Posts by gerbil

Glad it is sorted. AVG will catch up one day. Cheers.

Oh dear. You have a Vundo infection still plus the godzilla worm. And more.
=Have you been deliberately using the Microsoft Remote Assistance service?
=Turn on your firewall.
=See this bit in the Vundofix log?:
"Attempting to delete C:\WINDOWS\system32\dotnjajk.dll
C:\WINDOWS\system32\dotnjajk.dll Could not be deleted." -it means what it says, so you need to re-run Vundofix until it DOES delete all that it finds.
=Combofix does not yet? recognise, and is not capable of deleting the Godzilla worm. So let's try this to clean up a little....
==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as CFScript.txt to where you saved Combofix -that is, to a folder or your desktop.

Killall::

File::
C:\WINDOWS\BM7358b998.xml
C:\Documents and Settings\Administrator\Application Data\inst.exe 
C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
C:\Windows\system32\xxyyvUoM.dll
J:\smss.exe
I:\smss.exe

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyvUoM]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63a9514c-cbd8-11dc-9cb4-b166290c1652}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{982cfd00-8444-11dc-b4da-86056f13b026}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a750cf0-9c19-11dc-b4e0-cef0eb2f6d51}]

Good. Now drag CFScript.txt onto Combofix [drag the icon if on your desktop, or the filename if in a folder]. Combofix will start, let it run, if your firewall prompts then allow all; post the log.

==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].

Will it work in Safe Mode? If not then a windows Repair is probably necessary - you would not lose your files or need to reinstall any applications.
Explorer is your desktop... icons, taskbar, Start button; Task Manager runs independantly of explorer. Background is usually presented by explorer, but may be also put up by IE if you use a webpage or active desktop... anyway, try for safe mode.

Log is clean. If you really are worried you could scan with a trojan hunter like AVG AS.
Truly, cabal.exe is not a worry. Submit it here if you wish:
==Please go to this web page http://virusscan.jotti.org/, click browse and submit this file for examination:

Ah... nice. Looks good from here.
Cheers.

Lemme get this straight... you already had Vista installed, and now you are trying to add an XP installation? Or were those two OSes plus a boot manager originally working in the old sys, already on the drive you popped into your new sys?
If it is the latter, you need some new chipset drivers, and possibly a different hal, and..... it could be tricky.
Or have I got the problem by the wrong handle?

Back in the days of DOS it was a brave new world, the settlers were gazing enthusiastically out into the wilderness and Microsoft was loved as one of the guides who brought them face to face with it.. But then Microsoft rounded them all up and herded them out into it, some against their will, and now the wolves are circling.
Do you see in the BDF log the .dbx file? That is probably the source - an email.
"However it did not have the Make writeable button instead it was a Make readonly button"... yeah, that means it was already writable, so it gave you the option of making it read-only to stop simply written scripts altering it.
Everything happened correctly with combofix.
=Delete this file:
C:\WINNT\d3dx.dat
There seems to be a problem with your C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ folder. I do not know if it is simply to do with the AShampoo file ASFWHide in there.... I suggest you disconnect from the net, shutdown AShampoo, close any browsers, readers, applications and delete the Temp folder itselfthen recreate it. Restart your firewall.
As far as the error goes, well, there could be sys file corruption still. It can get tedious to scan your system, but I would run this last one [cclean first!]:
==Please use IE or Firefox to do an online scan at panda:- http://www.pandasecurity.com/homeusers/solutions/activescan/?
-for the free online virus scan select the link Scan your PC, then Register [otherwise …

I shall do the full dl also.... or better still, get someone to burn a copy for me - I don't have the luxury of blinding speed. And I will hold it over for a full reinstallation; this one is building silly little errors. Lost desktop Search in explorer a few weeks ago [it still works from IE!?] and nothing I do will get it back, and now the little shutdown button has disappeared from my user login panel, and the software refuses to let me rebuild it. So I sense imminent death. Two years is too long by far, anyway.

Yeah, but is the problem with AVG AS or AVG AV?
AVG AV does funny stuff... for a while it suddenly started picking up my IceSword, did it a couple of times, and breaking it, and then it just started ignoring it. Dunno what that was about...
If it is AVG AV doing over cabal.exe, go into the virus vault and select cabla.exe, hit the restore button. That's gotta be quicker than reinstalling the game. And it should learn from that.

Yeah... if you run a proper firewall [not windows one-way deal] it would detect if a trojan was trying to call out and warn you. The game file is okay, though, it is a false alarm.
You are using AVG AS?

Cabal.exe, the game file? And AVG AS is detecting it? That would be because it is packed [and the packer wrapper shows up] and many AV/AS wares pick up the packers as Trouble: viruses etc often use packers to disguise their files, to avoid strings being recognised. Set your AVG to ignore it, cos for "heal" you should read "break" in this case...
Lessee... in Scanner, Settings set Quarantine as the default action;
Then in Infections, Exceptions add a rule to ignore it.

I picked that post up already, crunchie, and combined it into a reply.... chap put it into the wrong thread... :) ... his monicker IS DontknowIT.... yeah... :)

peater, this is not a site that supports cracks.. that is just how it is. But if you have a problem with your sys, take the time to make a new thread outlining it. No point getting cranked up over a blind thread... many out there end up like that for whatever reason.

Hello, Jay... I guess I just missed your post.... sorry about that. Around that time Opera failed with this site and so I just did not come in so often to check. Firefox has its faults with the site also.... spose I could use IE, but I tend not to. Anyway, your log... nicley matured with age... you could fix this one entry:
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} (CU LiveUpdate Control) - http://nettdaten.meetheworld.no/nett...liveupdate.cab

Right, those file deletions... a couple of the files are hidden. It is convenient to use this tool:
==Download killbox from here:- http://www.downloads.subratam.org/KillBox.zip -unzip it onto your desktop.
Dclick killbox to start it.
>Highlight the pathnames in the following block and copy them into clipboard [press Ctrl+C] [ or rclick, copy...]:-

C:\WINDOWS\system32\indfkyky.dll
C:\WINDOWS\system32\gfkbxycw.dll
C:\WINDOWS\system32\avflsjjd.dll
C:\WINDOWS\system32\pgdfgsvc.exe
C:\WINDOWS\system32\pfwaoppg.dll
C:\WINDOWS\system32\vfwktotm.ini
C:\WINDOWS\system32\gtphcpxi.dll
C:\WINDOWS\system32\yxmvxtip.ini

-in killbox, go File menu, choose Paste from clipboard.

Select "Delete on reboot", "Unregister dll before deleting" if available, click the "all files" button.
Click the red and white X button, click Yes on the reboot prompt, click OK if a pendingfilerenameoperation box opens. [do not be concerned if it says it cannot find a file...]
If your computer does not reboot please restart it manually.

Pinki, no, I cannot tell you why that is so, it is new to me. Possibly a new form of attack/hiding to avoid being Fixed by hijackthis...? But we have their names, and so they have no place to hide...
==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as fixkey.reg, as type "all files", to your desktop; dclick it to run... agree; if it opens in notepad instead rclick the icon [file], choose Open with, Registry editor....

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"dzrfwrbk"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"mZAHXfkXDR"=-

Good. Now browse to [or search] and delete these two files in an explorer window:
C:\ProgramData\dzrfwrbk\uditkjcp.exe
C:\ProgramData\apmnyvkr\wbyhojgp.exe
....and delete these two folders:
C:\ProgramData\dzrfwrbk\
C:\ProgramData\apmnyvkr\

They should be gone now.

It is on selective release via Windows updates.... check for a task bar icon coming to a computer near you soon.
http://support.microsoft.com/kb/936929

By the way, if you look into your Combofix log you will note that you have had that erasme_*****.exe /winbin worm for over a year - that has given it ample time to make many copies of itself, and also to trot out into networked computers. It infects Explorer.exe as well....
To make sure it is gone...
==Run a BitDefender online scan: http://www.bitdefender.com/scan8/ie.html - and post the results, please.

=Check your hosts file, it may have been modified to block some security sites.
If you wish to clear your hosts file manually [C:\Windows\system32\drivers\etc\hosts] you may not be able to save the changed/corrected file. This is because some security applications, possibly also various malware, will lock your Hosts file [make it read-only] as a protection.
Go Start, run, type cmd -press Enter. Paste this line into the window at the prompt, press Enter, close the window and try to save the file again.
attrib -r -h -s %SystemRoot%\system32\drivers\etc\HOSTS

Drag HOSTS into a notepad and make any changes, then save it.
Or just use this tool:
==download HostsXpert from http://www.funkytoad.com/content/view/13/31/
-click the top button Make Writable if it is available
-click Restore MS Hosts File button.

I guess I missed your post because for a while Opera was not working with this site, and so I did not look in much. Anyway.... you will notice that I have turned on your windows updates in one of the registry lines - if you do not want that just delete these two lines from the block before you run it with Combofix...
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= -

Heh.... I still like playing Diablo II also... okay, let's get down to it.
Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)

==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as CFScript.txt to where you saved Combofix -that is, to a folder or your desktop.

Killall::

File::
C:\WINNT\eraseme_18043.exe
C:\WINNT\eraseme_18536.exe
C:\WINNT\eraseme_24270.exe
C:\WINNT\eraseme_25226.exe
C:\WINNT\eraseme_27280.exe
C:\WINNT\eraseme_27710.exe
C:\WINNT\eraseme_28350.exe
C:\WINNT\eraseme_28884.exe
C:\WINNT\eraseme_41588.exe
C:\WINNT\eraseme_51842.exe
C:\WINNT\eraseme_55717.exe
C:\WINNT\eraseme_61051.exe
C:\WINNT\eraseme_68082.exe
C:\WINNT\eraseme_70626.exe
C:\WINNT\eraseme_74404.exe
C:\WINNT\eraseme_84170.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msci"=-

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= -

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.FCKK"= -

Good. Now drag CFScript.txt onto Combofix [drag the icon if on your desktop, or the filename if in a folder]. Combofix will start, let it run, if your firewall prompts then allow all; post the log.

352 Megs gone? That will be your most precious photos smoked... :)

I'll gt back to you tonight. Sorry, but I actually missed your post...

...and to continue...
Next, start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\Michael\LOCALS~1\Temp\ie.exe

==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. …

Hello....
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file to install the application and ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
Make sure that everything is checked, and click Remove Selected.
Post the Notepad log [it is also saved under Logs tab in MBAM].

You may leave the nine? O17 entries... they are just the networking parameters for the various current control sets [default, last known good, and current set of system configuration information such as device drivers and services]. They are for a safe ISP. But if you have fixed them connections may be remade via control panel [for the current set.. :)].

Maybe you could start by posting a hijackthis log? See the stickies at top of forum.

Pinki, to allow the fix to be made, temporarily disable TeaTimer:
Open Spybot, click Mode, select Advanced Mode, click Yes in new window, click on Tools in bottom left hand corner.
Click the Resident icon and uncheck Teatimer box.
=In Normal mode, start hijackthis and select Scan Only. Check these two entries and press Fix Checked.

O4 - HKCU\..\Run: [dzrfwrbk] C:\ProgramData\dzrfwrbk\uditkjcp.exe
O4 - HKCU\..\Run: [mZAHXfkXDR] C:\ProgramData\apmnyvkr\wbyhojgp.exe

Good. Now delete these two files:
C:\ProgramData\dzrfwrbk\uditkjcp.exe
C:\ProgramData\apmnyvkr\wbyhojgp.exe
and delete these two folders:
C:\ProgramData\dzrfwrbk\
C:\ProgramData\apmnyvkr\

Done it? Great. Now...
==Download SDFix from here: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
and save it to your desktop. Dclick SDFix.exe and choose Run to extract it to %systemdrive%, which commonly will be C:\

==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.
=You must restart your computer in Safe Mode:
=Open the extracted SDFix folder, C:\SDFix and double click RunThis.bat to start the script. Type Y to begin the cleanup.
You will be prompted to press any key to Reboot - the pc will then restart.
The tool will run again and complete the removal process then display Finished; press any …

Try uninstalling Spywaredoctor, run your chkdsk and then reinstall it.

My personal opinion is that it is not a lot of trouble to reinstall any third party applications into your old partition/folder structures. One can blitz an evening doing it, or just do each as you need them. But none of my applications are in the System partition with windows, no data files either, and so my file structures remain intact. I keep all the installer files [esp downloaded ones, updated as required] in a separate directory.
But I sense that you have only the one partition on your hd. A format [quick or full] deletes and rebuilds the MFT [master file table] and writes a new MBR. That is good, cos leaving either of those on a partition can give rise to confusion if ever you try to recover lost files.
An installation over the old [ie no formatting of the partition] means you get to reinstall your applications but keep your data files.
Doing a complete, clean reinstallation with format means that your data files also will be overwritten. If you are not concerned about data files [and you cannot be if you formatted..] I would format again and start over with booting from the cd. No sense starting off a relationship with Windows where the installation was at all doubtful.
Start over. This is probably a good guide. http://www.theeldergeek.com/xp_home_install_-_graphic.htm
An aside: note the comment beside figure 2 pertaining to ACPI recognition - if proper detection of that capability fails and …

This bit concerns the last section you wrote above....
Right after you select/create a partition and are given the option to format it [you did not cos you wanted to install over the top of the old installation -fine] Setup copies installation files to your hd and then restarts. DO NOT press any key to boot from the cd - here you want the system to boot FROM THE HD. And then you see the five blocks flicker as the system sorts itself out. Configures. Yeah, that's it.
Even with the BIOS set to boot from cd first it should boot from the hd.... if it does not then remove the cd and restart. When Setup requires the cd it will ask for it.
If you have passed this stage and the reboot occurs you should soon see the logo screen. If it stalls here just force a restart [booting from the hd].
As far as keyboards and mouses go Setup can use its own drivers to cope with them during installation - BIOS detects the hardware and Setup can access that information; afterward you may load any special drivers you have which will provide you with advanced features very likely missing from the Setup basic drivers.

Holly, restart, but this time select Safe Mode with Command Prompt.
You will get a flashing cursor at...
C:\Documents and Settings\holly?>
You can change directories by typing say, d: this will take you to d:\ ; c: will take you back to Docs and Setts...
Things you have on your desktop are in C:\Documents and Settings\holly\desktop, so
cd desktop -will give you access to them. You can run combofix from there by entering
combofix.exe -but I note that it would not run earlier...
cd .. -will take you backwards to Docs n Setts\holly again.
Other commands you can use are many... these may help:
control -opens control panel. Doing so will take you into the normal safe mode with icons [bypass System restore], but you keep the command window.
taskmgr -starts task manager. You might try "Running" combofix from there... see below. And stop/start explorer.exe
explorer -opens a normal file navigation window.

Don't break your AV. That Security identifier [SID] S-1-5-32-547 is just the Microsoft code for the power user group.
Schlumberger in registry is okay... I'd have to look for those banking entries.
mstsc.exe is okay, leave it alone.
Unless you deliberately put them there no executable files need to be[or should be] running from My Documents or Documents and Settings and its subfolders. They can... but it is not the right place for them.

Now I don't know what sort of net …

I was just a bit bored with work so I jumped in, dls... :)
To delete I usually just edit to a point, a dot.
No matter, anyway... bill can pick n choose.

Normal [or standard] mode. It matters, cos more malware shows then.
Btw, is that one of those metal scrollpads you just rub your finger on? I have heard of them suffering hardware or pad driver errors which cause that very problem...

Hello, bill. Let's start by getting Combofix to remove what it can.
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
Now clean...
=Uninstall mirar or getmirar.
==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs ..]
...and get AVG AS to get the remainder.
AVG - AS:
==GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5#avg-anti-spyware-free
-Install it and UPDATE it.
Start AVG …

Skip that post, it's not correct.

I just checked my apps... Photoshop and ACDSee [a photo app for Pentax gear] are thumbnails by default only when opening My Pictures folder, otherwise the List View applies by default in other folders of pics. On my sys. It seems. So that does point to a registry entry controlling the action.. it is less likely that it would come from both softwares...

Sigh... gotcha now... and on re-reading it I don't know how I confused your first post...
I'll get back to you, thinking cap is on. I just checked my apps... Photoshop is list, ACDSee is thumbnails by default.... others pgms vary. Checking actions, it seems that both Photoshop and ACDSee [a photo app for Pentax gear] vary the view type according to folder content - if the folder you have in the Open window contains any non-picture formats the View type defaults to List.... if the are only pictures, eg jpegs, gifs, whatever, then both apps use Thumbnail view. On my sys. So that does point to a registry entry controlling the action.. it makes it less likely that it would come from both softwares...

Explorer.exe basically is Windows isn't it? Yep, it's the pretty UI that you usually use to start pgms from and navigate about your files.
The blank blue screen is what you see when explorer stops running - no desktop icons, task bar, backgound etc. It does look like some bad software is killing explorer.... and bad software is most often malware.
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.
We'll go from there. And you can rarely give too much info....

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"

...okay, that was the shellfix reg file you were hunting for. It just tells winlogon to start the explorer shell. Certainly won't do any harm to run it..

Anyway, your sys is infected. Run this:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
If explorer won't stay open long enough for you to load that URL into its address bar or to start your browser you can instead open Task Manager and paste it into the File> New Task [Run] box...

May I add this to the post by Inferno...? Fix these entries using hijackthis:

O4 - HKLM\..\Run: [outlook] \outlook\outlook.exe /auto
O4 - HKLM\..\Run: [Intel Driver] CSRS.EXE
O4 - HKLM\..\RunServices: [Intel Driver] CSRS.EXE
O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O24 - Desktop Component 0: (no name) - (no file)

Good. Now delete this file:
CSRS.EXE - it is dropped by a worm.
and this file and folder:
\outlook\outlook.exe
... I think you will find them in Windows\ or Windows\system32\.
I don't know anything about Windows 98 so I cannot recommend any scans. It was before my time.....

Hi. Go to that folder in explorer, first set how you wish the bulk of all your folders to open and then go Tools, Folder Options, View and click Apply to all Folders. Then set the view you want for that particular folder eg thumbnail, and scroll right down to Remember each folder's View Settings; check and apply.

G'day, holly.. I assume you can still access Safe Mode?
Go back in there and see if by either going Ctrl-Alt -Del or rclicking on what there is of the task bar you can open Task Manager...?
You could? Then go to processes tab and stop explorer.exe. Now, still in TM, restart it by going File, New task and entering explorer.exe.... this is to just attempt reloading your UI.
In TM if you wish to get to Control Panel, run control.exe
You can use this feature if you wish to start other pgms like your AV - use the Browse in New Task to get to the executable in the pgm folder.
You can also do this.... paste into that run box in TM this line:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
=Download that file to your desktop.
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
If you have trouble downloading it you could Run it from the dl box...
Oh, the M$ remote desktop is mstsc.exe and it runs from windows/system32, not Remote Desktop Control. That is a third party software... I would …

Probably nothing.
Rundll32.exe is the pgm that enables the various objects in dlls to be run as executables. An example: open your TM, go to processes tab, order the process name column and then rclick your system clock, click Adjust Date and Time - a new rundll32 willl open up.
From your log you can see that [NvCplDaemon], C:\WINDOWS\system32\NvCpl.dll is using rundll32 - this is your Nvidea graphics tray icon.
I could add that your hd will be showing its run lamp if your sys is using the page file, or windows is taking the chance to organise your files for smoother loading [it will do this in the background, using an organisational file in the prefetch folder that it has built after watching you work].

If you are using netstat then you know that netstat -b shows the executables that are using open ports - they open them and close them as required. You don't say why you want to open or close a port manually... what would you do with it...?
Anyway, I don't need to know that... Windows Firewall will open a port for you... go to the Exceptions tab, Add a Port. And wait for some port scanner out there to hit it... and your sys. It could take no more than a minute.

..and while in control panel go to windows components and uncheck OE to remove it from your Start pgm list [it does not uninstall it...].
Bobby means you gotta have an email client pgm similar to OE... you can't use a web page emailer like say, Yahoo, as a default. Being a M$ product though, M$ makes an exception for Hotmail...
You can also make the choice via CP, Set Pgm Access & Defaults - it detects email clients available on your sys, like say, Opera, if you use that browser.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll

Use hijackthis to fix those two entries, then delete C:\WINDOWS\IECodecPlg.dll
I don't see this file running...C:\Documents and Settings\K & W\My Documents\asdgsdf\SYSTEM\April, 27 2008\svchost.exe
...delete it from safe mode.

==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file to install the application and ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
Make sure that everything is checked, and click Remove Selected.
Post the Notepad log [it is also saved under Logs tab in MBAM].

I don't have time to look at your logs, but please do this.... [educated guess at your problem...]
Clean ... with your CCLeaner.
Scan:
==Please use IE or Firefox to do an online scan at panda:- http://www.pandasecurity.com/homeusers/solutions/activescan/?
-for the free online virus scan select the link Scan your PC, then Register [otherwise there will be no disinfection, merely detection] with a valid email and follow through.
Post the log it produces here.

...which is right on the first page of this thread..
I actually deleted my post containing this tip, but threadmaker Odegani caught it and repeated it in his reply. It does work though.

5 months!! Okay... let's see what this achieves:
==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs ..]
==GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5#avg-anti-spyware-free
-Install it and UPDATE it.
Start AVG a-s 7.5;
-under Scanner/ Settings please change the default action from Recommended Actions to QUARANTINE, and run the complete system scan.
-press Apply all Actions and Save the log file. Post the log file.
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave …

Clean first:
==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs ..]
Now scan:
==Please use IE or Firefox to do an online scan at panda:- http://www.pandasecurity.com/homeusers/solutions/activescan/?
-for the free online virus scan select the link Scan your PC, then Register [otherwise there will be no disinfection, merely detection] with a valid email and follow through.
Post the log it produces here.

Oh yeah, almost forgot... wrong hijackthis. Delete your copy from your desktop and follow these instructions, please.
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.

ric, to break into clearing up that infection please start with these tools:
==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs ..]
==GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5#avg-anti-spyware-free
-Install it and UPDATE it.
Start AVG a-s 7.5;
-under Scanner/ Settings please change the default action from Recommended Actions to QUARANTINE, and run the complete system scan.
-press Apply all Actions and Save the log file. Post the log file.
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, …

Page memory size... what you need for a page file depends a bit upon what you do... whether you work with huge files or graphics manipulators.. and with a small RAM you need a relatively larger page file than if you had a large RAM so that it all adds up to a useful virtual memory size.Your error has several sources... here:
http://www.aumha.org/win5/a/xpvm.php

You bet it is. Here's a selection of three free..
ZoneAlarm Free, Kerio, Comodo