this is in response to help I am getting in another thread dealing with loss of search ability, services file missing all of extended tab and cannot start items in standard tab, cannot drag files, cannot find network connection, no internet ability.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 533 PM, on 2/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\rxjddnvj.exe,
O1 - Hosts: 194.54.90.238 www.google.com
O1 - Hosts: 194.54.90.238 www.google.ca
O1 - Hosts: 194.54.90.238 www.google.com.ag
O1 - Hosts: 194.54.90.238 www.google.com.ar
O1 - Hosts: 194.54.90.238 www.google.com.au
O1 - Hosts: 194.54.90.238 www.google.at
O1 - Hosts: 194.54.90.238 www.google.az
O1 - Hosts: 194.54.90.238 www.google.be
O1 - Hosts: 194.54.90.238 www.google.com.br
O1 - Hosts: 194.54.90.238 www.google.vg
O1 - Hosts: 194.54.90.238 www.google.bi
O1 - Hosts: 194.54.90.238 www.google.ca
O1 - Hosts: 194.54.90.238 www.google.td
O1 - Hosts: 194.54.90.238 www.google.cl
O1 - Hosts: 194.54.90.238 www.google.com.co
O1 - Hosts: 194.54.90.238 www.google.co.cr
O1 - Hosts: 194.54.90.238 www.google.dk
O1 - Hosts: 194.54.90.238 www.google.com.do
O1 - Hosts: 194.54.90.238 www.google.fm
O1 - Hosts: 194.54.90.238 www.google.fi
O1 - Hosts: 194.54.90.238 www.google.fr
O1 - Hosts: 194.54.90.238 www.google.gm
O1 - Hosts: 194.54.90.238 www.google.ge
O1 - Hosts: 194.54.90.238 www.google.de
O1 - Hosts: 194.54.90.238 www.google.com.gi
O1 - Hosts: 194.54.90.238 www.google.com.gr
O1 - Hosts: 194.54.90.238 www.google.gl
O1 - Hosts: 194.54.90.238 www.google.gg
O1 - Hosts: 194.54.90.238 www.google.co.il
O1 - Hosts: 194.54.90.238 www.google.it
O1 - Hosts: 194.54.90.238 www.google.co.kr
O1 - Hosts: 194.54.90.238 www.google.lu
O1 - Hosts: 194.54.90.238 www.google.mw
O1 - Hosts: 194.54.90.238 www.google.ro
O1 - Hosts: 194.54.90.238 www.google.se
O1 - Hosts: 194.54.90.238 www.google.co.uk
O1 - Hosts: 194.54.90.238 www.google.uz
O1 - Hosts: 194.54.90.238 google.com
O1 - Hosts: 194.54.90.238 google.ca
O1 - Hosts: 194.54.90.238 google.com.ag
O1 - Hosts: 194.54.90.238 google.com.ar
O1 - Hosts: 194.54.90.238 google.com.au
O1 - Hosts: 194.54.90.238 google.at
O1 - Hosts: 194.54.90.238 google.az
O1 - Hosts: 194.54.90.238 google.be
O1 - Hosts: 194.54.90.238 google.com.br
O1 - Hosts: 194.54.90.238 google.vg
O1 - Hosts: 194.54.90.238 google.bi
O1 - Hosts: 194.54.90.238 google.ca
O1 - Hosts: 194.54.90.238 google.td
O1 - Hosts: 194.54.90.238 google.cl
O1 - Hosts: 194.54.90.238 google.com.co
O1 - Hosts: 194.54.90.238 google.co.cr
O1 - Hosts: 194.54.90.238 google.dk
O1 - Hosts: 194.54.90.238 google.com.do
O1 - Hosts: 194.54.90.238 google.fm
O1 - Hosts: 194.54.90.238 google.fi
O1 - Hosts: 194.54.90.238 google.fr
O1 - Hosts: 194.54.90.238 google.gm
O1 - Hosts: 194.54.90.238 google.ge
O1 - Hosts: 194.54.90.238 google.de
O1 - Hosts: 194.54.90.238 google.com.gi
O1 - Hosts: 194.54.90.238 google.com.gr
O1 - Hosts: 194.54.90.238 google.gl
O1 - Hosts: 194.54.90.238 google.gg
O1 - Hosts: 194.54.90.238 google.co.il
O1 - Hosts: 194.54.90.238 google.it
O1 - Hosts: 194.54.90.238 google.co.kr
O1 - Hosts: 194.54.90.238 google.lu
O1 - Hosts: 194.54.90.238 google.mw
O1 - Hosts: 194.54.90.238 google.ro
O1 - Hosts: 194.54.90.238 google.se
O1 - Hosts: 194.54.90.238 google.co.uk
O1 - Hosts: 194.54.90.238 google.uz
O1 - Hosts: 194.54.90.238 search.yahoo.com
O1 - Hosts: 194.54.90.238 de.search.yahoo.com
O1 - Hosts: 194.54.90.238 search.msn.com
O1 - Hosts: 194.54.90.238 search.msn.de
O1 - Hosts: 194.54.90.238 search.live.com
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {5847077c-1dd2-11b2-b831-d886c5176098} - C:\WINDOWS\vwlgxexc.dll
O2 - BHO: (no name) - {5924e3e6-1dd2-11b2-a0c3-a4015aa0538f} - C:\WINDOWS\wlglkdkp.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: (no name) - {B0317C7E-33BB-48D8-A525-BA3DA8080D84} - C:\Program Files\MSN\mezohelC:\WINDOWS\system32\winzs6\renamd 83122.exe.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bab0d4de-1dd1-11b2-92ba-acf8be89152d} - C:\WINDOWS\ghmdwhcz.dll
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134252043\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ypifwzwd] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ypifwzwd.dll"
O4 - HKLM\..\Run: [fktwzuvq] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\fktwzuvq.dll"
O4 - HKLM\..\Run: [axwrkxwn] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\axwrkxwn.dll"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKUS\S-1-5-21-73586283-179605362-725345543-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe (User 'Default user')
O4 - S-1-5-21-73586283-179605362-725345543-1003 Startup: .protected (User '?')
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZUxdm080YYUS
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Computer Browser (Browser) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Server (lanmanserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: SSDP Discovery Service (SSDPSRV) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Themes - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Universal Plug and Play Device Host (upnphost) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Time (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: WebClient - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Wireless Zero Configuration (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

--
End of file - 18057 bytes

help please, I am attempting to fix without losing family photos

I have reviewed your other thread:
http://www.d-a-l.com/help/showthread.php?t=55141

You have been compromised by a site in the Ukraine (194.54.90.238) - a search to Google, for example, will always go (redirect) to their site.

Any requested download tools will have to come from another PC.




SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O1 - HOSTS: 194.54.90.238 www.google.com
O1 - HOSTS: 194.54.90.238 www.google.ca
O1 - HOSTS: 194.54.90.238 www.google.com.ag
O1 - HOSTS: 194.54.90.238 www.google.com.ar
O1 - HOSTS: 194.54.90.238 www.google.com.au
O1 - HOSTS: 194.54.90.238 www.google.at
O1 - HOSTS: 194.54.90.238 www.google.az
O1 - HOSTS: 194.54.90.238 www.google.be
O1 - HOSTS: 194.54.90.238 www.google.com.br
O1 - HOSTS: 194.54.90.238 www.google.vg
O1 - HOSTS: 194.54.90.238 www.google.bi
O1 - HOSTS: 194.54.90.238 www.google.ca
O1 - HOSTS: 194.54.90.238 www.google.td
O1 - HOSTS: 194.54.90.238 www.google.cl
O1 - HOSTS: 194.54.90.238 www.google.com.co
O1 - HOSTS: 194.54.90.238 www.google.co.cr
O1 - HOSTS: 194.54.90.238 www.google.dk
O1 - HOSTS: 194.54.90.238 www.google.com.do
O1 - HOSTS: 194.54.90.238 www.google.fm
O1 - HOSTS: 194.54.90.238 www.google.fi
O1 - HOSTS: 194.54.90.238 www.google.fr
O1 - HOSTS: 194.54.90.238 www.google.gm
O1 - HOSTS: 194.54.90.238 www.google.ge
O1 - HOSTS: 194.54.90.238 www.google.de
O1 - HOSTS: 194.54.90.238 www.google.com.gi
O1 - HOSTS: 194.54.90.238 www.google.com.gr
O1 - HOSTS: 194.54.90.238 www.google.gl
O1 - HOSTS: 194.54.90.238 www.google.gg
O1 - HOSTS: 194.54.90.238 www.google.co.il
O1 - HOSTS: 194.54.90.238 www.google.it
O1 - HOSTS: 194.54.90.238 www.google.co.kr
O1 - HOSTS: 194.54.90.238 www.google.lu
O1 - HOSTS: 194.54.90.238 www.google.mw
O1 - HOSTS: 194.54.90.238 www.google.ro
O1 - HOSTS: 194.54.90.238 www.google.se
O1 - HOSTS: 194.54.90.238 www.google.co.uk
O1 - HOSTS: 194.54.90.238 www.google.uz
O1 - HOSTS: 194.54.90.238 google.com
O1 - HOSTS: 194.54.90.238 google.ca
O1 - HOSTS: 194.54.90.238 google.com.ag
O1 - HOSTS: 194.54.90.238 google.com.ar
O1 - HOSTS: 194.54.90.238 google.com.au
O1 - HOSTS: 194.54.90.238 google.at
O1 - HOSTS: 194.54.90.238 google.az
O1 - HOSTS: 194.54.90.238 google.be
O1 - HOSTS: 194.54.90.238 google.com.br
O1 - HOSTS: 194.54.90.238 google.vg
O1 - HOSTS: 194.54.90.238 google.bi
O1 - HOSTS: 194.54.90.238 google.ca
O1 - HOSTS: 194.54.90.238 google.td
O1 - HOSTS: 194.54.90.238 google.cl
O1 - HOSTS: 194.54.90.238 google.com.co
O1 - HOSTS: 194.54.90.238 google.co.cr
O1 - HOSTS: 194.54.90.238 google.dk
O1 - HOSTS: 194.54.90.238 google.com.do
O1 - HOSTS: 194.54.90.238 google.fm
O1 - HOSTS: 194.54.90.238 google.fi
O1 - HOSTS: 194.54.90.238 google.fr
O1 - HOSTS: 194.54.90.238 google.gm
O1 - HOSTS: 194.54.90.238 google.ge
O1 - HOSTS: 194.54.90.238 google.de
O1 - HOSTS: 194.54.90.238 google.com.gi
O1 - HOSTS: 194.54.90.238 google.com.gr
O1 - HOSTS: 194.54.90.238 google.gl
O1 - HOSTS: 194.54.90.238 google.gg
O1 - HOSTS: 194.54.90.238 google.co.il
O1 - HOSTS: 194.54.90.238 google.it
O1 - HOSTS: 194.54.90.238 google.co.kr
O1 - HOSTS: 194.54.90.238 google.lu
O1 - HOSTS: 194.54.90.238 google.mw
O1 - HOSTS: 194.54.90.238 google.ro
O1 - HOSTS: 194.54.90.238 google.se
O1 - HOSTS: 194.54.90.238 google.co.uk
O1 - HOSTS: 194.54.90.238 google.uz
O1 - HOSTS: 194.54.90.238 search.yahoo.com
O1 - HOSTS: 194.54.90.238 de.search.yahoo.com
O1 - HOSTS: 194.54.90.238 search.msn.com
O1 - HOSTS: 194.54.90.238 search.msn.de
O1 - HOSTS: 194.54.90.238 search.live.com

O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {5847077c-1dd2-11b2-b831-d886c5176098} - C:\WINDOWS\vwlgxexc.dll
O2 - BHO: (no name) - {5924e3e6-1dd2-11b2-a0c3-a4015aa0538f} - C:\WINDOWS\wlglkdkp.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {B0317C7E-33BB-48D8-A525-BA3DA8080D84} - C:\Program Files\MSN\mezohelC:\WINDOWS\system32\winzs6\renamd 83122.exe.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bab0d4de-1dd1-11b2-92ba-acf8be89152d} - C:\WINDOWS\ghmdwhcz.dll
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)


Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.




Download ComboFix from one of the following links below:

Here or Here to your Desktop.


**Note: If you already have Combofix, delete previous copy(s) and download the latest version. It is important that it is saved directly to your desktop**

Combofix will disconnect your machine from the Internet and restore connections before it completes its run. If Combofix terminates prematurely and breaks the Internet connections, they can be restored manually by rebooting the machine. Note: If you have an "always on" connection (DSL/cable), unplug the cable from the modem before running Combofix. Do not reconnect before Combofix has finished its scan.

• Very Important! Temporarily disable your:
  • anti-virus,
  • script blocking and
  • any anti-malware real-time protection
  before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  
• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and a HijackThis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

ComboFix SHOULD NOT be used unless requested by a forum helper.





Broken Internet Connection (if still not working):
The easiest way to fix the broken Internet chain is to download and use a freeware utility called LSPFix.exe:
http://cexx.org/lspfix.htm (copy to a floppy or pen drive, if necessary –182K file)

Launch the LSP application, and click the "I know what I'm doing" checkbox.

Move nothing just click Finish.


If still no joy, download and run WinsockXPFix:
http://www.snapfiles.com/reviews/Win...sockxpfix.html
-----> Winsock repair utility designed for Windows XP.

Here is my combofix log, I hope I did it right.



ComboFix 08-02.05.3 - Owner 2008-02-09 10:09:27.1 - NTFSx86
Running from: D:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\sffdiskk.sys
C:\.protected
C:\Documents and Settings\All Users\Application Data.\axwrkxwn.dll
C:\Documents and Settings\All Users\Application Data.\fktwzuvq.dll
C:\Documents and Settings\All Users\Application Data.\ypifwzwd.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected
C:\Documents and Settings\barb\Start Menu\Programs\Startup\.protected
C:\Documents and Settings\jess\Start Menu\Programs\Startup\.protected
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\.protected
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\0007180A.dat
C:\Program Files\FunWebProducts\Shared\000A8C03.dat
C:\Program Files\FunWebProducts\Shared\00D00CAE.dat
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.htm
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\Temp\tpBe12
C:\WINDOWS\.protected
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\PerfInfo
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\etc\.protected
C:\WINDOWS\system32\drivers\sffdiskk.sys
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\svchost.exe.orig
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SFFDISKK
-------\sffdiskk


((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.

2008-02-08 17:53 . 2008-02-08 17:53 268 --ah----- C:\sqmdata06.sqm
2008-02-08 17:53 . 2008-02-08 17:53 244 --ah----- C:\sqmnoopt07.sqm
2008-02-08 17:50 . 2008-02-08 17:50 <DIR> d-------- C:\Documents and Settings\jess\Application Data\Webroot
2008-02-08 17:38 . 2008-02-08 17:38 <DIR> d-------- C:\Documents and Settings\barb\Application Data\Webroot
2008-02-08 17:21 . 2008-02-08 17:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-07 17:27 . 2008-02-07 17:27 <DIR> d-------- C:\Program Files\Webroot
2008-02-07 17:27 . 2008-02-07 17:27 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Webroot
2008-02-07 17:27 . 2008-02-07 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-02-07 17:27 . 2007-06-21 18:57 1,520,952 --a------ C:\WINDOWS\WRSetup.dll
2008-02-07 17:27 . 2007-06-21 18:43 160,056 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-02-07 17:27 . 2007-06-21 18:43 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-02-07 17:27 . 2007-06-21 18:43 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2008-02-07 16:29 . 2007-06-21 18:43 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-02-07 16:22 . 2008-02-07 16:22 <DIR> d--hs---- C:\INCINERATE
2008-02-02 19:41 . 2008-02-07 16:22 <DIR> d-------- C:\Program Files\iolo
2008-02-02 19:41 . 2004-09-08 08:36 567,808 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-02-02 19:41 . 2004-08-27 01:20 57,240 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-02-02 19:41 . 2004-08-28 15:18 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-01-24 21:55 . 2008-01-24 21:55 244 --ah----- C:\sqmnoopt06.sqm
2008-01-24 21:55 . 2008-01-24 21:55 232 --ah----- C:\sqmdata05.sqm
2008-01-23 19:28 . 2008-01-23 19:28 <DIR> d-------- C:\Program Files\PCPitstop
2008-01-23 18:34 . 2008-01-23 18:35 <DIR> d-------- C:\Documents and Settings\jess\Application Data\SpywareBot
2008-01-23 17:37 . 2008-01-23 17:37 <DIR> d-------- C:\Documents and Settings\jess\Application Data\AdwareAlert
2008-01-23 17:36 . 2008-01-23 18:19 <DIR> d-------- C:\Program Files\AdwareAlert
2008-01-22 14:37 . 2008-01-22 14:37 191,488 --a------ C:\WINDOWS\uvuzkjqt.dll
2008-01-21 21:41 . 2008-01-21 21:41 <DIR> d-------- C:\Documents and Settings\jess\Application Data\XPdefender
2008-01-21 17:38 . 2008-01-21 17:38 199,168 --a------ C:\WINDOWS\dqzmhqzi.dll
2008-01-21 11:58 . 2008-01-21 11:58 3,776,774 --a------ C:\WINDOWS\VO261vW5Vr.exe
2008-01-21 11:57 . 2008-01-21 11:57 <DIR> d-------- C:\WINDOWS\system32\winzs6
2008-01-21 11:57 . 2008-01-21 21:19 <DIR> d-------- C:\WINDOWS\system32\nui4
2008-01-21 11:57 . 2008-01-21 11:57 <DIR> d-------- C:\WINDOWS\system32\extz1
2008-01-21 11:57 . 2008-01-21 21:19 <DIR> d-------- C:\WINDOWS\system32\dob3
2008-01-21 11:57 . 2008-01-21 21:19 <DIR> d-------- C:\WINDOWS\system32\comz7
2008-01-21 11:57 . 2008-01-21 11:57 <DIR> d-------- C:\WINDOWS\jshbtnih
2008-01-21 11:57 . 2008-01-21 11:57 <DIR> d-------- C:\Temp\gTiis19
2008-01-21 11:57 . 2008-01-21 11:57 196,096 --a------ C:\WINDOWS\zshkjqxm.dll
2008-01-21 11:57 . 2008-01-21 11:57 37,376 --a------ C:\WINDOWS\vkpexedc.exe
2008-01-21 11:56 . 2008-01-22 17:53 <DIR> d-------- C:\WINDOWS\system32\nGpxx13
2008-01-21 11:56 . 2008-01-21 11:56 <DIR> d-------- C:\Temp\cXzz9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-09 01:51 --------- d-----w C:\Documents and Settings\jess\Application Data\AVG7
2008-02-09 01:38 --------- d-----w C:\Documents and Settings\barb\Application Data\AVG7
2008-02-08 23:59 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN6
2008-02-08 00:21 --------- d-----w C:\Program Files\Hasbro Interactive
2008-02-08 00:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-02-03 00:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-02-01 19:12 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-24 03:28 --------- d-----w C:\Program Files\Common Files\Scanner
2008-01-24 02:20 --------- d-----w C:\Program Files\IrfanView
2007-12-28 19:54 --------- d-----w C:\Program Files\RcvSystem
2007-12-26 01:39 --------- d-----w C:\Program Files\Photo Viewer
2007-12-10 04:42 --------- d-----w C:\Program Files\FinePixViewer
2007-12-10 04:40 --------- d-----w C:\Documents and Settings\barb\Application Data\FUJIFILM
2007-12-10 04:30 --------- d-----w C:\Documents and Settings\barb\Application Data\Comcast
2006-01-08 03:19 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 08:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 07:59 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 07:59 126976]
"BJPD HID Control"="C:\Program Files\Canon\BJPV\TVMon.exe" [2003-06-25 15:01 45056]
"BJLaunchEXE"="C:\Program Files\Canon\BJCard\BJLaunch.exe" [2003-04-30 15:48 716800]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-25 19:25 180269]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 11:50 155648]
"HostManager"="C:\Program Files\Common Files\AOL\1134252043\ee\AOLSoftware.exe" [2006-05-09 16:24 50760]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-12 17:29 155648]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"CleanUp"="C:\PROGRA~1\mcafee.com\shared\mcappins. exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 19:37 579072]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-06-21 18:57 5355832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ac1fe3e3-62c9-11db-9a8c-000d566981d4}]
\Shell\AutoRun\command - D:\setupSNK.exe

.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 10:20:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
.
************************************************** ************************
.
Completion time: 2008-02-09 10:24:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-09 18:24:02
.
2008-01-09 19:07:00 --- E O F ---

The combofix went fine and reveals quit a lot. Please do not use any other tools while I am assisting you as that could incompletely address some issues while leaving no trace that such issues ever existed.



Is your Internet connection now working?



I need to see a revised HijackThis LOG and the following additional UNINSTALL LOG:

Let us see/review what is loaded on your PC:

• Run HijackThis and Click Open the Misc Tools section button.
• Then click the Open Uninstall Manager… button.
• Click the Save list… button. Save uninstall_list to your desktop.
  
  
• Open the Uninstall list file and post in your next reply, please.

just for clarification, my internet still does not work.
also, do you want me to run i.e. "do a system scan and save file" and then do the "open the misc tools section" or go straight to it?

"do a system scan and save file" and then do the "open the misc tools section"

Do BOTH scans using the same tool.


Required logs:

• HijackThis log
• Uninstall List

hijack list

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:11 AM, on 2/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134252043\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKUS\S-1-5-21-73586283-179605362-725345543-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZUxdm080YYUS
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Computer Browser (Browser) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Server (lanmanserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: SSDP Discovery Service (SSDPSRV) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Themes - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Universal Plug and Play Device Host (upnphost) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Time (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: WebClient - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Wireless Zero Configuration (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

--
End of file - 11675 bytes


uninstall list

Adobe Reader 7.0.9
AVG 7.5
Basic Facts Worksheet Factory
Broadcom 440x 10/100 Integrated Controller
Canon Camera Window for ZoomBrowser EX
Canon i900D
Canon Photo Viewer
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint Plus
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
CK Creative Clips and Fonts Sampler 2
Comcast PhotoShow Deluxe 4
Comcast Toolbar
Creative Lettering Combo
Creative Lettering Super Combo
Dell ResourceCD
DirectX Media Runtime 5.1
DrawPlus 3.0
Easy-WebPrint
FinePixViewer Ver.4.3
FUJIFILM USB Driver
Google Earth
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hoyle Card Games 4
Intel(R) Extreme Graphics Driver
iPod for Windows
iPod for Windows 2005-09-23
iPod for Windows 2006-06-28
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 3
Jigs@w Puzzle
Jumble CD-ROM
Mathematics Worksheet Factory 3 Trial
Memory Card Utility
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Web Publishing Wizard 1.52
Nero Suite
Photo Viewer 2.4
PhotoShow Express 4
PowerDVD
QuickTime
RAW FILE CONVERTER LE
RealArcade
RealPlayer
Rhapsody Player Engine
Schoolhouse Bingo
Scrabble
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Shockwave
SoundMAX
The Print Shop
Tune Tools for iPod
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Vocabulary Worksheet Factory 3 Evaluation
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahtzee

C:\WINDOWS\absolute key logger.lnk

You might want to stop here and reflect on what may have happened. The above may indicate that a keylogger was in use which could create ongoing serious issues for you. Plus you have been extensively infected and all your default services appear to have been neutralized. We may or may not be able to get this back to normal. Might be more productive to consider other options. Is this a desktop where you might be able to add another hard drive (internal or USB)? Do you currently have any working USB devices?




Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

• In Safe Mode, right click the SDFix.zip folder and choose Extract All,
• Open the extracted folder and double click RunThis.bat to start the script.
• Type Y to begin the script.
• It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• Your system will take longer that normal to restart as the fixtool will be running and removing files.
• When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
• Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log.
  
  Please also provide any new current observations.

Additionally, we can try the following if you have a DELL 'XP installation disk' and not a 'repair disk':


Dell PCs have a tag number which should allow you to access and download your specific wireless? or network card device driver for re-installation, if needed.

You will probably also need to do a Repair Install of XP. A backup of critical user files might be advisable before doing so:

If the option to Repair Install is NOT available and you continue with the install; you will delete your Windows folder and the Documents and Settings folders. All applications installed that place keys in the registry will need to be re-installed and will require the original install media.

You should exit setup if the repair option is not available

You need to proceed carefully after reading all instructions - exactly as instructed here (take your time and double-check each step):

http://michaelstevenstech.com/XPrepairinstall.htm