Help

To solve this problems, use your Windows CD to repair the Windows. POP! All done.

G'day, imperious,
Really this should have been posted over at Viruses n Nasties, but what the heck, you're here, I'm here...
Please do not do a Windows Repair, it's not really called for.
Let's fix your Hosts File:

• download HostsXpert from http://www.funkytoad.com/content/view/13/31/
  
  
  • click the top button Make Writable if it is available
  • click Restore MS Hosts File button.
• Now that that is done you should be able to go to Norton/symantec site - get the uninstaller tool for the AV you had and run it because you have active components still in your sys [you may run only ONE active AV service - they interfere.. Of course, you may wish to ditch Avast - your decision]

Use hijackthis to fix these two [benign] entries:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - Startup: services.lnk = ?

Good. Now I do not see what modified your hosts file so would you please:
Clean..

• Download this temp file cleaner from [url]http://www.atribune.org/ccount/click.php?id=1[/url] --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
  Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
  Close ATF.
  Scan..
• GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5 or here http://free.grisoft.com/freeweb.php/doc/5390/lng/us/tpl/v5#avg-anti-spyware-free
  
  
  • Install it and UPDATE it.
• Start AVG a-s 7.5;
  
  
  • under Scanner/ Settings please change the default action from Recommended Actions to QUARANTINE, and run the complete system scan.
  • press Apply all Actions and Save the log file. Post the log file and a fresh hijackthis log too.

To solve this problems, use your Windows CD to repair the Windows. POP! All done.

great detailed post ,and great suggestion for the problem at hand ,oh and maybe a big hammer for after the repair!lol

AVG
"completed test, No Threats found"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:48 PM, on 2/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startzone.info/a
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155579294096
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 10379 bytes

AVG AS saw nothing, I see nothing more now... is your problem still there? [grey task bar, sound failing etc.] Is another window still taking focus and activating over the top of the one you meant to be using?

I thought it was fixed at first but the typing is still
all messed up. It will jump from one word to a different word. And it will scroll the page up and down and go back to previous pages on the internet. As far as the other problems go i am not sure because they only happen once in a while.

Imperious, could you run these scans to check for malware, please? First clean:
==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner.
==Please use IE to do an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here.
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
Okay, post those two logs, please, plus a fresh hijackthis log.

http://www.pandasoftware.com/products/activescan?
Incident Status Location

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\EndUser\Application Data\Mozilla\Firefox\Profiles\jr5e096x.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\EndUser\Application Data\Mozilla\Firefox\Profiles\jr5e096x.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\EndUser\Application Data\Mozilla\Firefox\Profiles\jr5e096x.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\EndUser\Application Data\Mozilla\Firefox\Profiles\jr5e096x.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\EndUser\Application Data\Mozilla\Firefox\Profiles\jr5e096x.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\EndUser\Application Data\Mozilla\Firefox\Profiles\jr5e096x.default\cookies.txt[.zedo.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\EndUser\Application Data\Mozilla\Firefox\Profiles\jr5e096x.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\EndUser\Application Data\Mozilla\Firefox\Profiles\jr5e096x.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\EndUser\Cookies\enduser@atdmt[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\EndUser\Cookies\enduser@bs.serving-sys[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\EndUser\Cookies\enduser@doubleclick[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\EndUser\Cookies\enduser@serving-sys[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[.azjmp.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Nick's\Application Data\Mozilla\Firefox\Profiles\fj5uxdyb.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Nick's\Cookies\nick's@advertising[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Nick's\Cookies\nick's@bs.serving-sys[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nick's\Cookies\nick's@doubleclick[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Nick's\Cookies\nick's@serving-sys[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Nick's\Cookies\nick's@tribalfusion[2].txt

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

ComboFix 08-03-04.2 - Nick's 2008-03-03 20:25:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.291 [GMT -7:00]
Running from: C:\Documents and Settings\Nick's\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\taskkill.com

.
((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.

2008-03-03 20:22 . 2004-08-03 21:56 388,608 --a------ C:\CF19715.exe
2008-03-03 17:42 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-03 17:19 . 2008-03-03 18:42 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-03 17:19 . 2008-03-03 17:19 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-03 17:19 . 2008-03-03 17:36 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-03 17:19 . 2008-03-03 17:36 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-03 17:19 . 2008-03-03 17:36 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-03 17:09 . 2008-03-03 17:09 <DIR> d-------- C:\Program Files\CCleaner
2008-03-01 09:29 . 2008-03-01 09:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-01 08:46 . 2008-03-01 08:46 <DIR> d-------- C:\Documents and Settings\EndUser\Application Data\Apple Computer
2008-02-27 16:30 . 2008-02-27 16:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-21 17:19 . 2008-02-21 17:19 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-21 17:19 . 2008-02-21 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-21 17:18 . 2008-02-21 17:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-20 17:36 . 2008-02-20 17:36 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-20 17:36 . 2007-12-04 06:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-20 17:36 . 2004-01-09 03:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-20 17:36 . 2007-12-04 05:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-20 17:36 . 2007-12-04 07:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-20 17:36 . 2007-12-04 07:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-20 17:36 . 2007-12-04 07:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-20 17:36 . 2007-12-04 07:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-20 17:36 . 2007-12-04 07:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-20 16:42 . 2008-02-20 16:43 <DIR> d-------- C:\Program Files\Logitech
2008-02-20 16:42 . 2008-02-20 16:42 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-02-20 12:54 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-02-20 12:54 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-02-13 14:42 . 2008-02-13 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-02-11 12:52 . 2003-07-15 23:27 43,264 -ra------ C:\WINDOWS\system32\drivers\ser2pl.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 01:21 --------- d-----w C:\Program Files\QuickTime
2008-03-04 01:19 --------- d-----w C:\Program Files\MSN Messenger
2008-03-04 01:14 --------- d-----w C:\Program Files\iTunes
2008-03-04 01:13 --------- d-----w C:\Program Files\Google
2008-03-04 01:13 --------- d-----w C:\Program Files\FlashGet
2008-02-29 03:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-20 23:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\PackersScreenServer
2008-02-20 23:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-15 01:42 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-14 17:01 --------- d-----w C:\Program Files\Starcraft
2008-02-02 18:44 --------- d-----w C:\Program Files\Diablo II
2008-02-02 18:43 43,520 -c--a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-14 18:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-14 02:39 256 ----a-w C:\Documents and Settings\Nick's\pool.bin
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 15:38 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05 204288]
"services"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2003-06-03 11:40 180316]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 14:34 36864]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-07-07 17:14 274432]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 15:40 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 15:38 688218]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-02-03 09:26 3072000]
"nwiz"="nwiz.exe" [2004-02-03 09:26 753664 C:\WINDOWS\system32\nwiz.exe]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-06-26 15:04 53248]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-15 08:51 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05 257088]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 08:56 236016]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-12-20 09:42 35328]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 06:00 79224]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Little Fighter 2.5 - v2.0\\lf2.5\\lf2.5.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\imperious_cm\\counter-strike\\hl.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"C:\\ijji\\ENGLISH\\GUNSTER.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\imperious_cm\\day of defeat\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\NetstormLaunch\\package\\Netstorm.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"C:\\Program Files\\OGPlanet\\Albatross18\\update.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 EMCR;EMCR;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys [2004-09-10 07:44]
S3 UXDCMN;UXDCMN;D:\winstress\UXDCMN.SYS []

*Newly Created Service* - QCMWOESILSMU
*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SDTHOOK
.
Contents of the 'Scheduled Tasks' folder
"2008-02-18 15:00:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 20:28:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????????h?e??????? ??TB???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-03 20:29:31
ComboFix-quarantined-files.txt 2008-03-04 03:29:17
.
2008-02-13 16:15:27 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:54 PM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startzone.info/a
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155579294096
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 9593 bytes

Imperious, could you check the properties of this file for its owner details, please... see if you recognise it. If unknown, delete it-
C:\CF19715.exe
Please go Start, run, type or paste in
sfc /scannow
-insert your XP SP2 cd, press Enter as required. This will replace any system files damaged by the Alcra worm you had.

It was i would say about 80% done
then my computer said preparing to hibernate
then i tried to turn it back on and it started and right before it started up completely it just shut off again

Also i do not have xp sp2 CD maybe its lost somewhere but i don't believe i ever got one because i always keep them in the same place

I have:
Operating system CD (Microsoft Windows XP Home SP1a)
Driver Recovery CD
Application Recovery CD

Imperious, you are running SP2 now so that SP1 cd will not work. Do you think you could borrow a XP SP2 cd from someone?

Yeah il try to get one off a friend
If not... then? Go buy one?

If you have to buy your local puter shop should burn you one for just a couple dollars. It's not as if you are wanting the licence, which is where the real fee is.

Ok i Got the Windows XP Home Edition SP2
i run sfc /scannow
and still it asks for a disk

Possible reasons for this problem:
-you have inserted the wrong CD. (i.e., a different windows product CD than the version installed)
-the CD-ROM drive in your system is not functioning

Okay...
=What is the name of your optical [eg, CD, DVD] drive in Explorer? Is it D:\
Open that CD and find the path to the I386 folder... it is likely in the root of the drive, eg D:\I386 -tell me.
=Do you have this folder [you may have to show hidden files to see it]?:
c:\windows\ServicePackFiles\ServicePackCache
=Could I have a look at the contents of this reg key....
==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as showkey.bat, as type "all files", to your desktop; dclick it to run, then post the file C:\showkey.txt
__________________________________________________________
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup" >C:\showkey.txt
start C:\showkey.txt
__________________________________________________________

yeah i386 is under D:
i do not have c:\windows\ServicePackFiles\ServicePackCache,
under servicepackfiles there is only i386 and lang

Imperious, if you have a folder c:\windows\ServicePackFiles\I386 about 450MB in size, more or less, then you must have done an [online?] update to SP2? In that case there should be a registry entry pointing to that folder and Windows File Protection should be able to access it.
The command sfc [system file checker] is part of Windows File Protection - WFP automatically replaces any protected system files that are corrupted, altered or deleted, sfc additionally will copy into the protected file cache a fresh copy of such bad files from a cd or other folder, eg c:\windows\ServicePackFiles\I386 [if it is not empty? Tell me].
Could you please run that batch file for me so I can see stuff?

i386 is not empty

sorry for the confusion but im not to sure what you mean by this

Could you please run that batch file for me so I can see stuff?

Ah, this bit... if you run this batch file [follow the instructions] I will be able to see some relevant registry entries on your machine.
==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as showkey.bat, as type "all files", to your desktop; dclick it to run, then post the file C:\showkey.txt which will open on your desktop.
__________________________________________________________
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup" >C:\showkey.txt
start C:\showkey.txt
__________________________________________________________

i am really sorry
but i don't understand
where do i find the text between the lines

reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup" >C:\showkey.txt
start C:\showkey.txt

once again im sorry for the confusion

haha shit Never mind

wow i guess i didn't really think that one through haha

ok here it is

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
DriverCachePath REG_EXPAND_SZ %SystemRoot%\Driver Cache
BootDir REG_SZ C:\
PrivateHash REG_BINARY 05144058564EFE88A5DF1FCB5390D91E
Installation Sources REG_MULTI_SZ C:\WINDOWS\OPTIONS\CABS\NETRTXPO.INF\0D:\I386\0D:\\0\0
SourcePath REG_SZ
ServicePackSourcePath REG_SZ c:\windows\ServicePackFiles
CDInstall REG_DWORD 0x1
LogLevel REG_DWORD 0x0
ServicePackCachePath REG_SZ c:\windows\ServicePackFiles\ServicePackCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\AppLogLevels

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\BaseWinOptions

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Migration Dlls

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Oc Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents

Good-oh... I hid it well, didn't I.. :)
Same trick, run this batchfile.... it will add a registry entry [or modify the one you have] so that it points to your CD/DVD drive. sfc /scannow should then find the I386 folder on the cd.

==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as modSetup.bat, as type "all files", to your desktop; dclick it to run.

______________________________________________
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup /v SourcePath /t REG_SZ /d D:\ /f
______________________________________________

The way things work is that because you did an online update to SP2 you have \I386 in c:\windows\ServicePackFiles -this is where the most up-to-date files are stored in your sys [some from Windows Updates]. For some reason sfc is not working with those and is asking for the cd.... this reg mod directs it to the \I386 folder on the cd. Try running sfc /scannow again.

Alright i Paste that into notepad save. Run. Then..

I just added to my post above...all you see happen is that black cmd window flash. Run sfc /scannow again and see if it works from the cd.

Ok i ran sfc /scannow
everything was working fine and it wasn't asking for the CD

Except then i encountered the same problem as the first time i ran it. It was working fine then all of a sudden my computer just shut off.

Sometimes sfc is really processor-intensive [it is on my sys, the fan screams], and your CPU can overheat - the first thing you know about that is that the puter just shuts off. Power off at the wall [pull the plug], open the case and get to work on the CPU heatsink fins and fan with a soft, longbristled brush and a vacuum cleaner nozzle. Get rid of the dust... I bet tehere is heaps if you have not done this before..