Hey everyone.

Okay, I just acquired this PC from my sister who's not great on a PC anyway and has little if any idea what spyware is. That should give you some indication of the last couple of days.

I think I have it all, however... when I start the PC I get this message when the user selection should appear.


Windows cannot load the user's profile but has logged you on with the default profile for the system.

DETAIL - The system has attempted to load or restore a file into the registry, but the specified file is not in a registry file format.

No users appear and I launch into my profile. So... I guess there's something still on here somewhere.


Panda Activescan

Incident Status Location

Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32m.sys
Potentially unwanted tool:application/need2find Not disinfected c:\program files\Need2Find
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/rxtoolbar Not disinfected Windows Registry
Adware:adware/searchexe Not disinfected Windows Registry

HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 11:55:34 AM, on 3/13/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\WINDOWS\System32\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Support - {9C143614-57B7-478E-BD7B-C736746476ED} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E235872D-083F-11D1-BE05-00AA00575603} - http://members.aol.com/nocost/axe.ocx
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe


As of this moment...

*Need2Find directory and the smdat32m.sys file have both been deleted.
*AdAware finds MUE files pretty consistently, though says they're no threat.
*Spybot runs clean in Windows and in safe mode.
*Spyware Blaster has all protections enabled.
*CSShredder runs clean.
*CCleaner wants to change something seemingly every time it's ran.


A Little History

When I started a couple days ago the PC was superinfected. AdAware found just over 500 criticals, Spybot then found another 50 that AdAware overlooked. She had multiple P2P clients, AOL, Compuserv, and various internet radio thingys... so she had just about every magnet she could find running on it.

The PC sat in a closet for a couple of years so it was missing a ton of Windows updates. I went update crazy and went ahead and installed SP2. Searching these forums last night I seen that you can't install SP2 if you have any malware. I really don't know how screwed I am at this point so I went ahead and uninstalled SP2 and installed SP1a. This morning I followed instructions I had found for removing Rotue. Which brings up to this post.

I'm keeping the PC and want nothing on it at the moment. The only software I've installed is Firefox 2, AVG 7.5, AdAware, Spybot, Spyware Blaster, CSShredder, HijackThis, and CCleaner. That's all that should be on here other than Windows programs. That said, it's a Compaq Presario so it's got all sorts of HP/Compaq crap on here that I would love to figure out how to remove. I've uninstalled everything I could identify through Add/Remove programs, in both my profile and the Administrator profile via safe mode, but when browsing program files there are several directories that I wish weren't there so if you see anything on the log above that doesn't belong to Windows or one of the anti-spyware agents listed please advise on it's removal.

I obviously want to reinstall SP2 and fully update Windows but need to get it clean first.

Sorry for the bump, but I'm new to XP and could really use a hand here.

In addition, the files that keep appearing in AdAware scans are MRU files. I'd made a mistake above and couldn't edit the post.

Thanks again.

Welcome to the forum, can I assume even though you are bumping your topic that you read and followed these instructions?
"BEFORE you POST" Mandatory Steps Before Requesting Assistance
http://forums.spybot.info/showthread.php?t=288
I may take a bit because of working remote like this, but even though HJT can't show everything, it is showing a malware free log right now. As far as junk that is not needed, I will make some suggestions. These two lines, unless you set them are not needed (they are not malware)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch

Looking at the programs you asked about:
Firefox 2, AVG 7.5, AdAware, Spybot, Spyware Blaster, CSShredder, HijackThis, and CCleaner.
AVG also has Anti-Spyware 7.5 so be careful not to mix them in your mind. You are running AVG Antivirus 7.5 and it is a good free antivirus program.
What are you doing for a firewall?
SpywareBlaster, Spybot S&D and Ad-aware are all good freeware programs
CWSredder is about obsolete since Trend bought it from Merijn and I suggest you uninstall it. It is available online if needed.

Deleting the MRU's is optional, since I only run Ad-aware once a month or so I usually delete them.

CCleaner: I have it installed but rarely use it. I may uninstall it one day and only ask a members to download it if they have a really dirty computer, especially with registry problems, because CCleaner does backup and clean the registry to a certain extend. Once you are clean, I suggest one of these methods:

ATF Cleaner
http://forums.security-central.us/showthread.php?t=1925

Cleanmgr
http://spyware-free.us/tutorials/cleanmgr/

Let me have a look at your Uninstall Manager and I may have some suggestions:
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.

A couple of things in the logs I question now are:
O9 - Extra button: Support - {9C143614-57B7-478E-BD7B-C736746476ED} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
if you done with Compaq remove that

O16 - DPF: {E235872D-083F-11D1-BE05-00AA00575603} - http://members.aol.com/nocost/axe.ocx
any aol involvement?

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe G
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
Those can be removed if you have no use for them. If you ever return to the site you would be prompted to dowload them again.

Here is some very good information to consider:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

Since you have no doubt removed a lot of junk, you may as well start with clean System Restore files also:
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

Review what the experts have to say, then if there are any additional questions, post them.
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

I wanted to add that you should check your AVG Antivirus version, it should be 7.5 NOT 7.1.

Thanks

I did read the Before you Post thread, again sorry about the bump. I wanted to correct the MUE > MRU thingy so there was no confusion and page three makes my nervous, so I knocked down two birds with on stone.

AVG Antivirus 7.5 is correct, not the Anti-Spyware.
CWShredder has been removed. Thanks for the tip.

CCleaner removed 2.5 Gb of assorted temp files from this PC when I first ran it. Seems like it does a good job. I have a Win2k box that I run EasyCleaner on from time to time. I downloaded it for this box but it wouldn't launch for some reason. The version seemed to be correct and I re-downloaded another instance but it still wouldn't launch. I had read about CCleaner here so I gave it a shot.

I also removed the items you suggested. AOL was present on the machine when I began, it was already removed. I am done with Compaq so deleted that as well.

I'm still concerned about the items identified in the Activescan...

Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/rxtoolbar Not disinfected Windows Registry
Adware:adware/searchexe Not disinfected Windows Registry

I can't identify these items anywhere. The other two... Need2Find was an empty directory so I just deleted it. I believe I identified the smdat32m.sys file as the Rotue issue and deleted it as well. I had hoped the smdat32m.sys file would solve my user issue when the PC starts up but it doesn't appear to have done so. Something is still trying to create a file that's screwing with my start up process.

I would like to do a complete restore... my concern is that my silly sister lost the Compaq restore disk to this computer years ago so I have no disk support of any kind. This is the only XP box I have and have no legal XP disks. Will I require a disk to restore this machine?

I'm checking out the links you provided now, below is a new HJT Log and the HJT Uninstall Manager you requested.

Thanks for your time.


Uninstall Manager from HJT

Ad-Aware SE Personal
AVG 7.5
CCleaner (remove only)
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Internet Explorer 6 SP1
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft XML Parser and SDK
Mozilla Firefox (2.0.0.2)
MSXML 4.0 SP2 (KB927978)
Netscape 6 (6.1)
overland
QuickTime
RealPlayer Basic
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Shockwave
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB931836)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix (SP2) [See Q329048 for more information]
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q815021
Windows XP Hotfix (SP2) Q817606
Windows XP Service Pack 1a


HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 7:30:15 PM, on 3/14/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\WINDOWS\System32\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Oh... and I just run through a router for a firewall, I do not an additional software firewall installed.

Linksys DSL Router Model BEFSR41

Some of this junk so permeates a computer that it is hard to remove it all without doing a register cleaning. You have that ability with CCleaner but if it will get the stuff I don't know. Open the program and click the "Issues" tab and follow the prompts. Make sure you back up the registry before doing this and anytime you work in the registry.
I have a freeware registry cleaner that I link folks to when they have tough job, if CCleaner does not remove those and you want the link, let me know.

This is the only XP box I have and have no legal XP disks. Will I require a disk to restore this machine?
Not sure what you are asking me here?

Uninstall list: Nothing much there, I see you are running the newest Windows Media Player which I use also, you have two other players using space and resources if you don't use them:
QuickTime: O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
RealPlayer Basic: O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

Couple of items I don't know but they don't look like malware, good chance for you to see stuff you don't use.

Might be a couple of services you are not using..disable them if not.
HJT log looks great beside that, not much room for improvement.

Once you have read the link, you will understand you need a realtime spyware program. If the information those folks provided does not help you decide, look at Windows Defender for a freeware possibility.
http://www.microsoft.com/athome/security/spyware/software/default.mspx

Thanks...Phil
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

Not sure what you are asking me here?


You had mentioned...
Since you have no doubt removed a lot of junk, you may as well start with clean System Restore files also:

That sounds great... and I had thought that XP had a feature where you could just start over so to speak. I would love to wipe everything and go back to like it was new. However, I have Win2k and whenever I restore I have to have my disk to complete the process. If I can simply click GO and XP will restore then cool, I'm game. But if not, if I need a disk to complete the process, then I won't be able to do that.

What I was asking is if you know whether or not I'll need the original XP install disk to complete a system restore?


Do you have any idea what could be cause my user selection to fail? I'm still getting the same error I was earlier in this process.


Windows cannot load the user's profile but has logged you on with the default profile for the system.

DETAIL - The system has attempted to load or restore a file into the registry, but the specified file is not in a registry file format.

This has been happening for some time during this process but it was not happening when I started. Something I'm removed has caused that to occur.

Any ideas when to even begin troubleshooting a user issue?

Thanks again for all your advice.

Peace

Have a look at this information: http://www.google.com/search?hl=en&q=use+system+restore&btnG=Search
What happens is if the computer is infected and Windows makes a restore point then the restore point files are infected also. I posted instructions for you to clean those files:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam
Then you have clean restore points and the SR is available in a emergency as you will read in the link in Google above. Some folks think this is a waste of disk space, but many of us believe a bad restore point is better than none.

What it sounds like you are asking for is a reinstallation of Windows or a reformat, these are going to require the CD's that came with the computer as well as the copy of Windows that was installed on the computer.

I missed your mention of using a hardware firewall. Most folks say a hardware firewall (router with one) is all of the firewall protection you need. I personally prefer both. You should use a few tools to check your firewall to see how it stands up.
Lots of freeware tools available: http://www.google.com/search?hl=en&q=check+for+open+ports&btnG=Search

Hope this helps

As the problem appears to be resolved this topic has been closed.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.

Thanks