I can't remember exactly how it happened, but everytime I start XP I get this warning:
"Application failed to initialize: 0x800106ba. A problem caused Windows Defender Service to stop. To start the service, restart your computer or search Help and Support on how to start a service manually."

did what was suggested and no luck finding windows defender. if I remember, all this happened after I uninstalled Norton security because it was giving me problems accessing my usb hard drive.

and occassionally, I get a blue screen will long texts that end by saying core dump disks: (counting upwards). I usually never wait and just unplug the whole thing.
btw, I'm running on a dell inspiron 8600

the outcome of the scan is a pretty long log so I'm sending as an attachment. hope someone can help me. btw, my system specs:
Dell Inspiron 8600(laptop)
clock: 2GHz
RAM: 2GB
hard drive: 60GB

besides the virus, I seem to have problems accessing folders that contain hundreds of subfolders that about 1GB each. depth of the directory tree is no more than 3. other folders with fewer subfolders are fine. If I'm not mistaken, this happened after I installed Norton security which I've already uninstalled but problem still persists. hope someone can help me out here.

We do not download attachments from infected computers:rolleyes:

Please post it in the regular way using as many posts as needed.

Also, please keep all references to one problem in one thread....

pt 1:

Logfile of HijackThis v1.99.1
Scan saved at 7:22:31 AM, on 2/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P 1.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
C:\Program Files\InterVideo\DVR5\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\xxx\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\STEVEB~1\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 211.210.34.253:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {D4CAC053-3E1A-4CB1-9703-CF4194BDECEC} - C:\WINDOWS\System32\nloe.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\System32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P 1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

pt 2:

O4 - HKLM\..\Run: [EPSON Stylus Photo 2200 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P32 "EPSON Stylus Photo 2200 (Copy 1)" /O6 "USB002" /M "Stylus Photo 2200"
O4 - HKLM\..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P23 "EPSON Stylus Photo 2200" /O5 "LPT1:" /M "Stylus Photo 2200"
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [EPSON Stylus Photo 2200 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P32 "EPSON Stylus Photo 2200 (Copy 1)" /M "Stylus Photo 2200" /EF "HKCU"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConn ection OfotoNow
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\DVR5\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {395D7112-EC28-42BC-93F7-F31062353153} (Pixamo Picture Uploader) - [url]http://www.pixamo.com/uploadapplets/uploader2.cab[/url]
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - [url]http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab[/url]
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO. EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID. EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

First, please unzip Hijackthis into a permanent folder you are running it from a temp folder and restoring things can be problematic.


Before starting any cleaning steps, please disable the Microsoft Anti-Spyware real-time protection:

Right-click on the Microsoft Anti-Spyware (Windows Defender) tray icon by your clock (it's the one with the red and yellow bulls-eye).
Click on "Security Agents Status".
Click on "Disable real-time protection".


Next, open Microsoft Anti-Spyware.

Click on the Options menu, then Settings.
Select "Real Time Protection" from the left column.
Uncheck "Enable (MSAS) Security Agents" and "Enable real-time spyware threat protection".
Click the Save button.

Finally, Right-click on the MSAS tray icon, select "Shutdown Microsoft Antispyware", and click "Yes" in the dialog that comes up.

You can re-enable it once your system is clean.



Please download Intermute's CWShredder from here:
http://cwshredder.net/bin/CWShredder.exe
Save it to the desktop but do NOT run it yet.

Then please download About:Buster from here:
http://www.malwarebytes.org/AboutBuster.zip
Unzip it to the desktop, run it, Check for Updates, and update the files, but do NOT run a scan yet.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) Just before the Windows starts to load, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml


Once in Safe Mode, please run CWShredder, and click Fix.

Then please run About:Buster and click Start to begin the scan. If prompted to end the Explorer.exe process, click Yes. Your desktop may disappear --- this is normal. Allow the program to scan twice, and when complete click "Save Log". This will create a text file called "AB Logfile.txt" in the folder where About:Buster is saved. I will want to see this logfile later.

Then please run Ewido, and run a full scan. Save the log from the scan for me.

Finally, please run HijackThis, click Scan, and check:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\STEVEB~1\LOCALS~1\Temp\se.dll/spage.html

Unless your ISP is in Korea, I would also fix:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 211.210.34.253:8080

O2 - BHO: (no name) - {D4CAC053-3E1A-4CB1-9703-CF4194BDECEC} - C:\WINDOWS\System32\nloe.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
Close all program and browser windows except Hijackthis and click fix checked.

Re-boot and Post back with:

A New Hijackthis log
The Ewido Log
The About Buster Log

Also, please keep all references to one problem in one thread

In fairness crossbone was asked to submit the HJT log in this forum (http://www.pcguide.com/vb/showpost.php?p=336141&postcount=4) from his other related thread (http://www.pcguide.com/vb/showthread.php?t=54783).

BTW - what are the risks of downloading an uploaded .txt file from an infected or an uninfected computer? It has never given me any concern unless I have been missing something maybe.

In fairness crossbone was asked to submit the HJT log in this forum (http://www.pcguide.com/vb/showpost.php?p=336141&postcount=4) from his other related thread (http://www.pcguide.com/vb/showthread.php?t=54783).
He had two more threads which I combined into this one.

BTW - what are the risks of downloading an uploaded .txt file from an infected or an uninfected computer? It has never given me any concern unless I have been missing something maybe.

I agree with you, but since Budfred does it that way, so do I.....

Then after you are cleaned up, crossbone, we'll discuss the need to remove/disable unused devices. I noticed that you have at least three different wireless network products running..but that is a separate issue (sort of) from the current infection.

I haven't kept up with this thread cos things have gotten worse lately. One big problem is that my computer tends to freeze(either with screen still on but can't use mouse or keyboard or total blackout) suddenly so I'll try to keep this short.
list of problems:
1. Computer freezes
2. I get the blue screen with disk dump thing message. cause varies.
3. sometimes when starting, BIOS is loaded so slow or not at all
4. sometimes after BIOS has loaded, a notice saying memory has changed even though no physical changes were made. when checked, I get 64MB or 132MB even though I have 2GB of RAM
5. sometimes when I left the computer on but not do anything, the screen blacks out and I can't restart and cooling fan blows like crazy. when checked under the chasis where the sodimms are, they're warmer than before I left them.
6. something like problem 1 but screens gradually becomes brighter and brighter and horizontal banding appears.

everytime when the computer freezes, I have to unplug which I don't think is very healthy for the system. could all these problems caused by a virus or corrupted xp files?

btw, I've updated my BIOS after all these have occured and with the exception of problems 3 and 4, nothing has changed.

anyway, I think I've decided just to reinstall, but considering what happened at POST level, do you think it'll help? should I perform the change that classicsoftware suggested?

If I were to install, what other files I should back-up besides my data? I know there are hundreds of FAQs on this topic, but I like reliable info.
thanks!

God only knows what to tell you. I don't. Your computer is infected. You flashed the bios? I don't know how the system got to where it is, but spyware is the least of your problems....

I would put a hold on this thread and post something in core hardware. Not my specialty. Did you change the RAM recently, the power supply? What else did you do the system besides flash the bios, which by the way can destroy a system if not done properly.

Yes, back up your data...

Then, if there is any warranty left on this thing, have Dell (under warranty service) at least change the CMOS battery, but give the machine a thorough check...there is a fundamental hardware problem. It sounds like possibly an overheating problem and/or other hardware failure.

no, didn't change the RAM nor ps recently. I only flashed the BIOS AFTER all the problems I listed happened. anyway, I was backing up data to a usb hard drive when the screen suddenly became like this:
http://img300.imageshack.us/img300/742/badscreenrq7.jpg
then I unplugged and immediate turn on again but only the power light and fan were on. screen was dead. then left it unplugged for a minute or so and pressed the power button and everything restarted.

Your machine is hosed.......

I would call Dell and see if you have any Warranty left. DO NOT TELL THEM WHAT YOU HAVE DONE or you will void the warranty. If the bios flash was not from DELL, you did void the warranty.

You are in serious trouble with this PC and most of it appears self inflicted. STOP NOW. Get an EBCD and get your data off. Then get this back to dell and get it fixed. Once you reach that point we can help you be free of spyware in the future.

Funny thing happened: I managed to restore my system as far back as I could sunday morning and it's been two days since I had a crash. the only thing left are the error on windows defender at startup and the usb port(sometimes I get a message implying that I'm not using USB 2.0 while in fact I am.) anyway, I've saved all the data and decided to reinstall xp. any tips on doing this? this time, I would like to install an anti-virus and firewall. any suggestions on freewares out there? for firewall, I've just downloaded zone alarm. any better suggestions? I'll be running limewire and also downloading and uploading torrents. as for anti-virus, some people recommend AVG. any thoughts? btw, isn't that Stop Sign anti-virus that they advertised on tv some kind of a trick? heard they infect your system if you download their little virus scan.
thanks!

I doubt your system is clean. Please do whatever you want. Following advice does not appear to suit you. If this PC survives you, it will be a miracle.