Posts by DMR

That log looks clean to me; let's see if crunchie seconds my option on that.

The newest variant of the VX2 infection is extremely nasty and at the moment it seems that there is no "automatic" utility which will remove it. Read our member "crunchie"'s posts in these recent threads on the subject for a bit more insight:

http://www.daniweb.com/techtalkforums/search.php?searchid=242139

In the mean time, please download the latest version of HijackThis from the link in my sig below. Once downloaded, follow these instructions to install and run the program:

Create a new separate folder on your drive for HijackThis, move the program into thids folder, and run it from there. (Don't run HJT from within any Temp or Temporary Internet folder, and don't run it directly from your desktop.) Do not have HJT fix anything yet, only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log here. The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

Hi LOSTWORLD, welcome to TechTalk :)

A couple of things before we dig into your log:

1. You are running an outdated version of HijackThis. Please download the latest version (1.99.0) from the link in my sig below, run it, and post the new log it generates.

2. When you do download the new version, please don't run it directly from your desktop; create a separate folder for it such as C:\HijackThis and run the program from there.

Do the above, and we'll take it from there...

In upgrade situations, the error you're getting is often triggered by "stale" entries in certain subkeys of you existing Registry. The entries are usually loose ends left over from previous upgrades/installations that didn't quite finish up cleanly, and deleting them can allow your current install to continue
properly.

Read some of the following Microsoft Knowledge Base articles for possible fixes (when going through the articles, keep in mind that the error is not specific to "XP"; the particular fix you need may be in one of the articles related to another version of Windows):

http://support.microsoft.com/search/default.aspx?query=Existing+software+was+not+fully+installed&catalog=LCID%3D1033&pwt=false&title=false&kt=ALL&mdt=0&comm=1&ast=1&ast=2&ast=3&mode=a&x=7&y=15

These programs don't need to be run as startup items:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Depending on your particular setup and usage, you may not need these either:

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

You can do a Google search for info on the above filenames if you have questions about them.

Other than that, the last log you posted does look OK.

There are many reasons it won't work...

Er, um... huh??

There are actually two technologies which will do this; one is called "modem bonding" and the other is called "modem teaming". Modem bonding needs to be supported by your particular ISP; modem teaming does not, but it does require special software. The following article gives a brief description of each technology; a Google search for the terms will give you much more info:

http://www.tribuneindia.com/2001/20010101/login/main1.htm

also. i created a ms-dos via right click A: format and put a check mark on create ms-dos boot disc.

however when i boot to that disc i cannot run chkdsk. how can i create a DOS boot disc so that i can run chkdsk /f

When you choose to make a floppy bootable in the format process, only the essential core DOS system files (io.sys, msdos.sys, command.com) are copied to the floppy. Because chkdsk is a separate, "external" program, you have to copy chkdsk.exe to the floppy after you format it. The same holds true for other utility programs such as "fdisk" and "format".

I'll post some links for you tomorrow; it's well past "sleepy time" in my end of world right now....

Please download the utility program HijackThis, run it, and post the log file it generates for us to review.

Instructions for downloading and using HijackThis can be found in our member caperjack's post in this thread:

http://www.daniweb.com/techtalkforums/thread15641.html

wow, I salute you for even taking the time to write all that in this particular thread lol. you should get 5 extra reputation points!!

lol.

Seriously though- I'm familiar with OurNation and Mereannjen, and have participated in troubleshoots with both of them. Neither member has ever shown ill will here, and I'm sure there was none intentionally meant at all in this case. Misunderstanding? Perhaps, but that's where being a moderator comes into play- part of that job is to help sort out misunderstandings between our members.

:)

I forsee someone in the near future having less rep... Trifle with the man who clicks the thumbs-up/thumbs-down icon, little one. :P

And I foresee the Keeper of the Sacred Wet Trout sneaking up behind you in the middle of the night and... oh, wait- here it comes!!!....

[img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/fishwhack.gif[/img]

I'd say the statement was uncalled for (in whatever context it was made) and extremely poor advise.
That alone should be enough reason to lower your reputation...

Actually, the specific context is exactly why it wasn't "poor advice" in this case:

In the thread in question, OurNation was not making an offhand comment on the general use of Internet Explorer at all- The comment was directly in reference to the fact that the latest HijackThis log which Mereannjen had posted in the thread indicated that she had an instance of Internet Explorer running when she ran HiajckThis. Given that HijackThis cannot fully and completely perform all of its fixes while any instances of IE are still running, OurNation's observation of that was on the mark.

Granted, perhaps the addition of some appropriate "smiley" icon in OurNation's post would have made the "joking" aspect of the post more obviously apparent to all. Quite honestly though- to call OurNation's comment (in context, because it was made as such) rude, out-of-line, or uncalled for is simply incorrect.

That said, let's not have this rather minor matter get too personal, OK?

....except for my next post directed at alc6379's comment :mrgreen:

(please note appropriate use of "smiley" above)

If it helps any, I gave you some reputation.

See! Rep Abuse!! Rep Abuse!! I'm tellin', Alex....

:mrgreen:

Question split from this earlier thread:

http://www.daniweb.com/techtalkforums/thread9326-device+manager.html

Brigund,

I've split your question into its own thread for clarity. You can find your thread here:

http://www.daniweb.com/techtalkforums/showthread.php?t=15680

will this make me unable to use bearshare?

And this would be a Bad Thing why? :mrgreen:

Seriously- Bearshare is Adware, and we're here to help people get crud like that off of their systems. The choice to use filesharing programs or not is certainly yours, but we don't recommend it because it greatly increases your chances of getting "unwanted guests" in your system

how can i tell if they a valid for my network configuration.

Only you can say for sure- are the IP addresses 204.202.10.211 and 64.91.255.87, or the dcsresearch URL familiar to you?

If not, I'd have HijackThis fix those entries.

there were 3 files i could not get rid of in temp folder..
dfa53b.tmp
dfa533.tmp
mpc1.tmp

Did those filenames begin with the tilde character (for example, "~dfa53b.tmp")? If so, they might not be a problem; even in safe mode there can be a few valid Windows temp files which you will not be able to delete because they are in use.

i also have a data base file titled Thumbs on my desktop, dont know if that should be there.

Yes, it should be there. It is one of the legit (but normally hidden) files in your desktop folder; you are seeing it as a result of modifying your View settings in Explorer as I instructed in my last post. If you reverse the View settings changes I had you make the file will become hidden again.

In terms of your log:

1. It still reports the P2P Networking entry. Did you have HJT fix that entry, and delete the P2P folder as I instructed in my last post? If not, please do so now.

2. Did you determine that the following two entries are valid for your particular network configuration?:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=ftp://204.202.10.211
O1 - Hosts: 64.91.255.87 www.dcsresearch.com

If they are not, you should have HJT fix them.

Aside from the above, the rest of the log looks clean to me. You might want to wait …

COuld it be the crlf32.exe or the kalvkyr32.exe file?

Yes, those are two of your problems. Also, you still have some "nasties" running from within your C:\documents and settings\gavzya\local settings\temp folder. Did you fully follow caperjack's instructions regarding deleting all of the files in that folder?

1. Use your Add/Remove Programs control panel to remove the "Download Accelerator Plus" program, it is adware ("Flashget" is ad-driven also).

2. Have HijackThis fix the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {F8178FB3-8D25-D7C4-86A7-8FA8F80D9D53} - C:\WINDOWS\netay32.dll
O4 - HKLM\..\Run: [crlf32.exe] C:\WINDOWS\system32\crlf32.exe
O4 - HKLM\..\Run: [vRIONrM.exe] C:\documents and settings\gavzya\local settings\temp\vRIONrM.exe
O4 - HKLM\..\Run: [Ejt9.exe] C:\documents and settings\gavzya\local settings\temp\Ejt9.exe
O4 - HKLM\..\Run: [lcusqjkfyk] C:\WINDOWS\System32\osprpl.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvkyr32.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.frame.crazywinnings.com

Cool- thanks for the clarification.

1. Turn off XP's System Restore function. Instructions and explanation are here.

2. Have HijackThis fix the following:

O2 - BHO: - {EDD4735C-7550-459B-8445-F7BAFE4588C5} - C:\WINDOWS\lbbho.dll (file missing)
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [C:\WINDOWS\System32\ope17E.exe ] C:\WINDOWS\System32\ope17E.exe
O4 - HKLM\..\Run: [C:\WINDOWS\System32\ope189.exe ] C:\WINDOWS\System32\ope189.exe
O4 - HKLM\..\Run: [C:\WINDOWS\System32\ope1A0.exe ] C:\WINDOWS\System32\ope1A0.exe
O4 - HKLM\..\Run: [C:\WINDOWS\System32\ope1A9.exe ] C:\WINDOWS\System32\ope1A9.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab

** Unless you know that the IP addresses and URL in following entries are a valid part of your particular network setup, have HJT fix these as well:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=ftp://204.202.10.211
O1 - Hosts: 64.91.255.87 www.dcsresearch.com

3. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files".

- Delete the following files:
C:\WINDOWS\wdskctl.exe
C:\WINDOWS\satmat.exe
C:\WINDOWS\System32\ope17E.exe
C:\WINDOWS\System32\ope189.exe
C:\WINDOWS\System32\ope1A0.exe
C:\WINDOWS\System32\ope1A9.exe

- Delete …

<edit>

Damn you're quick, Chris!

</edit>

I seem to recall ext2 (which is most similar to ufs) benchmarks faster than UFS (although ufs can be more stable), and reiserfs benchmarks at about the same speed...

Very generally though, keep in mind that those benchmarks vary according to the size of the files used in the tests- some filesystems will "benchmark" better than others if the testing is done with large files, while other will perform better when dealing with smaller files. This is definitely the case when you compare reiserfs to ext2/3.

The problem is this: I am stuck in 640X480 resolution and I can't get out.

Possibly/hopefully helpful linkage:

http://www.justlinux.com/forum/search.php?action=showresults&searchid=1045044&sortby=lastpost&sortorder=descending

does it beep at you?

As bavnostroclum previously posted: "because I can't hear even beep...". That definitely does not sound like a Good Thing. :(

bavnostroclum,

1. You said: "but I am not absolutely sure that I could hear HD spinning..".
Open the case and put your hand on the drive before powering up the computer and then hit the power switch. Can you feel the drive spin up after you turn the 'puter on?

2. suroot asked: "is the monitor plugged in?". My bet is that you probably do have the monitor's power and video cables connected correctly, but do the monitor's status LEDs/lights indicate the presence of a valid video signal?

3. It's entirely possible that in the course of all of the physical rearrangement you've done within the chassis, you've accidentally "knocked" some other component out of alignment. I would triple-check that all of your cables, PCI cards, and RAM modules are seated correctly and firmly.

Also did some one delete my previous post?

I don't see anything in the mod notes for this thread that indicate that; are you sure it was a post in this thread?

It might be because it got formatted when it got read as 2 gig by Fdisk ?

PC BIOSes don't depend on fdisk or any other partioning software to get total size/capacity info from a drive; they work on a lower level that that.

Please post all of the details I already asked for, and also:

Go into your BIOS' setup and tell us exactly how the drive is currently being reported there (drive-type, cylinder/head/sector info, etc.)

Older versions of fdisk dont suppport greater than 80GB.

Greater than 64G actually, but re-read the original post carefully:

" The HD reads as 2 gig in the bios as well... but I still can't get it to recognise that extra 8 gig on there"

I'll grant that the post is a bit hard to follow, but it does sound like the problem is with a 10-ish Gig drive, of which only ~2G is recognised.

Also- keep in mind that if the BIOS itself really is reporting the size as ~2G as Malkcontent said, that would have nothing to with fdisk.

...but when loading windows said something like TRND is missing

Please be more specific about the exact error message if you can.

I left it with WD ( where Win is installed)
at primary IDE chanel jumpers as a master alone, tried already as master just, without Maxtor HD connected ... but nothing..

With only the original (WD) drive in the system, cabled and jumpered as the Primary Master drive, do you even hear/feel the drive spin up? For that matter, is there any indication at all that the system is at least getting power?

The HD reads as 2 gig in the bios as well.

That indicates a problem at a lower level than the operating system, fdisk, etc. Please give us the following specifics:

- Model of motherboard, including version and/or revision number if possible.

- Make and specific version of the BIOS

- Make and model # of the hard drive.

Thanks for the response.

I have to log off for the night now, but I'll come back to this tomorrow.

I have Yahoo Messenger and Toolbar and use Yahoo for mail and my default web page, so maybe that's where it comes from.

Yeah- from what I've seen, I think that's really what's going on.

Looks like this is the end guys. Thanks loads!!!

Merry Christmas!

You're welcome, and Merry Christmoose to you as well :)

I figured as much, but we just wanted to be sure.

There are one or two "keylogging" trojans that use the filename "trillian.exe" (the same filename as the "Trillian" IM/chat program), and since your HJT log indicated that you weren't running Trillian from the location that it usually installs to, we had some question about the entry.

We can safely assume that in your case " E:\Trillian\trillian.exe" is the real IM program then, yes?

Just out of curiousity:

Your log indicates some programs running from E: and E:\Program Files. Is the E drive just a separate storage drive/partition?

1. The good news: Your log looks clean to me now.

2. You can safely delete everything in the Prefetch folder, and since you found wupdt files in there I would do that now.

3. The Wild Tangent games do have a function that transmits usage info back to Wild Tangent and may automatically download and install program components; I'd give them the axe, personally.

4. Don't worry about the index.dat file in the Cookie folders. Read the note about that in my last post.

5. Ad Aware SE is the newer version of Ad Aware. Support for version 6.0 is being discontinued, so you should uninstall 6.0 and install SE instead.

6. Those 2 files in your Content.IE5 folders sound like they're either infected or have gotten corrupted somehow. Not being able to sit in front of your computer, it's hard for me to say. Get the latest updates for your Norton Anti-Virus, run a full system scan, and see if it flags those files. Also, if you have the full Norton Utilities package you can run the disk diagnostics to see if they find any filesystem corruption.

The only thing I see that's weird is that this keeps coming back:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

You know, even though I often see people recommending that the "red.clientapps" entries should be fixed by HJT, I've never found any information which indicates that those URLs are really "nasties" at all. Additionally, if you run an nslookup on "red.clientapps.yahoo.com", it does report that URL to be associated with valid IP addresses belonging to Yahoo. :?:

Try cleaning out your Cookie and Content.IE5 folders while you're in Safe Mode.

Oh, right- I don't think I've posted the "whole banana" version of that general cleanup yet:

- Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files".

- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders:

1. Local Settings\Temp
2. Cookies
3. History
4. Local Settings\Temporary Internet Files\Content.IE5

- Delete the entire content of your C:\Windows\Temp folder.

Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.

- Empty your Recycle Bin.

- Reboot normally.

You're using Windows XP, so the directions that dlh6213 and I gave you should work.

Also- Just exactly what options do see under the main "Tools" menu option?

I've updated every thing except SP2 (which some folk think is a bit suspect anyway)

The upgrade to SP2 has caused problems with certain hardware/software configurations, and for those people who decided to apply SP2 when their current XP installation has virus/spyware infections or other more general Windows "glitches".

The recommendations of being absolutely sure that your current install of XP is "squeaky-clean" before upgrading to SP2 are many and well founded. It's often suggested that you treat migrating to SP2 as the equivalent to instzalling an entirely new version of Windows.

I'm guessing that all of you do this for the craic (which baffles me more than the problems i've been having)

Lol. Why be baffled? Most of us have probably asked the same question to ourselves, have come up with no reasonable answer whatsoever, but continue to do what we do.

OK, well... we certainly don't do it for the money; there is none- we're all volunteers. Is it just "for the craic", as you say, though? That's hard to answer- the word "craic" actually has no direct English translation, and even used in normal Irish conversation it can have deeper meanings (depending on context) than the literal definition of the word would indicate.

Personally, I don't think I could quite describe a stint here at DaniWeb as "great craic" per se (although we definitely do have a community of really great people here, it is still a lot of work), but I would definitely …

OurNation,

Please don't sweat the whole Reputation Points thing.

Without going into a ton of detail and history:

As you've found out, a "Points" system is by nature somewhat prone to abuse/misuse; we and other support sites who've implemented such rating systems have had a lot of discussion concerning the merits/demerits of having done so. In our case, the sytem is still in place, but the upshot is this:

People who are looking for help here don't rely on rep points much at all as far as I've seen; a member's registration date, post count, and the actual contents of thier posts are all much more reliable indicators of the member's standing here.

I'll wait till s/he's ready.

That would be a "he".

Moving to the proper forum...

...and for some reason I couldn't get DaniWeb yesterday at all.

I don't think that was a problem on your end- I was unable to reach the site for most of the day as well.

As for the rest of your post:

Crikey! I just don't have the time to munge through all that right now; hopefully crunchie will have time soon to give it a lookover. In the mean time though, have a look at the following site for an in-depth description of the numerous Windows services, including which services can be safely disabled under different circumstances/system configurations:

http://www.blackviper.com/

Congratulations- you're log is squeaky clean. :)

Listed below are some general things you can do to greatly reduce your chances of future infections:

1. Use Windows Automatic Update function to keep your system as up-to-date as possible with the most current Microsoft security and bug fixes.

2. Stop using Internet Explorer as your web browser. Because IE is so closely tied into the Windows operating system itself and contains so many security flaws, switching to another browser such as Netscape, Firefox, or Opera will greatly reduce the avenues through which spyware/adware/hijackers/etc. can infect your computer.

3. Install preventative utilities such as SpywareBlaster and SpywareGuard (links are in my sig below), especially if you absolutely have to continue using Internet Exploder. These utilities protect areas of your system known to be vulnerable to malicious attacks.

4. Tighten up some of Internet Explorer's existing, default settings to make it more secure. Some info on that can be found here.

5. Obviously: install a good anti-virus program and enable its auto-protect, automatic update, and email-scanning features.

6. None of your utilities are of much good if you don't check for updates frequently; updates for anti-spyware/anti-virus programs can be released as often as ever two or three days.

Hi ABB89,

First of all- welcome to TechTalk!

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. Before you post though, please download and run the HijackThis detection and removal utility from the link in my sig file below. Follow these instructions regarding downloading and using HijackThis:

Create a new separate folder on your drive for HijackThis, download or move the program into this folder, and run it from there. (Don't run HJT from within any Temp or Temporary Internet folder, and don't run it directly from your desktop.) Do not have HJT fix anything yet, only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log here. The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.
Important! -> HJT cannot fully perform its fixes unless all instances of …

Good- according to your log, the NewDotNet uninstall seems to have worked.

If the "Windows TaskAd" program shows up in Add/Remove Programs, choose to remove it. If it isn't present in the list, or the uninstall fails, the manual removal instructions are included in the rest of your clean-up procedure below:

1. Have HijackThis fix the following:

O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [OSS] c:\windows\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/C...e/bridge-c7.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interact...stallPlugIn.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com...es/MsnPUpld.cab
O16 - DPF: {83E2158E-2B49-4303-BF86-2C43494A60FD} (routing.addroute) - http://www.012fun.net/routing.ocx
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/downloa...abasetup145.cab

2. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files".

- …

That error isn't exactly uncommon, but there can be a number of reasons for it.

Are you performing a new, fresh re-installation of XP, or are you tring to reinstall "over" your existing installation (an "in-place" reinstall)?

You might also want to look through your system log files to see if more specific error information is listed in them. To view the logs, open Event Viewer in your Administrative Tools folder. Post the full content of any error messages which may seem related to the IE crash.

1.99beta did seem to work just fine.

It may have worked for you, but 1.99 isn't meant to be a public release.
Here's the explanation from Merijn (the author of HijackThis):

HijackThis version 1.99 is currently in beta. Unfortunately, several sites have picked the file off the forums where I posted it in restricted sections and posted it as a public, final release.
Please refrain from using the HijackThis 1.99 beta, it has a crash bug and is not finished yet. Be patient and wait for the final version, which should be out soon. 'Beta' does not mean 'pretty much ready anyway'.

Aside from that- yes, your log looks clean.

OK- you definitely still have problems.

First, we need to ge rid of the "newdotnet" infection. Removal instructions have been posted by our member "crunchie" in the following thread. Please follow his advice concerning newdotnet removal very carefully, as improper removal of the pest can further corrupt your Internet connection:

http://www.daniweb.com/techtalkforums/thread14407-newdotnet.html

Post a fresh HJT log.
We'll see what nasties remain and take it from there.