Hi guys. My cousin has recently bought a brand new Dell PC that came pre-installed with Windows XP SP2 and McAfee Security Centre.

She got BT Broadband (512k ADSL) 3 weeks ago and it installed with no problems. Just after that, Microsoft AntiSpyware Beta appeared on her PC (presumably through Automatic Updates, which is a rather cheeky way of getting the world to automatically accept beta software!).

About 2 weeks ago, she noticed a message saying that a trojan had been blocked. Since then, she has had problems getting onto the Internet and has also noticed that McAfee anti-virus keeps showing as disabled whenever she checks it. She enables it again but later finds that it has got disabled again. She also keeps getting fatal blue screens (STOP: 0x000000c5).

I went round there this afternoon to fix it all but couldn't get it sorted. I managed to stop the BSODs but I'm not sure how. Every time you start IE6, you just get the standard 'Page could not be displayed' screen. BT Broadband connects with no problem but you can't browse to any web page, sign in to MSN Messenger, send mail through Outlook Express or even PING anyone else.

I've tried disabling all the security software, enabling all the security software, shutting down all System Tray apps, etc. McAfee Security Centre kept saying that Windows Updates was disabled but kept reporting 'an error has occurred' when I tried to enable it. I've used the 'Reset Web Settings' button in IE6. I've been through all the Run entries in the registry. I've removed IE6 and the broadband software, rebooted and re-installed it. I've tried Safe Mode but that doesn't help either. Problem is, the PC can't get onto the 'net to download HiJackThis for a better diagnosis so I might have to burn it on CD and take it back across the other side of town to install it. I couldn't get Remote Assistance enabled because it couldn't send the email message to invite me to connect from home!

XP really isn't my area of expertise - am I missing something obvious?

There were a couple of dodgy looking apps installed (I removed Funny Dog Screensaver because I didn't like the sound of it and my cousin couldn't really explain where it came from and there were a couple of others but nothing that was obviously or definitely an issue). She had installed Bearshare (P2P) a couple of weeks ago, around the same time that the problems started but has subsequently removed it. Is Bearshare "safe" or is it loaded with spyware that could be causing the issue?

Note that a scan with Microsoft Antispyware Beta doesn't find anything wrong but that's the first time I've seen it so I don't know whether that's a decent check. Should I stick Ad-Aware on it as well?

There are no XP Restore Points for some reason so I can't set it back a couple of weeks. Looks like I might have to burn a CD of her personal documents and run the Dell Restore Disk It's only 6 weeks old!

Blimey, sorry for such an epic post!

That reminds me, I was going to re-write the Bible tonight ........

epic weird.

I have never seen that the MSBeta was in windows update.
Plus it's not like a hotfix; meaning you would have to go thru the installation process to install it. It would not install automatically

That being said I know of one issue in XP that relates to non connectivity:

You cannot create a network connection after you restore Windows XP

Fix:

1. Click Start, and then click Run.
2. In the Open box, type regedit, and then click OK.
3. Locate and then click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RasMan
4. On the File menu, click Export.
5. In the File Name box, type exported rasman key, and then click Save.
6. In the RasMan key, locate and then click the ObjectName string value.

If this value is not set to LocalSystem, follow these steps:
a. On the Edit menu, click Modify.
b. In the Value data box, type LocalSystem, and then click OK.
7. Locate and then double-click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RasMan\PPP\EAP\25
8. On the Edit menu, click Delete.
9. Click Yes to confirm that you want to delete the selected registry key.
10. Repeat steps 7 to 9 to delete the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RasMan\PPP\EAP\26
11. Quit registry editor, and then restart your computer.


Beyond that I think a Restore might be in order.

Thanks Jephree - I'll go back over there and see if that helps

I have/do use MS Spyware beta and would definitely put both Spybot and Adaware on as well. MS does not find DyFuCa like Spy bot, it does not stop or clear VX2 like Adaware does.

Jephree is also right, you have to get it...it just doesnt get forced down. I know that some of my work PCs had some strange Hijack here. We cleaned them out but only after about 3 weeks of tough cleaning. My Researchers were able to work between cleans, but it was hard to clean. The Host file was trashed, the Winsock DLLs were messed up with LSP and about 3 different variations of VX2 were on them as well.

BTW, Epic is grand! I always like a light bit of reading!