Every time I have my PC fixed, the repairman tells me that if all else fails, the computer can be reverted to it's original state that it was when I first turned it on. It'll lose a lot of important documents, but the computer will be clean and fresh from problems. The computer in question is a Compaq Presario 5000.

Can this be done simply? Will the hardware (graphics card, etc.) be safe?

Have you added/changed any hardware since you bought this machine?

If not you should have a restore disk that came with the computer, this disk when run will restore you to a factory fresh condition, but it should only be a method of last resort.

I've had a new graphics card installed. Will that be harmed in any way by the restore process?

Welcome to http://www.pcguide.com/ubb/pcgubb.gif

If you have the Restore disk that probably came with the computer, this is fairly simple. The Restore disk contains all of the software that came with your computer in compressed form, including Windoze. You use it to reinstall the whole system. It is probably a good idea to reformat the hard drive first to clean it up and you lose all your data when you do that.

However, some Compaqs have the Restore disk stored on a partition on the hard drive. If this is the case, there are reasons why it might not be possible to restore, but it will probably work. I would see if you can make your own Restore disks if this is the setup you have since you then have a backup if something happens to the hard drive.

You probably also have an option to do only a partial restore or even a repair of the software as well. Let us know what problem you are experiencing and we may be able to help you figure out what your best option is.

It is not entirely true that your system will be restored to what it was when new regardless. A clean Restore comes close, but wear and tear takes place regardless so the system will never be exactly the same....

For your new graphics card, you will need to have the drivers for it handy if you do a restore...

I don't have a restore CD. My computer is years old, and if it came with one, I've misplaced it. Is there any free software I could download that could perform the restore?

You may have a Restore partition on your hard drive, since some Compaqs came that way. If the computer tech said you could restore it, it seems likely that is what he was talking about. The Restore involves reinstalling all of the software that came with the computer, including Windoze. If you don't have the disks or the Restore partition, the only other option is to buy all of those disks and go from there. Windoze alone will cost you about $100...

Again, what is the problem that you want to restore?? We may be able to help you sort it out without that drastic an action.

Also, if you do need to restore, you probably need to start backing up your data now so that you don't lose it.

I am not sure how to find out if you have a hidden Restore partition, but I am guessing you have to do it from DOS. Does anyone else know how to go about that???

I will try to type this quickly because my PC crashes (if that is even the proper term) every few minutes. A few moments from now, an unnatural amount of pop-ups will appear. When I try to close one, two more appear, much like pulling out grey hairs. They are not advertisements, though. Just blank pages that even my Pop-Up Killer won't destroy.

That isn't the only problem. Various things like being unable to download certain important software (Internet Explorer) without receiving a multitude of error messages, for example. I don't know how to explain what these troubles because I've limited technical knowledge.

My wish isn't so much to restore files that may have been deleted. Rather, I want to purge my PC. Start fresh after over two years of tiny problems adding up to one giant catastrophe. There MUST be a simple way to do it. If nobody has any ideas by tomorrow, I'll send it off to CompUSA and ask for the process. They've assured me, in the past, they can do it if I want. I just don't want to leave it there for forty-eight hours and pay a ridiculous sum for a procedure I may be able to do myself.

I've saved important documents to disks and a website. I just want to begin anew without what is likely to be a variety of harmful little gremlins in my computer.

Any ideas on this restoration would be very much appreciated.

Well if you are plagued with inumerable popups and crashes...we can help you with that, you are infested with spyware. hijackers and maybe some virus.

The first thing you will need to do is to download and run HijackThis (http://www.spywareinfo.com/~merijn/) (tutorial (http://www.tomcoyote.org/hjt) ) and post the log here.

If you can make any sense of all this, I'd very much appreciate it. To me, it looks like another language. Of all my major PC issues, this one is the most bizarre. It has me considering drastic actions against my computer. If there is some other way, I would be very grateful to hear it.


Logfile of HijackThis v1.94.0
Scan saved at 7:26:28 PM, on 5/11/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Unable to get Internet Explorer version!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL=http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://p11852.ecpm.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://p11852.ecpm.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://v19212.ecpm.com/passthrough/index.html?http://www.rajahwwf.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://p11852.ecpm.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://p11852.ecpm.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://p11852.ecpm.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://p11852.ecpm.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.searchalot.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.searchalot.com
R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\PROGRAM FILES\XUPITER\UPDATES\XTSEARCH.DLL (file missing)
N3 - Netscape 7: user_pref("browser.startup.homepage", "U24503.ecpm.com"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\sou26ydj.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csea rchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\sou26ydj.slt\prefs.j s)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: htoaoufthgd - {d7679763-0ce2-4df8-bd23-5697358804fa} - C:\WINDOWS\APPLICATION DATA\IEZPFOOEAFR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P
O4 - HKLM\..\Run: [PopUpKiller] C:\PROGRAM FILES\POPUP KILLER\POPUPKILLER.EXE
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
O4 - HKLM\..\Run: [SENTRY] C:\WINDOWS\SENTRY.exe
O4 - HKLM\..\Run: [ysjqudzr] C:\WINDOWS\SYSTEM\ysjqudzr.exe
O4 - HKLM\..\Run: [booeaz] C:\WINDOWS\APPLIC~1\thtssglg.exe -QuieT
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O4 - HKLM\..\RunServices: [DkService] C:\Program Files\Executive Software\DiskeeperLite\DkService.exe
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRAM FILES\INTERNET WASHER PRO\IW.exe min
O4 - HKCU\..\Run: [MemoryZipperPlus] C:\PROGRAM FILES\MEMZIP\MEMZIP.EXE
O8 - Extra context menu item: >>> FREE PORN GALLERIES <<< - javascript:{document.location='http://sexmaxx.com/freegalleries.htm';}
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Live (HKLM)
O9 - Extra button: Contacts (HKLM)
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi3 2.dll
O12 - Plugin for .pdf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppdf3 2.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted Zone: [url]http://free.aol.com[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url]
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - [url]http://fdl.msn.com/zone/Z4/heartbeat.cab[/url]
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - [url]http://www.greatplugin.com/diallerfiles/013641.exe[/url]
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [url]http://www.apple.com/qtactivex/qtplugin.cab[/url]
O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - [url]http://a1964.g.akamai.net/f/1964/2730/4h/www.whenu.com/SNDriveBy.cab[/url]
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - [url]http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37600.683912037[/url]
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - [url]http://kit.carpediem.fr/12590/CD/NewHentai.exe[/url]
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - [url]http://stat.trafficadvance.net/dialer/303467.exe[/url]
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - [url]http://www.may.ie/wfplayer/tdserver.cab[/url]
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - [url]http://dst.trafficsyndicate.com/Dnl/T_50006/btiein.cab[/url]
O16 - DPF: {8B741930-AE96-4E4F-8228-138F25A26608} (ACompass.MapControl) - [url]http://www.clarkzoo.org/asheronsCall/acspedia/cab/ACompass.CAB[/url]
O16 - DPF: {E9041F85-3C18-4A7E-A29D-E24F84B79BF1} - [url]http://e2give.com/downloads/UGO20.exe[/url]

You have quite a mess there, but hang on, help is on the way. The only thing I know for sure is that you have Kazaa which is a major way to invite all sorts of nasties into your computer. There are a number of other nasty looking things in the list, but I don't know enough to give you any guidelines for what to get rid of and how. mjc will be along soon and he is the expert for that kind of thing around here...

It should be possible to completely restore to a fresh system (one way or another) but as was said you may have wear and tear on your hardware. I not sure you understood that it should also be possible to save all or most of your data before you try to start fresh. I think what they are looking at first with the Hijack This log is whether they can just get the spyware or whatever off the computer and not have to start over.

WOW!!!

There is alot there......

Next get Spybot Search and Destroy (http://security.kolla.de/) (update it using the online updater before running) then run a scan, fix everything in red and then run another HJT log and post...we will pick up the pieces.

Dr.Dan,

It is also to make sure if you 'DO do' a backup and reinstall, that you don't do a "DOODOO" and reinfest your pc with what you are trying to rid it of.

Trophar,
That's a huge list. Start considering complete backup. Disinfect, then backup. reformat then reinstall, oh, and pray you got it all... :rolleyes:

But first in perspective: The list is nice, trim it down and run the fix programs. Then re-post the log. Progress and likelihood of success will be better seen and whether to scrap or not your data will be a better hypothesis after you have run some of mjc's links.

Getting them in the right order is paramount.

Lots of programs are just resource hog's (accumatively) and not neccessary (but not malware either). To a newbie or even seasoned pc user, the distincion can be quite foggy. You've got a lot of stuff there. 90%+/- not needed. Not neccessarily all malware either.

If you just want 'Fancy Dancy' and all the 'bells and whistles' be prepared for freezes, errors and other assorted goodies that happen with "Letting Windows Manage Your Installs". You'll be knee deep in... (well, you know,,,) head first! :o

I tried SpyBot Search and Destroy before coming here. That was my first attempt at fixing it. The log I posted *is* after SpyBot. I'll run it again, though. Be back in a second...

This is the log after just now using SpyBot again. Is still looks rather extensive. Is the next step to use the Fix This option in HiJackThis? Nobody has mentioned this, so I'm guessing it's a risky move.



Logfile of HijackThis v1.94.0
Scan saved at 11:53:35 PM, on 5/11/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Unable to get Internet Explorer version!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL=http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://p11852.ecpm.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://p11852.ecpm.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://v19212.ecpm.com/passthrough/index.html?http://www.rajahwwf.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://p11852.ecpm.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://p11852.ecpm.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://p11852.ecpm.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://p11852.ecpm.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.searchalot.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.searchalot.com
R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\PROGRAM FILES\XUPITER\UPDATES\XTSEARCH.DLL (file missing)
N3 - Netscape 7: user_pref("browser.startup.homepage", "U24503.ecpm.com"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\sou26ydj.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csea rchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\sou26ydj.slt\prefs.j s)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: htoaoufthgd - {d7679763-0ce2-4df8-bd23-5697358804fa} - C:\WINDOWS\APPLICATION DATA\IEZPFOOEAFR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P
O4 - HKLM\..\Run: [PopUpKiller] C:\PROGRAM FILES\POPUP KILLER\POPUPKILLER.EXE
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
O4 - HKLM\..\Run: [SENTRY] C:\WINDOWS\SENTRY.exe
O4 - HKLM\..\Run: [ysjqudzr] C:\WINDOWS\SYSTEM\ysjqudzr.exe
O4 - HKLM\..\Run: [booeaz] C:\WINDOWS\APPLIC~1\thtssglg.exe -QuieT
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O4 - HKLM\..\RunServices: [DkService] C:\Program Files\Executive Software\DiskeeperLite\DkService.exe
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRAM FILES\INTERNET WASHER PRO\IW.exe min
O4 - HKCU\..\Run: [MemoryZipperPlus] C:\PROGRAM FILES\MEMZIP\MEMZIP.EXE
O8 - Extra context menu item: >>> FREE PORN GALLERIES <<< - javascript:{document.location='http://sexmaxx.com/freegalleries.htm';}
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Live (HKLM)
O9 - Extra button: Contacts (HKLM)
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi3 2.dll
O12 - Plugin for .pdf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppdf3 2.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted Zone: [url]http://free.aol.com[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url]
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - [url]http://fdl.msn.com/zone/Z4/heartbeat.cab[/url]
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - [url]http://www.greatplugin.com/diallerfiles/013641.exe[/url]
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [url]http://www.apple.com/qtactivex/qtplugin.cab[/url]
O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - [url]http://a1964.g.akamai.net/f/1964/2730/4h/www.whenu.com/SNDriveBy.cab[/url]
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - [url]http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37600.683912037[/url]
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - [url]http://kit.carpediem.fr/12590/CD/NewHentai.exe[/url]
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - [url]http://stat.trafficadvance.net/dialer/303467.exe[/url]
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - [url]http://www.may.ie/wfplayer/tdserver.cab[/url]
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - [url]http://dst.trafficsyndicate.com/Dnl/T_50006/btiein.cab[/url]
O16 - DPF: {8B741930-AE96-4E4F-8228-138F25A26608} (ACompass.MapControl) - [url]http://www.clarkzoo.org/asheronsCall/acspedia/cab/ACompass.CAB[/url]
O16 - DPF: {E9041F85-3C18-4A7E-A29D-E24F84B79BF1} - [url]http://e2give.com/downloads/UGO20.exe[/url]

Have HJT fix all of these

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL=http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://p11852.ecpm.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://p11852.ecpm.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://v19212.ecpm.com/passthrough/index.html?http://www.rajahwwf.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=about :blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=about :blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://p11852.ecpm.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://p11852.ecpm.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://p11852.ecpm.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://p11852.ecpm.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.searchalot.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.searchalot.com

R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\PROGRAM FILES\XUPITER\UPDATES\XTSEARCH.DLL (file missing)
N3 - Netscape 7: user_pref("browser.startup.homepage", "U24503.ecpm.com"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\sou26ydj.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine:// C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csea
rchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\sou26ydj.slt\prefs.j s)

O3 - Toolbar: htoaoufthgd - {d7679763-0ce2-4df8-bd23-5697358804fa} - C:\WINDOWS\APPLICATION DATA\IEZPFOOEAFR.DLL

Look for any of these in Add/Remove programs...

if they are found, uninstall them from there, then reboot
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P

O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe

O4 - HKLM\..\Run: [ysjqudzr] C:\WINDOWS\SYSTEM\ysjqudzr.exe
O4 - HKLM\..\Run: [booeaz] C:\WINDOWS\APPLIC~1\thtssglg.exe -QuieT

O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRAM FILES\INTERNET WASHER PRO\IW.exe min
O4 - HKCU\..\Run: [MemoryZipperPlus] C:\PROGRAM FILES\MEMZIP\MEMZIP.EXE

Also have it fix these...

O8 - Extra context menu item: >>> FREE PORN GALLERIES <<< - java script:{document.location='http://sexmaxx.com/freegalleries.htm';}

O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=

O15 - Trusted Zone: http://free.aol.com

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - http://www.greatplugin.com/diallerfiles/013641.exe
O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://a1964.g.akamai.net/f/1964/27...m/SNDriveBy.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://kit.carpediem.fr/12590/CD/NewHentai.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://stat.trafficadvance.net/dialer/303467.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.may.ie/wfplayer/tdserver.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50006/btiein.cab
O16 - DPF: {E9041F85-3C18-4A7E-A29D-E24F84B79BF1} - http://e2give.com/downloads/UGO20.exe

It's been about a half an hour since I used HiJack This, and I haven't seen the rapid pop-ups yet. Before, they would show up every few minutes. I think it worked. Thanks a bunch.

If you want to avoid another episode like this, you probably need to install a firewall, keep using Spybot and your AV software and keep them updated and stay away from Kazaa....

Also things to do

1. Install SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)

2. Update and scan regularly with Spybot and an AV.

3. Post a follow up HJT log...

What's up. Have you backed up your hard drive? Once you do, do this:

Scan for Viruses
Start>Run>Msconfig>Create Backup>Click on Startup, post results of what's under Startup here.
Scandisk
Defragment

Oh yeah, don't listen to Compaq at all. They don't care about you or your problems, they just say whatever is on their "list" of solutions. I had many problems with my Compaq Presario 7594, and every time I asked Compaq for help, they either told me to do something which either, once done, didn't help/caused more problems, or they told me to contact CompUSA, which was going to cost me money. So, in each case, they were of no help, just a nuisance. They don't really know anything, but people assume they do, trust them, and then get hurt. Better to do it yourself, even though it will be a hard journey, once you come out on the other end, like I did, you will be very satisfied, and you will never have to subdue to Compaq's mercy, and count on them. You will be able to do everything yourself.

ilusha2, Trophar doesn't need to post what is under the Startup...it is all already listed; every one of those entries in the HijackThis log that starts with a 04 is a startup entry. All 23 of them!

What's the deal?

Why not just call HP-Compaq and buy the OEM software. The last time I checked it was still available for all Presarios.... 3 months ago...

And it's cheaper then buying a standalone user license for windows etc...

And while you're at it, actually read about the "restore" application when you get the software loaded... you'll find out that you can use it to make "new" factory restore points which would include any update and personal files you have on the hard drive at the time.......

This must be too much for most people 'cause Iv'e been making money out of doing this for years......