I change pages.

Well- from what you posted above it seems that you can now at least browse to some sites, which sounds better than the problem you first described.
Please tell us exactly what is still "not working".

2. The Flash popups you're getting are probably due to the fact that you've visited sites which use Flash animations, and that version 7 of Flash has just been released. My bet is that you're just getting "hyped" by those sites to upgrade the version of the Flash plug-in that your browser is currently using.

Hi Nashii,

First of all- welcome to TechTalk!

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there.

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

Thanks for understanding.

When you do start your new thread, please do the following:

Download the utility "HijackThis" from this location.

Once downloaded, create a new and separate folder outside of any Temp/Temporary folders for HJT and move it there. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log into your new post. The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to …

Also about 6 months back I used a accelerator from another company... I bet that is where the problem came from.

I'll bet you're right; have HTJ fix it.

I see a lot of talk about backing up info. Do I need to do this? How do I do this?

HijackThis automatically creates backup snapshots before making changes to your system; they get created in the "backups" subfolder below the folder where the actual hijackthis.exe program lives. If you do need to undo some change made by HijackThis, we'll tell you how to restore to the backup point.

Other than that, if you do exactly what I suggested (and only what I suggested) you'll be fine. We aren't doing anything dangerous here right now; just cleaning up some minor nasties. :)

Thanks for the reformatted log- much easier to see what's going on now! :)

1. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400

The above log entry is what is causing your browser to go to 127.0.0.1.
That IP address is the "local loopback" address which is present on your own machine; what the "ProxyServer" entry is doing is telling applications on your computer to connect through port 5400 when they need to communicate out across your network and the Internet.

"Ports" are basically separate channels of communication that exist on a network communication link as a whole. You can think of the different ports (there are over 65,000 of them) as the networking equivalent to the many different television channels that exist on the single physical cable TV wire that comes into your house.

The proxy entry might be legit in your case, but it also might not. Some online games, "download accellerator" programs, and other valid network applications communicate on port 5400, but it's also a port known to be used by trojans and other malicious programs.

If you know that you have no programs installed which use port 5400, and your ISP hasn't instructed you to configure your system to use the port, have HijackThis fix the entry. If it turns out that the proxy was needed for some reason, we can restore the setting easily.

2. Also have HTJ fix these entries:

R1 …

I could certainly be missing something, but I don't see much in the way of "nasties" in your log.

Have HijackThis fix the following entries and post a new log after that:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://best-search.cc/index.php?v=6&aff=6003752
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/179/
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

The formatting of that log makes it rather difficult to read. Could you please save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log from there? It should come out in a much more readable fashion if you do that correctly.

Also- give us more specific information concerning the problem, such as when the problem started, whether it happens on all sites or just certain sites, what you may have done so far to troubleshoot the problem, etc.

Thanks...

A few initial thoughts:

- What makes you think the problem lies with the router?

- If you bypass the router and connect a computer direcly to the Internet, can you then reach the problem sites?

- If you have more than one computer, do they all have this problem?

- Are the pages that you can load the main homepages for hotmail, amazon, etc., or are they secure pages (login pages, purchase pages, etc.) within the sites?

WinAntiVirus does not have a good track record in the "trustworthy" department.

At the very least, they obviously try to fool the unobservant user into thinking that they're looking at Norton/Symantec error messages, subscription notices, etc., when in fact these are bogus ads and other popups from WinAntiVirus.
Additionally, they have even registered the domain "www.symantic.com", so that when users trying to go "www.symantec.com" mis-spell the URL, they are directed to WinAntiVirus' product page instead of Norton's.

Judging from the user reports I've read, I would highly suggest that you uninstall the program and demand a refund. You may have to bark at them a bit to get it, but other users who requested refunds say that they did get them.

Aside from the above, the following two entries in your log are indicative of trojan infections:

O4 - HKLM\..\Run: [WinTaskMan] C:\WINDOWS\System32\winstarter.exe
O4 - HKCU\..\Run: [window.exe] C:\WINDOWS\System32\window.exe

Run a few additional online virus scans and see if they can do a bit more than Panda was able to do for you:

http://housecall.trendmicro.com/
http://www.kaspersky.com/scanforvirus.html
http://us.mcafee.com/root/mfs/default.asp?cid=9435
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

Let us know the results of the scans and post a fresh log. As I said earlier, I would suggest that you uninstall WinAntiVirus before we proceed.

As caperjack suggested in your other thread:

If you do think you made a mistake with HJT, you should try to undo the accidental "fix" by restoring from one of the backups that HJT created.

HijackThis stores its backups in a sub-folder of the main HijackThis folder; the sub-folder is named (surprise) "backups". If you see files whose names begin with "backup-" within this folder, you should be able to use one of those to undo the unwanted changes:

- Run HJT, click the Config button, and then click the Backups button in the resulting window. You should then see a list of possibe backups to choose from.

- Check the box next to the backup which is dated just prior to the time you did the "accidental" HJT fix and then click the Restore button and follow the prompts from there.

If you do not have HijackThis backups for some reason and are running Winows XP or ME, you may have to try a full system restore. Let us know if the HJT backup works before you go ahead with that, though.

I've tried responding to the login prompt by inputting the details of the main computer, but it doesn't accept it.

What is the exact error message that you get?

I totally agree with Squires on the Simple Filesharing issue- it causes more problems than it solves, and the inability to turn it off really limits your troubleshooting choices. :mad:

Are you using simple file sharing on both machines, or have you disabled it on the XP Pro machine?