Posts by DMR

Upgrading a corrupted installation of Windows to a newer version really isn't advised. The current problems that your system has can be carried over (and even magnified) in the course of the upgrade.

Additionally, with Windows 98/95/ME it's ideally better do buy a full Version of XP and install from scratch rather than doing an upgrade.

Looks better, but the WinTools and Toolbar references are still present. Were you able to successfully delete the entire WinTools and ToolBar folders as I instructed in my last post?

Let's try this:

1. Open your Add/Remove Programs control panel and look for entries related to Win Tools and ToolBar. If so, remove them through the control panel.

2. Run HJT again and have it fix:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/googlesidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)

3. Reboot into Safe Mode again, delete the WinTools and ToolBar folders entirely, empty your Recycle Bin, and reboot normally.

4. Post a fresh HJT log.

As crunchie said, your HJT log is clean.

In terms of the possible sluggishness, there can be many non-malicious causes of that. Here are a few things to look at:

1. Run Windows' Disk Defragmenter or a similar program such as Norton's Speed Disk to optimize the organization of the data on your drive. This can cut down on the time it takes the system to locate information on the drive.

2. In the course of installing and uninstalling programs, "stale" entries can build up in the Windows Registry, and this can have a negative effect on a system's performance. Registry "cleaning" utilities like PC Tools' Registry Mechanic or Norton's Win Doctor can repair invalid, incorrect, or "orphaned" entries in the Registry.

3. Many programs install components of themselves that automatically start up when Windows starts, meaning that whether you're using them or not, they're running in the background using up system resources. Some of these components are loaded via shortcuts in each user' Startup folder, while others are loaded by entries in the Registry.

The following items listed in your HijackThis log are all configured to run when Windows starts, but are optional; it's up to the user to decide if they want/need the added functionality they may provide:

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update …

Hi bynkxs,

First of all- welcome to TechTalk!

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

Thanks for understanding.

1.

when I typed the first comman I got back:

'regsvr' is not recognized as an internal or external command, operable program or batch file

I'm running 2000 professional - does that make a difference?

Yeah, it does- my mistake. For Win 2K, try using regsvr32" instead of "regsvr" in those commands.

2. Was your latest log done in Safe Mode? If so, please post another log after running HJT after booting into Windows normally. That way we can see if any of the malicious entries (which, by the way, are not present in your most current log) return.

3. As for the DNS server IP- given the history of your move from Spain, let's leave that alone for the moment.

Go to Start->Settings->Control Panel->Administrative Tools, and click on "Event Viewer".

The Event Viewer utility will allow you to review your system and application log files. Double-click on any error/warning entries you find that might relate to the problem and see if you can cut-n-paste that info here.

1.

...Did you correctly configure the jumper settings on your drives as 'Master' and 'Slave' accordingly?

That's definitely a question worth an answer.

2. From what you've said, I gather that CD aren't "auto-playing", but:

Once you insert a disk and let it spin up, does it show up (and/or is it accessible) in Windows Explorer?

1. 1. Download and run LSPFix. When LSPFix opens:

- put a check in the "I know what I am doing" box.
- hilight "dolsp.dll" (and only dolsp.dll!) in the Keep list.
- click the ">>" button to move dolsp.dll to the Remove list.
- click "Finish"
- click OK to close the program.

2. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- Delete the C:\Program Files\w6cv654y folder entirely.

- Empty your Recycle Bin.

3. Reboot normally, run HJT again, and post the new log.

You're welcome :)

Actually- the real guts of the matter are basically that the Ethernet protocol itself doesn't care about operating systems; you can have computers running many different operating systems accessing the Internet through one Ethernet network.

(of course, that doesn't necessarily mean that those computers can talk to each other without some tweaking, but that's a higher-level protocol issue.)

1. <RANT>
Looks like you've gotten rid of Ware Out- Good. The program is bogus, and has been reported in tests to have actually created some of the malicious-looking entries in your log!

Ref:

http://www.easydesksoftware.com/news/news29.htm
http://www.bleepingcomputer.com/startups/WareOut.exe-6159.html
http://www.regblock.com/spydet_1818_wareout.html

You need to be very careful when choosing "anti-spyware" products, escpecially free ones; there are large number of unscrupulous companies who offer utilities that are bogus in one way or another.

The following well-trusted site maintains a list of reputable vs. bogus/questionable products (and guess where Ware Out is on that list); at the very least, consult this site before you decide to download the latest and greatest anti-spyware/virus/trojan/etc. program:

http://www.spywarewarrior.com/rogue_anti-spyware.htm
</RANT>

2. To unregister the malicious dll files still present in your log:

Open an MS-DOS Prompt window and type the following commands (hit Enter after each command):

regsvr /u C:\WINNT\cerbmod.dll
regsvr /u C:\WINNT\system32\msafa.dll
regsvr /u C:\WINNT\system32\iecustom32.dll

3. Run HijackThis again, have it fix the following, and then reboot:

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

I have to head off to work right now, but I'll check back in 5 or 6 hours.

In the mean time:

There is a specific utility for removing EliteBar. Download it from the following link, read the instructions in the "readme.rtf" file that comes with it, and give it a try:

http://www.majorgeeks.com/download4465.html

Post a new HijackThis log after that.

OK- you definitely have a few nasties in that log.

I need to log off right now and do a few hours of "real-life" work, but hang in there; one of us will help you as soon as we can.

- Does the CD drive show up correctly in Device Manager?

- Does it even spin up when you insert a CD?

- Does this happen with both data CDs and music CDs?

Hubs don't care what operating system you use. :)

Although I can't say for sure because I can't actually see the message, that is the text you would get from one of the real Windows error pop-ups.

YA there was so much but I didn't have time to finish.

No kidding, I know the feeling!

I can feel myself aging while I'm analyzing logs lately; the new versions of these "nasties" are just taking more and more effort to weed out. :(

Are any of you who have these "shellpar" files using the "Ultra Win Cleaner" utility package (or have you had it installed in the past)?

Please post the HiJack this log.

Yes- we'll need your HJT log to start with.

Many malicious infections use randomly-generated filenames which can even "morph" their names at times; this is especially true of the variants which require use of the KillBox. Given that, a fix that was posted for one person will seldom entirely apply to those with similar problems.

Oh, there's a lot more than that going on...

!! Please print out these instructions, as you will have to disconnect from the Internet for parts of this procedure.

1. Download and run LSPFix. When LSPFix opens:

- put a check in the "I know what I am doing" box.
- hilight "dolsp.dll" (and only dolsp.dll!) in the Keep list.
- click the ">>" button to move dolsp.dll to the Remove list.
- click "Finish"
- click OK to close the program.

2. Download CWShredder. Open the program and:

- Click "Fix"
- Click "OK" in the resulting "CWSredder will shut down..." dialog. CWShedder will then start scanning and fixing.
- When the program has finished scanning, click "Next" and then "Finish" to exit.

3. Download L2mfix, save it on your desktop, but don't run it yet.

4. Run HijackThis again and fix the following:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://69.42.87.219/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.42.87.219/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - …

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

do i delete this

Nope- it's part of your soundcard software.

Your HJT log is totally clean, and since you've encountered the "generic host" error with three installs of XP, I'd say that malicious infections aren't the problem.

The "Generic Host Process for Win32 Services" is a file named svchost.exe; it is a core Windows file which manages/handles various processes running on your system.

The error message that you're getting is basically svchost.exe telling you it is encountering problems with one of the processes it is handling. To determine the real culprit, you need to identify the process that is causing svchost to choke. You can usually do this by looking deeper into the information contained in the full error message; the info which identifies the specific problem will be similar to:

szAppName : svchost.exe szAppVer : 5.1.2600.2180 szModName : ntdll.dll 
szModVer : 5.1.2600.2180 offset : 00018fea

The ModName and ModVer entries identify the specific .dll file that's causing svchost trouble.

Just FYI: Norton/Symantec products have a bit of a history of causing such errors.

Norton has now found a trojan horse called opensdl.exe

Is that the correct spelling of the infected file? I can't find any info on it...

There are different versions/variants of the Elitebar pest, and if you have an EliteBar infection you may have other "unwanted guests" as well.

Please do the following, and we'll show you what to do from there:

Download the free "HijackThis" detection and removal tool:

http://www.majorgeeks.com/download3155.html

Once downloaded, follow these instructions to install and run the program:

-------------------------------------------------------------------------------------------------------------------

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

The downloaded file is a "zipped" file, so you will have to unzip it before you can run it. Right-click on the hijckthis.zip file and choose the "Extract All..." option from the resulting pop-up menu; this will start XP's extraction wizard. Walk through the wizard's steps using its default selections. This will create a sub-folder named HijackThis, which contains the actual hijackthis.exe program. You just need to double-click on that to run it.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log …

Ouch! You have numerous infections, so this is going to take a bit. Please be patient, follow any and all instructions we offer exactly, and don't hesitate to ask questions if there's something you're unsure of.

HijackThis alone isn't going to fix everthying you have, so let's see how much of it we can clean up before we delve into your log.

A) Do all 3 of the following free online virus/spyware scans. Please post the results reported by each:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

B) Run a full anti-virus scan with Norton if you haven't already, making sure that you have downloaded the most current virus definition updates. If Norton finds files that it says it can't clean or delete, post the locations of those files.

C) Download and run Ad Aware and SpyBot Search & Destroy (download links are in my sig below).

Follow these directions for configuring Ad Aware (directions courtesy of our member "crunchie"):

1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left …

A couple of thoughts:

1. Uninstall the drivers again, but this time don't let Windows simply reload the existing drivers it finds. Download a fresh driver load and install that instead.

2. It may be hardware problem instead:

- dirt on the lenses
- tracking mechanism getting out of alignment
- controller electronics starting to fail

1. Run Live Update now and install all available updates. According to Symantec/Norton, the fix is built in to the latest updates.

2. There's no indication of malicious infections in your HijackThis log, although there is a slightly newer version of HJT available (v 1.99.1). If you would like, you can download the newer version using the link in my sig below and post the log it generates.

3. Can you give us any more details on the crashes/freezes. The more we have to go on the better.

1. C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

The log entry above indicates that you are running HJT from within a Temp/Temporary folder. Please do the following:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!
Temp/Temporary folders are just that- Temporary. They are not meant for permanent storage, as their contents are often delete in the course of troubleshooting, by running disk clean-up utilities, etc.

2. Once you've fixed the above:

- Do the free online virus/spyware scans at these two sites:

http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

B) Download and run Ad Aware and SpyBot Search & Destroy (download links are in my sig below).

Follow these directions for configuring Ad Aware (directions courtesy of our member "crunchie"):

1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware …

Glad we could help :)

DMR, Thankyou for your help. I did what you recommended and it seems to have solved the problem. I had so many updates trying to run it slowed the computer to a crawl.

Yup- that can definitely be a problem. A lot of programs that have an automatic update function don't even give you any notice that they're doing it, making it hard to figure out where the problem lies. This is especially true at Windows start-up, because many of the items that live in your system tray will do their updates when Windows firsts fires them up. If you're having slow start-ups, chances are you've got RealPlayer, QuickTime, your anti-virus program, and a slew of others all trying to "phone home" at the same time.

Good job in terms of the HijackThis fixes, your log is almost clean now.

Hijackthis had probably already deleted the 2 files you didn't find, but it never hurts to double-check. As for the version of Auserinit that you found in the Prefetch folder, it should be deleted too. Actually, it's safe to delete everything in the Prefetch folder, so you might want to do that just to be on the safe side. The items in Prefetch aren't critical or permanent, but infected or otherwise corrupted files can get stuck in the folder and cause you problems.

The only thing I see in your log is that the Auserinit entry is either still there or has returned. Do this:

1. Have HJT fix the " F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\AUserInit.exe" entry.

2. Delete the AUserInit.exe file and empty your Recycle Bin.

3. Run HJT again and see if the entry returns or not.

4. Let us know what other problems, if any, you're still having.

Also- in addition to Sausden's suggestion, here are some other things you can do to minimize your chances of future infections:

1. Use Windows Automatic Update function to keep your system as up-to-date as possible with the most current Microsoft security and bug fixes.

2. Stop using Internet Explorer as your web browser. Because IE is so closely tied into the Windows operating system itself and contains so many security flaws, switching to …

Glad we could help you get it sorted out! :)

... But please be careful with that "I love you" stuff- my girlfriend uses this forum sometimes too :o :mrgreen:

Why can't I just uninstall and reinstall this dang thing?

That was my first suggestion; try that first if you haven't already. It's just that in a number of reports I read on the issue, even reinstalling didn't correct the glitch.

1. It's a real long-shot, but try flushing your DNS cache...

Open a DOS box, and type the following command at the prompt:

ipconfig /flushdns

2. Another thing to try:

- Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders (but not the folders themselves):

1. Local Settings\Temp
2. Cookies
3. History
4. Local Settings\Temporary Internet Files\Content.IE5

- Delete the entire content of your C:\Windows\Temp folder.

Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.

- Empty your Recycle Bin.

- Reboot normally.

This time, install the Service pack BEFORE you install drivers and software

Oh, right- a very good point.

... and one that I totally missed :o

Sorry, nothing else comes to mind right at this moment, but if it does I'll repost.

OK- you've got "nasties", so we've got work to do. Before we start though, you need to care of the following:

1. C:\Documents and Settings\Owner.YOUR-W92P4BHLZG\Local Settings\Temp\hijackthis-1\HijackThis.exe

The log entry above indicates that you are running HJT from within a Temp/Temporary folder. Please do the following:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!
Temp/Temporary folders are just that- Temporary. They are not meant for permanent storage, as their contents are often delete in the course of troubleshooting, by running disk clean-up utilities, etc.

2. C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

The log entry above indicates that you had at least 1 instance of Internet Explorer running when you ran HijackThis.
Before fixing problems with HijackThis, you must make sure to close/quit ALL instances of your web browser! HijackThis cannot fully perform its fixes while browsers are running.

As you won't be able to view our instructions online once we get started with the fixes, you should print them out as we go along.

3. Take care of the above, run HJT again, and post a fresh log.

Hmm- You might want to delete the Daemon Tools "Run" registry entry, but I'm not sure I'd touch the others quite yet. "Daemon" is a faily common computer term, and the other registry entires don't explicitly point to Daemon Tools.

1.

I have both Spybot search and destroy and Adaware and have tried to do several scans but the computer freezes up before the scan can complete.

Open each of those programs, but don't run their scans yet. Instead, just use their "check for updates" functions to make sure you have most current updates for each installed, and then quit/close the programs.

After that, reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up) and try running both programs that way. Many of the malicious programs which are interfering with your cleaning attempts won't be active in Safe Mode, so there's a good chance that Ad Aware and SpyBot will be able to do their job.
(Try running Norton in Safe Mode while you're at it)

2.

Also when i scan with the norton anitvirus it says it cannot delete the found viruses.

Please tell us the folder/location in which Norton finds the infected files. If they're in your _Restore folder, follow the instructions here:

http://www.daniweb.com/techtalkforums/thread13362.html

3. If Ad Aware and SpyBot still choke in Safe Mode, at least do the online scans I linked to in my last post.

4. Post a fresh HijackThis log and give us a progress report.

That should do it- thanks. :)

The x10net.dll is a component of the ATI Wonder video card software; it provides funtionality for the remote.

- Have you recently added or upgraded that software (or made any other system changes) just prior to receiving the error message? Give us a little more detail on the history of the problem.

Here are a couple of things you can start with:

1. Completely uninstall the ATI software (and possibly the hardware as well) and then reinstall it from scratch.

2. There are many reports of a bug in the software which will produce the exact error you are seeing. The fix involves editing the Windows Registry, though; you need to be very careful if you attempt it, and making a backup of the Registry before doing so is definitely advised. Explanations of the problem and instructions for the fix(es) can be found in the following links:

http://forums.tweaktown.com/showthread.php?p=222255#post222255
http://www.driverheaven.net/archive/index.php/t-16097.html

And the official word from ATI is as follows:

Regarding Remote Wonder issue:

There are two potential issues that may occur after installing the Remote Wonder drivers. These errors can occur with any version of the driver and affect the x10net.dll file. Both errors appear as Windows loads and occur for different reasons. They appear as follows:

1. 'RUNDLL' error loading c:\progra~1\ATI... The specified module could not be found.

2. Run DLL as an app has encountered a problem and must close.

"AppName: …

Yeah, but building a dual-boot system is so much more fun... :D

I suggested that only because you said you had recently done the initial install; I didn't think you would have that much to lose by starting over again.

Depending on how badly the SP2 upgrade failed, your best option may still be to start over, though. SP2 is no small upgrade by any means, so you may never be able to find and fix all of the loose ends that an abnormal abortion may have left scattered throughout your system.

- What (exactly) happens when you retry the upgrade now?

- Is it possible to roll back to an earlier Restore Point and rebuild the system from there?

You've a few nasties alright. :(

Before we attack the problem with HijackThis, do the following to get as much of the stuff cleaned up as possible:

A) Run a full anti-virus scan, making sure that your anti-virus program is using the most current virus definition updates.
Also do the free online virus/spyware scans at these two sites:

http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

B) Download and run Ad Aware and SpyBot Search & Destroy (download links are in my sig below).

Follow these directions for configuring Ad Aware (directions courtesy of our member "crunchie"):

1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of days

2) Click on the ‘Scanning’ button on the left and select …

That error is generated by the rundll32.exe system file, which is responsible for managing numerous other components. To give us a better idea of which exact program/module rundll32 is having trouble with, please click on the "More info" button in the error message dialog box and post the full and exact text of what you see there.

Alternately, you can look at your system and application logs to see if they contain additional information on the error. To view the logs, open the Event Viewer utility in your Administrative Tools control panel.

I know this sounds obvious, but check all of your cookie/pop-up/privacy/security etc. settings. Since you seem to getting the main pages OK but not the pass-through/pop-up pages, it looks like you might have one of the above options set a little to restrictively.

I hate to say it, but if the crash happened in the middle of the SP2 upgrade, the most reliable thing to do is probably to start the installation process over from the beginning. :(

That could be caused by a number of things; let's see if we can narrow down the possibilities:

1. What version of Windows are you using?

2. Does it exhibit the same problem when you boot into Safe Mode? (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

3. When did the problem start? Give us some history.

4. Did you make any software or hardware adds/removes/changes around the time this started to happen?

5. Did anything potentially harmful happen to the system (power outage, severe crash, etc.) just before the problem began to happen?

6. Get the computer booted up succesfully, get the most current updates for your anti-virus software, and run a full virus scan of the system.

Give us feedback on the above and we'll take it from there.

You can certainly do it, but the recommended (and least painful) approach is to install the older version of Windows first.

If you are using a single hard drive for both versions of Windows, install 98 on the first (primary) partition and XP in the second partition you create. If you are installing the different versions on different drives, 98 again goes on the first (Primary Master) drive, and XP on the second drive.

Either way you do it, when you install XP it should detect your existing installation of 98 and automatically set up the dual-boot menu for you.

The usual cause of that error (and the solution) is described in the following link:

http://www.murraymoffatt.com/software-problem-0009.html

Give that a try and let us know how it goes.

OK- you've got a few infections, but you're also running an old version of HijackThis. Please download the latest version (1.99.1) from the link in my sig below and post the log that version generates.

There's nothing suspicious in your log.

Please post the full and exact content of the error(s) you're getting; that might give us more of a clue.

That's a clean log, but that doesn't necessarilly mean you have an entirely clean system. What exact problems prompted you to post the log?

The "NetDetect" component of Norton's Live Update feature is probably the source of the DOS pop-up. Check the Live Update-related preferences within your Norton applications to see if there's a setting which allows you to modify the 5-minute auto-run interval.

It might also be listed in your Windows Task Scheduler; check there as well for a reference to NetDetect or ndetect.exe.