Please help me

Run the steps in the below link and attach the requested smitfiles.txt log:

SpywareQuake & SpyFalcon Removal Procedure

Then double check and delete all of the below if they still exist:
C:\WINDOWS\System32\hp73A4.tmp
C:\WINDOWS\System32\dcomcfg.exe
c:\windows\system32\ld119E.tmp
c:\windows\system32\msblank.html
c:\windows\system32\ot.ico
c:\documents and settings\all users\favorites\Download Free Spyware Remover.url
c:\windows\system32\1024 <--- the wholde folder
c:\windows\smdat32m.sys
c:\windows\warnhp.html

Note: you skipped step 3 of the READ ME. You have Kaspersky and Symantec running. Uninstall one of them.

Please follow the directions given in step 7 of the READ ME and install HijackThis as instructed. You have it here:
C:\Documents and Settings\jamie\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

Which means you are running it from the ZIP file. This is exactly what the directions say not to do. Please fix this now. Then attach a new HJT log.


What version of Morpheus are you running? Older versions of this contain malware.

How are things running now?

 

No do not uninstal; Kaspersky. You need to uninstall Norton if it is not working. But is that what you meant by Control Panel? Did you mean you could not use Add/Remove programs to uninstall it? Try using the below procedure:


Using the Norton uninstall tool

This version contains malware. See: http://www.spywareinfo.com/articles/p2p/

You have not extracted it from the ZIP file. What you are doing is opening the ZIP and then running the hijackthis.exe file that is inside the ZIP. You must follow the instructions in the link given in step 7 to install it properly. The C:\Program Files folder is not protected. You need to creat a subfolder in C:\Program Files and name the subfolder HJT then extract the hijackthis.exe file from the HijackThis.zip file you downloaded into the C:\Program Files\HJT folder.

 

Please be specific. What did you find and what didn't you find? Do not delete anything unless it is an exact match for what was given!

 

Which listed files? The ones in the SpywareQuake procedure or the one listed in message # 2 of this thread.

 

Are you using the PC with the problem to post messages here right now while running the procedure?

 

Tha't not what I meant! I mean while you were posting all these messages you implied you were in safe mode and could not find the files. Which PC where you posting messages from?

 

Okay! So why were you reporting that those files could not be found. The procedure begins with the below note.

 

What happens? You must provide more descriptive comments.

If you still cannot boot into normal boot mode, power the PC down for a minute. Then turn the power back on and see if you can boot in normal mode.

 

Nothing that was given in the SpywareQuake procedure would cause any problems like this. As long as only what was given in the procedure was run and no files except what were given there were deleted, it would have no impact on your ability to boot into normal mode. In message number 6 you said:

What exactly did you find and delete? Perhaps you delete things you should not have deleted. You should only delete exact matches not "things that look like that".

Two things I would suggest after booting in safe mode.

1) Get the smitfiles.txt log from running SmitRem over to your other PC and attach it here.

2) While in safe mode look to see if the C:\Windows\system32\wininet.dll file exists.

 

What about the rest of what I said in my last message?

 

You're welcome! Something else you can try if you have other user accounts, is to try logging into a different user account in normal boot mode. Does that work?

You could also create a new user account while in safe mode. Then try booting into normal mode and using the new user account.

Question: Do you boot to the welcome screen and require user login or are you set to directly boot into a particular account immediately. This second option is normally an admin account and it is not a very secure things to do if that is how you were setup.

 

I thought you said it did not boot! Or did you mean after you enter your password you have a problem?

 

Just do what is in message # 20 and get me the log and tell me about wininet.dll.

You should also login to the Administrator account and see if it boots okay.
Also you should create a new user account and then see if you can boot into this new account without a problem.

 

Can you get it to your other PC and send it from there?

Which mode are you booted in (normal or safe)?
Which user account are you logged into? Use the Administrator account.

What kind of connection to the internet do you have (dial-up, cable, DSL)?

 

You don't have a floppy drive, a flashdrive, CD burner etc????

Are your PCs connected to a network (a router etc)?

 

Your PC is giving you this message when you try to boot it now??

A little while ago you said you could boot into safe mode. What did you do that has changed this?

 

What kind of disc? Floppy or CD?

Floppies must be formatted before you write to them to begin with.
CD must be burned using CD burning software and you would need it to be a data disk.

 

I don't understand why your symptoms keep changing. They should not be changing so radically unless you are changing things on the PC.

If you can not longer boot your PC after a power down, I would suggest you put in your WinXP CD and do a repair.

 

Okay so use your WinXP CD to do a repair.

See links like below if you don't know how to do this:

http://www.windowsnetworking.com/j_helmig/wxprcons.htm

http://www.michaelstevenstech.com/XPrepairinstall.htm

http://helpdesk.its.uiowa.edu/windows/instructions/repairinstall.htm

 

You're welcome. Keep me posted. If you have any problems trying to work thru a repair, guys over in the Software Forum can help you with this.