[grungi]

-----------------------------------------------------------------------
OS specs
-----------------------------------------------------------------------

m running Windows XP pro a volume license
I used firefox / opera previously

I've not posted any logs because im running an absolutely fresh boot clean system, what concerns me the most is something is tracking my system each and everytime I try to reinstall I'd like to hear speculation from the
experts. The other reason is this isnt so much about virus removal its about being able to stop them before they can get on you'll understand what I'm on about when you read it all.

I apologise in advance if this is the wrong forum, I have multiple issues so didnt know where to put it and on reading you'll realise I need not only malware and security help but all sorts of general advice as well

------------------------------------------------------------------------
What happened...
------------------------------------------------------------------------

1) I had various virus issues for a while, im a fairly experienced user and I dealt with them, I had a number of programs running, Spybot S&D with teatimer active, AVG free scan, Malware MBAM, all of these up to date, teatimer picked up attempted changes for a long time and I always denied them. After a really bad attack a long time ago (about a year) I managed to fool the viruses, which were real nasties and actively shutdown anything I tried to access to find out about them, couldnt go to websites beyond what it wanted me to see, couldnt run any antivirus etc etc, I got round this by alot of manual editing and finally switching to a second user within winxp and not going near the old one again, I restricted its privileges. It was a real hack job I know but it meant I was able to do things again without losing the mass of data I have on my machine.

2) After this I made alot of backups to my partitioned drive (half of my Hdd was partitioned for just this purpose) I had various issues still but all were resolved (w32.heur popped up alot) yesterday all my checkers came back clean everything looked good, I logged on this morning no problems at all, logged off went out and came back a few hours later, when I turned my machine on and loaded firefox (www.yahoo.co.uk is my homepage) instantly something went a bit weird, all of my desktop icons had a solid blue outline then lots of red writing in the web browser trying to get me to go to a antivirus site to "fix" the problems (problems they created the ******s) Teatimer started popping up messages saying something was trying to change my settings, I denied them all, I then ran my scans again,
nothing was picked up, I rebooted (yep I know big mistake) and tried again this time MBAM picked up a load as did Spybot, I cleared them all, Spybot needed a reboot to clear 2 files that were active at the time so I did then it wouldnt load, firstly the winxp black screen before you get to the user menu appeared but it kinda faded in rather than appearing instantly, then when I got to the user screen and clicked it took ages to get to the windows sound and then just sit on a background screen with no desktop, task manager worked but not much else did. (no icons nothing just a background screen)

I went into safe mode tried to get round it, tried all sorts for a fair while but this time I decided on the full wipe, I copied all of the remaining data I needed to my partition and then reinstalled winxp, I repartitioned ONLY the 1st partition C: and formatted then reinstalled, one error appeared "I/O device error" or something at the first graphical stage 3/5 of the way down, I've never seen this error before after a restart the install went through fine but when I hit windows theres a C: (125gb) and D: (125gb) partition is picking up on my computer but its saying RAW on properties and that its corrupted

PLEASE PLEASE PLEASE PLEASE *100000 someone tell me I can recover the data there is 80gb worth of data on there some of which is absolutely
crucial to me. I definately did NOT repartition the 2nd half of the hdd nor did I format it so I dont understand why its not now picking up. Above all else this is my no.1 priority getting those files back, I dont care if it means the drive is forever useless I'll buy another HDD, whatever it takes to get that data back

------------------------------------------------------------------------
After reinstall and installing drivers
------------------------------------------------------------------------

The below is the gist it is not the exact popup I got:

"Message from FROM to TO on 4/27/2009 etc

Stop system may require immediate attention

Your operating system registry may have errors or be corrupt

etc

tries to send me to a site "www.restorefix.com"


the above box popped up INSTANTLY on me after completing my network drivers install and connecting to the internet for the first time (hadnt gone near a browser) and the screen faded to black briefly (I had installed my graphics drivers just before).

This keeps popping up currently, Im having no luck downloading windowsupdate files (old XP version) trying to get SP2, having to do it
manually as windowsupdate just freezes.

----------------------------------------------------------------------
Questions
----------------------------------------------------------------------

I'd like to know what happened anyone any ideas?

Can someone explain to me (very in depth if possible) how the second my computer connects to the internet now is it under attack even off a fresh
install?

What can I do to set up a fresh install when I need files from the net but I cant get them off the net (or even trust downloads) I do have a USB drive and have got some of the programs. You can see my dilemma, I need to be fully protected before connecting to the net but to get that protection up to date downloaded etc I need to go on the net first, im screwed whichever way I approach it. I need a fully up to date version of things like MBAM without having to download it (is this possible? is there a definitions directory I could copy in?)

Is there a way of me having absolute control over my processes and any changes to registry etc, I want a way of it being 100pct down to me if anything changes?

I need the windows updates but they arent functioning through their website, how can I get hold of them? Is there a possibility of a single download that encapsulates all the updates + sp2 etc all in one download I can put on my USB drive? (its only 1gb)

----------------------------------------------------------------------
Additional problem
----------------------------------------------------------------------

Another problem that appeared, I need to get on msn messenger to contact friends who may be able to help but the setup comes up with this error "the ordinal 266 could not be located in the dynamic link library msi.dll. I also had a missing file error on trying to install my chipset drivers, any idea what could be causing these?

----------------------------------------------------------------------
Summation
----------------------------------------------------------------------

I have provided as much information as I can, currently I'm having no option but to get things done for an appointment I have tommorow which means I have no choice but to access the net and expose myself to everything if anyone can help I will be doing a fresh clean install again. Just for the rest of the evening I need to get my printer working and office installed again so I can at least print documents (which I have backed up twice thank gawd)

Im so angry and frustrated right now (not to mention homicidal), I took precautions and they got me nowhere in fact I believe it was Spybot that stopped my system booting. I appreciate I was slack and that I made some mistakes along the way so please dont rub it in on any replies, I feel awful enough as it is!

[grungi]

Its been a fair few days, im just wondering if anyones got any info for me? Btw I managed to sort the HDD out myself, thankfully the partition was intact and I could recover the data, I also appear to be spyware free currently having run everything I could think of, but I'd still like some of these questions answered.