'[email protected] is anyone out there

[wompum13 0]

I guess I will try one last post in hopes that someone will help Here my hijack log

 

Logfile of HijackThis v1.99.1

Scan saved at 11:09:52 PM, on 10/4/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5700.0006)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Nortons anti virus\navapsvc.exe

C:\Program Files\Nortons anti virus\AdvTools\NPROTECT.EXE

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Nortons anti virus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Nortons anti virus\NavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office\Office\OSA9.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156585333637

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Nortons anti virus\navapsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Nortons anti virus\AdvTools\NPROTECT.EXE

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[jurgenv 0]

* You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.

 

* Download smitRem.exe and save the file to your desktop.

Double click on the file to extract it to it's own folder on the desktop.

 

* First download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.

This is a 30 day trial of the program

1. Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
   
2. Once the setup is complete you will need run AVG Anti-Spyware 7.5 and update the definition files.
   
3. Run AVG Anti-Spyware
   
4. From the main AVG Anti-Spyware screen, click on Update, then click the Start update button.
   
5. After the update finishes (the status bar at the bottom will display "Update successful")
   
6. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
   
7. Under "Reports
   
8. Select "Automatically generate report after every scan"
   
9. Un-Select "Only if threats were found"
   

Close AVG Anti-Spyware 7.5, Do Not run a scan just yet, we will shortly.

 

* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:

Ad-Aware SE Setup

Again, do NOT run a scan yet.

 

 

* Next, please reboot your computer in Safe Mode by doing the following:

1. Restart your computer
   
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
   
3. Instead of Windows loading as normal, a menu should appear
   
4. Select the first option, to run Windows in Safe Mode.
   

* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.

Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.

 

* Next, run Ad-aware and perform a full scan. Remove everything found.

1. Lauch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
   
2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
   
3. AVG Anti-Spyware 7.5 will now begin the scanning process, be patient this may take a little time.
   Once the scan is complete do the following:
   
4. If you have any infections you will prompted, then select "Apply all actions"
   
5. Next select the "Reports" icon at the top.
   
6. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
   

* Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present.

 

 

* Restart your computer in normal mode.

 

* Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

 

* Run the Panda online virus scan at http://www.pandasoftware.com/products/activescan.htm

 

- Once you are on the Panda site click the Scan your PC button

- A new window will open...click the Check Now button

- Enter your Country

- Enter your State/Province

- Enter your e-mail address and click send

- Select either Home User or Company

- Click the big Scan Now button

- If it wants to install an ActiveX component allow it

- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

- When download is complete, click on Local Disks to start the scan

- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

 

* Finally, restart your computer once more, and please post a new HijackThis log as well as the log from the AVG Anti-Spyware 7.5 scan and the log from the smitRem tool, which will be located at C:\smitfiles.txt.

Let us know if any problems persist.

[wompum13 0]

Here are the logs you requested

 

Logfile of HijackThis v1.99.1

Scan saved at 2:39:15 AM, on 10/8/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5700.0006)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Nortons anti virus\navapsvc.exe

C:\Program Files\Nortons anti virus\AdvTools\NPROTECT.EXE

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\winlogon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Nortons anti virus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Nortons anti virus\NavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156585333637

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Nortons anti virus\navapsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Nortons anti virus\AdvTools\NPROTECT.EXE

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

 

 

 

Incident Status Location

 

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Kristie\My Documents\SmitfraudFix.zip[smitfraudFix/Process.exe]

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Kristie\Desktop\SmitfraudFix\SmitfraudFix.zip[smitfraudFix/Process.exe]

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Kristie\Desktop\SmitfraudFix\Process.exe

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kristie\Cookies\[email protected][1].txt

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Kristie\Cookies\[email protected][1].txt

Spyware:Cookie/WebPower Not disinfected C:\Recycled\NPROTECT\00051283.TXT

Spyware:Cookie/Ccbill Not disinfected C:\Recycled\NPROTECT\00051303.TXT

Spyware:Cookie/GoStats Not disinfected C:\Recycled\NPROTECT\00051321.TXT

Potentially unwanted tool:Application/Processor Not disinfected C:\Recycled\NPROTECT\00050356.EXE

Potentially unwanted tool:Application/Processor Not disinfected C:\Recycled\NPROTECT\00050370.EXE

Spyware:Cookie/Adserver Not disinfected C:\Recycled\NPROTECT\00050641.TXT

Spyware:Cookie/Adserver Not disinfected C:\Recycled\NPROTECT\00050642.TXT

Spyware:Cookie/2o7 Not disinfected C:\Recycled\NPROTECT\00050662.TXT

Spyware:Cookie/2o7 Not disinfected C:\Recycled\NPROTECT\00050672.TXT

Spyware:Cookie/2o7 Not disinfected C:\Recycled\NPROTECT\00050694.TXT

Spyware:Cookie/2o7 Not disinfected C:\Recycled\NPROTECT\00050695.TXT

Spyware:Cookie/Hitbox Not disinfected C:\Recycled\NPROTECT\00050698.TXT

Spyware:Cookie/Hitbox Not disinfected C:\Recycled\NPROTECT\00050699.TXT

Spyware:Cookie/Hitbox Not disinfected C:\Recycled\NPROTECT\00050702.TXT

Spyware:Cookie/Hitbox Not disinfected C:\Recycled\NPROTECT\00050705.TXT

Spyware:Cookie/Hitbox Not disinfected C:\Recycled\NPROTECT\00050708.TXT

Spyware:Cookie/Hitbox Not disinfected C:\Recycled\NPROTECT\00050711.TXT

Spyware:Cookie/Hitbox Not disinfected C:\Recycled\NPROTECT\00050714.TXT

Spyware:Cookie/Malwarewipe Not disinfected C:\Recycled\NPROTECT\00051365.TXT

Spyware:Cookie/VirusBurst Not disinfected C:\Recycled\NPROTECT\00051413.TXT

Spyware:Cookie/Searchportal Not disinfected C:\Recycled\NPROTECT\00051426.TXT

Spyware:Cookie/Go Not disinfected C:\Recycled\NPROTECT\00051454.TXT

Spyware:Cookie/Xiti Not disinfected C:\Recycled\NPROTECT\00051503.TXT

Spyware:Cookie/Adrevolver Not disinfected C:\Recycled\NPROTECT\00051525.TXT

Spyware:Cookie/Belnk Not disinfected C:\Recycled\NPROTECT\00051630.TXT

Spyware:Cookie/adultfriendfinder Not disinfected C:\Recycled\NPROTECT\00051643.TXT

Spyware:Cookie/Cgi-bin Not disinfected C:\Recycled\NPROTECT\00051650.TXT

I hope this is what you wanted Thank you for the help Its been over a week and your the first person to even attempt to help!!

[jurgenv 0]

And the report from smitrem and AVG antispyware?

[wompum13 0]

Sorry Let me know if this is all you need

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 9:45:43 PM 10/4/2006

 

+ Scan result:

 

 

 

C:\Recycled\NPROTECT\00048963.exe -> Downloader.Zlob.anq : Cleaned.

C:\System Volume Information\_restore{8DFBB3B8-D5CC-4048-811C-2E958065DBEA}\RP56\A0010509.exe -> Downloader.Zlob.anq : Cleaned.

C:\System Volume Information\_restore{8DFBB3B8-D5CC-4048-811C-2E958065DBEA}\RP56\A0010510.exe -> Downloader.Zlob.anq : Cleaned.

C:\System Volume Information\_restore{8DFBB3B8-D5CC-4048-811C-2E958065DBEA}\RP56\A0010511.exe -> Downloader.Zlob.anq : Cleaned.

C:\Recycled\NPROTECT\00048967.TXT -> TrackingCookie.2o7 : Cleaned.

C:\Recycled\NPROTECT\00048968.TXT -> TrackingCookie.2o7 : Cleaned.

C:\Recycled\NPROTECT\00048969.TXT -> TrackingCookie.2o7 : Cleaned.

C:\Recycled\NPROTECT\00048970.TXT -> TrackingCookie.2o7 : Cleaned.

C:\Recycled\NPROTECT\00048971.TXT -> TrackingCookie.2o7 : Cleaned.

C:\Recycled\NPROTECT\00048972.TXT -> TrackingCookie.2o7 : Cleaned.

C:\Recycled\NPROTECT\00048973.TXT -> TrackingCookie.2o7 : Cleaned.

C:\Recycled\NPROTECT\00048974.TXT -> TrackingCookie.2o7 : Cleaned.

C:\Recycled\NPROTECT\00048975.TXT -> TrackingCookie.2o7 : Cleaned.

C:\Recycled\NPROTECT\00048976.TXT -> TrackingCookie.2o7 : Cleaned.

C:\Recycled\NPROTECT\00048977.TXT -> TrackingCookie.2o7 : Cleaned.

C:\Recycled\NPROTECT\00048978.TXT -> TrackingCookie.2o7 : Cleaned.

C:\Recycled\NPROTECT\00048979.TXT -> TrackingCookie.2o7 : Cleaned.

C:\Recycled\NPROTECT\00048980.TXT -> TrackingCookie.2o7 : Cleaned.

C:\Recycled\NPROTECT\00048987.TXT -> TrackingCookie.Adbrite : Cleaned.

C:\Recycled\NPROTECT\00048982.TXT -> TrackingCookie.Adserver : Cleaned.

C:\Recycled\NPROTECT\00048991.TXT -> TrackingCookie.Advertising : Cleaned.

C:\Recycled\NPROTECT\00048964.TXT -> TrackingCookie.Atdmt : Cleaned.

C:\Recycled\NPROTECT\00048999.TXT -> TrackingCookie.Bridgetrack : Cleaned.

C:\Recycled\NPROTECT\00049000.TXT -> TrackingCookie.Burstnet : Cleaned.

C:\Recycled\NPROTECT\00048965.TXT -> TrackingCookie.Com : Cleaned.

C:\Recycled\NPROTECT\00048966.TXT -> TrackingCookie.Com : Cleaned.

C:\Recycled\NPROTECT\00048983.TXT -> TrackingCookie.Enhance : Cleaned.

C:\Recycled\NPROTECT\00049008.TXT -> TrackingCookie.Esomniture : Cleaned.

C:\Recycled\NPROTECT\00048993.TXT -> TrackingCookie.Euroclick : Cleaned.

C:\Recycled\NPROTECT\00048992.TXT -> TrackingCookie.Goclick : Cleaned.

C:\Recycled\NPROTECT\00048998.TXT -> TrackingCookie.Hitbox : Cleaned.

C:\Recycled\NPROTECT\00048981.TXT -> TrackingCookie.Kmpads : Cleaned.

C:\Recycled\NPROTECT\00048997.TXT -> TrackingCookie.Liveperson : Cleaned.

C:\Recycled\NPROTECT\00049006.TXT -> TrackingCookie.Masterstats : Cleaned.

C:\Recycled\NPROTECT\00048988.TXT -> TrackingCookie.Overture : Cleaned.

C:\Recycled\NPROTECT\00048989.TXT -> TrackingCookie.Overture : Cleaned.

C:\Recycled\NPROTECT\00048990.TXT -> TrackingCookie.Overture : Cleaned.

C:\Recycled\NPROTECT\00049004.TXT -> TrackingCookie.Planetactive : Cleaned.

C:\Recycled\NPROTECT\00048994.TXT -> TrackingCookie.Sexlist : Cleaned.

C:\Recycled\NPROTECT\00048995.TXT -> TrackingCookie.Sextracker : Cleaned.

C:\Recycled\NPROTECT\00048996.TXT -> TrackingCookie.Sextracker : Cleaned.

C:\Recycled\NPROTECT\00049005.TXT -> TrackingCookie.Specificclick : Cleaned.

C:\Recycled\NPROTECT\00048984.TXT -> TrackingCookie.Tacoda : Cleaned.

C:\Recycled\NPROTECT\00048985.TXT -> TrackingCookie.Tacoda : Cleaned.

C:\Recycled\NPROTECT\00048986.TXT -> TrackingCookie.Tacoda : Cleaned.

C:\Recycled\NPROTECT\00049001.TXT -> TrackingCookie.Wegcash : Cleaned.

C:\Recycled\NPROTECT\00049002.TXT -> TrackingCookie.Wegcash : Cleaned.

C:\Recycled\NPROTECT\00049003.TXT -> TrackingCookie.Wegcash : Cleaned.

C:\Recycled\NPROTECT\00049007.TXT -> TrackingCookie.Yieldmanager : Cleaned.

 

 

::Report end

 

 

 

SmitFraudFix v2.105

 

Scan done at 5:41:45.35, Sun 10/08/2006

Run from C:\Documents and Settings\Kristie\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kristie

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kristie\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\KRISTIE\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

I hope that does it I will be online here for awhile so please let me know.

[jurgenv 0]

The report from smitrem is not complete.

[wompum13 0]

SmitFraudFix v2.105

 

Scan done at 5:41:45.35, Sun 10/08/2006

Run from C:\Documents and Settings\Kristie\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kristie

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kristie\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\KRISTIE\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

This is all it gives me OH boy that cant be good Please advise on what to do, Im not that computer smart when it comes to techie stuff !!

[jurgenv 0]

1. Download this file - combofix.exe

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log in your next reply

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[wompum13 0]

Kristie - 06-10-08 6:05:16.16 Service Pack 2

ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Kristie\Desktop"

 

((((((((((((((((((((((((((((((( Files Created from 2006-09-08 to 2006-10-08 ))))))))))))))))))))))))))))))))))

 

 

2006-10-08 05:31 53,248 --a------ C:\WINDOWS\system32\Process.exe

2006-10-08 05:31 40,960 --a------ C:\WINDOWS\system32\swsc.exe

2006-10-08 05:31 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2006-10-08 05:31 135,168 --a------ C:\WINDOWS\system32\swreg.exe

2006-10-02 17:06 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2006-09-29 05:31 78,488 --a------ C:\WINDOWS\system32\XMD5.dll

2006-09-29 05:31 101,888 --a------ C:\WINDOWS\system32\vb6stkit.dll

2006-09-28 22:51 19,328 -ra------ C:\WINDOWS\system32\drivers\IABFilt.sys

2006-09-28 22:42 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS

2006-09-11 22:48 86,016 --a------ C:\WINDOWS\unvise32qt.exe

2006-09-10 19:24 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL

2006-09-10 19:24 69,632 --a------ C:\WINDOWS\system32\xmltok.dll

2006-09-10 19:24 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll

2006-09-10 19:24 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe

2006-09-10 11:36 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-10-04 23:08 -------- d-------- C:\Program Files\Hijackthis

2006-10-02 22:18 -------- d-------- C:\Program Files\Java

2006-10-02 22:16 -------- d-------- C:\Program Files\Common Files\Java

2006-10-02 17:06 -------- d-------- C:\Program Files\Grisoft

2006-10-01 12:59 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Lavasoft

2006-10-01 12:58 -------- d-------- C:\Program Files\Lavasoft

2006-09-28 22:46 -------- d-------- C:\Program Files\Iomega

2006-09-28 15:53 -------- d-------- C:\Program Files\Windows Live Toolbar

2006-09-28 00:10 -------- d-------- C:\Program Files\MSN Messenger

2006-09-27 23:43 -------- d-------- C:\Documents and Settings\Kristie\Application Data\MSNInstaller

2006-09-26 07:00 -------- dr------- C:\Program Files\Support.com

2006-09-21 17:27 -------- d-------- C:\Program Files\Disney Interactive

2006-09-16 20:52 -------- d-------- C:\Program Files\exPressit S.E. 2.1

2006-09-15 22:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2006-09-15 22:52 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2006-09-11 22:50 -------- d-------- C:\Program Files\Ubi Soft

2006-09-11 22:47 -------- d-------- C:\Program Files\QuickTime

2006-09-10 19:24 -------- d-------- C:\Program Files\Ubisoft

2006-09-10 11:30 -------- d-------- C:\Program Files\Common Files\InstallShield

2006-09-09 21:26 -------- d-------- C:\Program Files\Sports Mogul

2006-09-09 21:10 -------- d-------- C:\Program Files\Baseball Mogul 2007

2006-09-07 23:09 -------- d-------- C:\Program Files\Drivers

2006-09-07 22:40 -------- d-------- C:\Program Files\Sierra On-Line

2006-09-06 13:38 -------- d-------- C:\Program Files\msn gaming zone

2006-09-04 19:38 -------- d-------- C:\Program Files\motherboard

2006-09-03 16:49 -------- d-------- C:\Program Files\Games

2006-08-31 23:36 -------- d-------- C:\Program Files\Plus!

2006-08-31 23:34 -------- d-------- C:\Program Files\Desktop Architect

2006-08-27 22:44 -------- d-------- C:\Documents and Settings\Kristie\Application Data\AdobeUM

2006-08-27 22:26 -------- d-------- C:\Program Files\Adobe

2006-08-27 21:12 -------- d-------- C:\Program Files\Themes

2006-08-26 18:48 -------- d-------- C:\Program Files\musicmatch

2006-08-26 15:21 -------- d-------- C:\Program Files\Common Files\Adobe

2006-08-26 15:21 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Adobe

2006-08-26 14:49 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Macromedia

2006-08-26 10:34 -------- d-------- C:\Program Files\Yahoo!

2006-08-26 04:32 -------- d-------- C:\Program Files\Microsoft Visual Studio

2006-08-26 04:32 -------- d-------- C:\Program Files\Common Files\Designer

2006-08-26 04:29 -------- d-------- C:\Program Files\Office

2006-08-26 02:53 -------- d-------- C:\Program Files\Everest

2006-08-24 22:49 0 --a------ C:\Documents and Settings\Kristie\Application Data\.googlewebacchosts

2006-08-24 22:31 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Snapfish

2006-08-24 20:28 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Simple Star

2006-08-24 20:24 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Ahead

2006-08-24 20:05 -------- d-------- C:\Program Files\Common Files\Nero

2006-08-24 19:59 -------- d-------- C:\Program Files\Common Files\Ahead

2006-08-24 19:59 -------- d-------- C:\Program Files\Ahead

2006-08-23 00:31 5906432 --------- C:\WINDOWS\system32\ieframe.dll

2006-08-23 00:31 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll

2006-08-23 00:31 457728 --------- C:\WINDOWS\system32\msfeeds.dll

2006-08-23 00:31 413696 --a------ C:\WINDOWS\system32\vbscript.dll

2006-08-23 00:31 225792 --a------ C:\WINDOWS\system32\webcheck.dll

2006-08-23 00:31 175616 --------- C:\WINDOWS\system32\ieui.dll

2006-08-23 00:31 152064 --a------ C:\WINDOWS\system32\msls31.dll

2006-08-23 00:18 78336 --a------ C:\WINDOWS\system32\ieencode.dll

2006-08-23 00:18 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe

2006-08-23 00:17 40448 --a------ C:\WINDOWS\system32\licmgr10.dll

2006-08-23 00:17 105472 --a------ C:\WINDOWS\system32\url.dll

2006-08-23 00:17 100352 --a------ C:\WINDOWS\system32\occache.dll

2006-08-23 00:16 16896 --a------ C:\WINDOWS\system32\corpol.dll

2006-08-23 00:14 378368 --a------ C:\WINDOWS\system32\iedkcs32.dll

2006-08-23 00:14 229376 --a------ C:\WINDOWS\system32\ieaksie.dll

2006-08-23 00:13 71680 --a------ C:\WINDOWS\system32\admparse.dll

2006-08-23 00:13 55296 --a------ C:\WINDOWS\system32\iesetup.dll

2006-08-23 00:13 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe

2006-08-23 00:13 43008 --a------ C:\WINDOWS\system32\iernonce.dll

2006-08-23 00:13 152064 --a------ C:\WINDOWS\system32\ieakeng.dll

2006-08-23 00:13 122880 --a------ C:\WINDOWS\system32\advpack.dll

2006-08-23 00:13 11776 --a------ C:\WINDOWS\system32\ieudinit.exe

2006-08-23 00:11 12288 --------- C:\WINDOWS\system32\msfeedssync.exe

2006-08-23 00:10 61440 --------- C:\WINDOWS\system32\icardie.dll

2006-08-23 00:10 35328 --a------ C:\WINDOWS\system32\imgutil.dll

2006-08-23 00:09 262656 --------- C:\WINDOWS\system32\iertutil.dll

2006-08-23 00:07 45568 --a------ C:\WINDOWS\system32\mshta.exe

2006-08-22 23:37 48128 --a------ C:\WINDOWS\system32\mshtmler.dll

2006-08-22 23:36 380928 --------- C:\WINDOWS\system32\ieapfltr.dll

2006-08-22 23:30 161792 --a------ C:\WINDOWS\system32\ieakui.dll

2006-08-22 19:01 -------- d-------- C:\Program Files\SymNetDrv

2006-08-22 05:24 -------- d-------- C:\Documents and Settings\Kristie\Application Data\MSN6

2006-08-22 05:21 -------- d-------- C:\Program Files\Design Science

2006-08-22 05:06 -------- d--h----- C:\Program Files\InstallShield Installation Information

2006-08-22 03:53 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Help

2006-08-22 03:43 -------- d-------- C:\Program Files\Symantec

2006-08-22 03:42 -------- d-------- C:\Program Files\Common Files\Symantec Shared

2006-08-22 03:37 -------- d-------- C:\Program Files\Nortons anti virus

2006-08-22 03:23 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Symantec

2006-08-22 03:15 -------- d-------- C:\Program Files\WinZip

2006-08-22 03:13 -------- d-------- C:\Program Files\ParadisePoker

2006-08-21 17:49 -------- d-------- C:\Program Files\Actiontec

2006-08-21 17:46 -------- d--h----- C:\Program Files\Uninstall Information

2006-08-21 17:46 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Identities

2006-08-21 05:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll

2006-08-21 02:14 23040 --a------ C:\WINDOWS\system32\fltMc.exe

2006-08-21 02:14 128896 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys

2006-08-21 00:23 -------- d-------- C:\Program Files\xerox

2006-08-21 00:23 -------- d-------- C:\Program Files\microsoft frontpage

2006-08-21 00:22 0 -rahs---- C:\MSDOS.SYS

2006-08-21 00:22 0 -rahs---- C:\IO.SYS

2006-08-21 00:22 0 --a------ C:\CONFIG.SYS

2006-08-21 00:22 0 --a------ C:\AUTOEXEC.BAT

2006-08-21 00:16 -------- d--h----- C:\Program Files\WindowsUpdate

2006-08-21 00:14 -------- d-------- C:\Program Files\Common Files\Services

2006-08-21 00:14 -------- d-------- C:\Program Files\Common Files\MSSoap

2006-08-21 00:13 -------- d-------- C:\Program Files\Outlook Express

2006-08-21 00:13 -------- d-------- C:\Program Files\NetMeeting

2006-08-21 00:13 -------- d-------- C:\Program Files\Movie Maker

2006-08-21 00:13 -------- d-------- C:\Program Files\Internet Explorer

2006-08-21 00:13 -------- d-------- C:\Program Files\Common Files\System

2006-08-21 00:08 -------- d-------- C:\Program Files\Windows Media Player

2006-08-21 00:08 -------- d-------- C:\Program Files\Messenger

2006-08-21 00:07 -------- d-------- C:\Program Files\Windows NT

2006-08-21 00:07 -------- d-------- C:\Program Files\MSN

2006-08-20 23:42 -------- d-------- C:\Program Files\Common Files\SpeechEngines

2006-08-20 23:42 -------- d-------- C:\Program Files\Common Files\ODBC

2006-08-20 23:42 -------- d-------- C:\Program Files\Common Files\Microsoft Shared

2006-08-20 23:42 -------- d-------- C:\Program Files\Common Files

2006-08-20 23:41 62 --ahs---- C:\Documents and Settings\Kristie\Application Data\desktop.ini

2006-08-20 23:40 -------- d---s---- C:\Documents and Settings\Kristie\Application Data\Microsoft

2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll

2006-07-27 06:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-07-21 01:24 72704 --a------ C:\WINDOWS\system32\hlink.dll

2006-07-14 08:51 121856 --------- C:\WINDOWS\system32\xmllite.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"

"ccRegVfy"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"

"Advanced Tools Check"="C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"

"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"

"Synchronization Manager"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,\

73,74,65,6d,33,32,5c,6d,6f,62,73,79,6e,63,2e,65,78,65,20,2f,6c,6f,67,6f,6e,\

00

"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"

"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"

"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

"NoChange"="1"

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000004

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

"isamonitor.exe"="C:\\Program Files\\X Password Generator\\isamonitor.exe"

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

 

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders

securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\Symantec NetDetect.job

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

C:\WINDOWS\tasks\XoftSpy.job

 

Completion time: Sun 10/08/2006 6:08:15.89

ComboFix.txt

 

 

Hopefully this works for you. It looks pretty important! Thank you so much for helping. This is what I get for having a boyfriend that loves porn!!!!

[jurgenv 0]

Looking good, how is everything working?

[wompum13 0]

I still have a problem with how slow it is, and for some reason we cant get on to MSN. My computer freezes and just go get anywhere I have to open task manager to shut it down.

I have tried everything from defrag to utilities to you name it. Maybe there is something else I should be doing.

[jurgenv 0]

Try to Re-install MSN

 

But try the new live messenger (Search via google)

[wompum13 0]

I did that. Earlier you ask me to go run that online scan at I think it was Panda. Anyways I said I had like 26 malware and like dont hold me to this number but I believe 5 unwanted tools it sounded bad. See dont know the difference so its all bad to me. Please advise...

[jurgenv 0]

Those are just cookies and false positives.

 

 

Please download the Killbox by Option^Explicit.

 

Note: In the event you already have Killbox, this is a new version that I need you to download.

• Save it to your desktop.
  
• Please double-click Killbox.exe to run it.
  
• Select:
  • Delete on Reboot
    
  • then Click on the All Files button.
    

  [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

   

  C:\WINDOWS\unvise32qt.exe

   

   

   

  [*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.

   

  [*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

 

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

 

after that, post a new hijackthis log here.

[wompum13 0]

One more quick thing there is a program that is listed in my Add & Remove programs in the control panel. I received it fro mour internet provider. Its supposed to help make our connection better. Anyways I had problems with it fro mthe gate so I went ot uninstall it and it conpletely locks up the computer...

[wompum13 0]

Logfile of HijackThis v1.99.1

Scan saved at 6:48:58 AM, on 10/8/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5700.0006)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Nortons anti virus\navapsvc.exe

C:\Program Files\Nortons anti virus\AdvTools\NPROTECT.EXE

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Nortons anti virus\NavShExt.dll

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156585333637

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Nortons anti virus\navapsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Nortons anti virus\AdvTools\NPROTECT.EXE

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

There is the new Hijackthis log. Hopefully we are getting somewhere. Once again thank you for your time...

[jurgenv 0]

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

 

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
  
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  
• Click the "Download" button to the right.
  
• Check the box that says: "Accept License Agreement".
  
• The page will refresh.
  
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
  

 

Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

Click Save, copy and paste the results in your next post.

[wompum13 0]

Ad-Aware SE Personal

Adobe Flash Player 9 ActiveX

Adobe Reader 7.0.8

AVG Anti-Spyware 7.5

Baseball Mogul 2007

CSI

Desktop Architect

Equilibria (remove only)

exPressit S.E. 2.1

FamilyFeudOnlineParty (remove only)

Form Fill (Windows Live Toolbar)

HijackThis 1.99.1

Hotfix for Windows XP (KB915865)

J2SE Runtime Environment 5.0 Update 9

LiveReg (Symantec Corporation)

LiveUpdate 1.80 (Symantec Corporation)

Map Button (Windows Live Toolbar)

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 SR-1 Professional

MSN

MSN Encarta Plus Support Files

Norton AntiVirus 2003 Professional Edition

Norton WMI Update

OneCare Advisor (Windows Live Toolbar)

Panda ActiveScan

Paradise Poker

Popup Blocker (Windows Live Toolbar)

QuickTime

Qwest QuickCare

RollerCoaster Tycoon Deluxe

Search for the Secret Keys

Search for the Secret Keys AppFix

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913433)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Spybot - Search & Destroy 1.4

The Incredibles - When Danger Calls

Update for Windows XP (KB894391)

Update for Windows XP (KB900485)

Update for Windows XP (KB908531)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Windows Defender Signatures

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Live Messenger

Windows Live Outlook Toolbar (Windows Live Toolbar)

Windows Live Sign-in Assistant

Windows Live Toolbar

Windows Live Toolbar

Windows Live Toolbar Extension (Windows Live Toolbar)

Windows Live Toolbar Feed Detector (Windows Live Toolbar)

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

WinZip

YDKJ The 5th Dementia

YOU DON'T KNOW JACK V1.0

 

Here you go, I hope this helps. Sorry it took so long, computer is really running slow...

[jurgenv 0]

Try to uninstall AVG antispyware and post a new hijackthis log here.

[wompum13 0]

Heres new hijack log.Logfile of HijackThis v1.99.1

Scan saved at 2:15:22 PM, on 10/8/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5700.0006)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Nortons anti virus\navapsvc.exe

C:\Program Files\Nortons anti virus\AdvTools\NPROTECT.EXE

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\mobsync.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Kristie\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Nortons anti virus\NavShExt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156585333637

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Nortons anti virus\navapsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Nortons anti virus\AdvTools\NPROTECT.EXE

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

 

I also have a couple questions could you please tell me what Microsoft Internationalized Domain names mitigation APIs and Microsoft National language support downlevel is?

those are both new in my add and remove in the control panel and neither have details...

[jurgenv 0]

Both are from Microsoft, leave them alone.

 

Your log looks clean though..

[wompum13 0]

Ok Im not being parnoid but now my computer will not hold its internet connection. Its a stand alone DSL and the router keeps dropping it then restarting.

[jurgenv 0]

Try to connect to the internet without the router and see if that helps.

[wompum13 0]

Ok now you've lost me. How do I do that?

[jurgenv 0]

You've said you have a router? Just hang your pc directly to the internet. without a router.