Hello guys, im Drew and i would like to thank for the help in advance. I have Been experiencing all kinds of malware stuff going on lately. I have an internet re-direct thing going on, and i need help badly. I have ran spybot, and it finds the command service malware, and it will not get rid of it. Also, it finds virtumode as well. I have ran malwarebytes software on my computer as well and the malware seems to keep coming back after i clean up. Just recently I have an icon now that looks like the red X sheild at the bottom right of my toolbar that keeps saying "you have a security problem" , which i know is malware as well. Please guys i really really need someone to help me out here. I have tried ev erything. Here is my HJ log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:57 PM, on 12/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Netgear Update Assistant\LanUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\tintinyproxyy\tinyproxy.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\DOCUME~1\DREW~1.D3T\LOCALS~1\Temp\a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\DREW~1.D3T\LOCALS~1\Temp\~tmpc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\DREW~1.D3T\LOCALS~1\Temp\~tmpb.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08AE9A53-0423-45CF-B218-E2AE5CB320E7} - (no file)
O2 - BHO: (no name) - {18B8D2B3-FB0B-4D98-8F97-39421F85DEE3} - (no file)
O2 - BHO: (no name) - {2056A126-5076-49A7-97DE-593457B1A4C8} - (no file)
O2 - BHO: (no name) - {346D5523-A4CC-42CC-97B2-81D610319DE7} - (no file)
O2 - BHO: (no name) - {39122339-7ECB-4AA3-8B02-1FDBAA5A3293} - (no file)
O2 - BHO: (no name) - {4B78B267-DEB3-4198-98DB-027EB5FDDAE5} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {598645B6-679D-4937-A43E-9EBA56E80B65} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5CD41CFA-B941-41FD-8044-AD1383FFEAC9} - (no file)
O2 - BHO: (no name) - {71BC969C-E19D-4AE9-AF35-D0C44DDDFD97} - (no file)
O2 - BHO: (no name) - {736F6CCE-F96C-42F4-B4A0-D31FEE20A979} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E851FBC-A8D7-4D5D-965B-0A6A1C62EFEB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {930ADCCE-76D3-475E-B6CF-FE4D4756BA08} - (no file)
O2 - BHO: (no name) - {A230CCDB-490F-4339-91DF-B151CE011384} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: (no name) - {AFD9B5B8-03F8-4F93-9BAC-3654C5442835} - (no file)
O2 - BHO: (no name) - {b8f74b13-39b6-486a-9a82-8af5d32dd011} - (no file)
O2 - BHO: (no name) - {D671089C-D0C0-4DE5-9E7C-72F9A1E8050E} - (no file)
O2 - BHO: (no name) - {f284cba0-f166-4f53-a4f5-a61430a811a5} - (no file)
O2 - BHO: (no name) - {FCBDCA5C-6653-4BA9-9245-73E3CE8E3B6C} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [LanUpdate] "C:\Program Files\Netgear Update Assistant\LanUpdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Drew.D3TPM191\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Drew.D3TPM191\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Drew.D3TPM191\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{3210819B-8FB5-403C-82AF-E7D6632B955A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{680E7526-D5FE-4D64-AC00-D00363012AC7}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEEBCC8D-A6B3-4BE3-A9B9-8041DB20DAC6}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: inaqyu.dll tobulz.dll iixhdy.dll vvuhvv.dll yxvbwe.dll fzmudl.dll mjupqy.dll gvodyp.dll
O20 - Winlogon Notify: yayxyxVL - yayxyxVL.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\Program Files\tintinyproxyy\tinyproxy.exe

--
End of file - 11792 bytes


Here is the Malwarebytes log as well in case you needed this... I just compleated running the scan, and the websites on my internet are still redirecting me.

Malwarebytes' Anti-Malware 1.31
Database version: 1571
Windows 5.1.2600 Service Pack 3

12/29/2008 11:55:36 PM
mbam-log-2008-12-29 (23-55-36).txt

Scan type: Full Scan (C:\|)
Objects scanned: 212507
Time elapsed: 1 hour(s), 14 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 25

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Drew.D3TPM191\Local Settings\Temp\~tmpe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Drew.D3TPM191\Local Settings\Temp\ie272C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Drew.D3TPM191\Local Settings\Temp\ie2733.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Drew.D3TPM191\Local Settings\Temp\ie274F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Drew.D3TPM191\Local Settings\Temp\ie2C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Drew.D3TPM191\Local Settings\Temp\ie6C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Drew.D3TPM191\Local Settings\Temp\ie16.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Drew.D3TPM191\Local Settings\Temp\ie26EC.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Drew.D3TPM191\Local Settings\Temp\ie2707.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Drew.D3TPM191\Local Settings\Temp\ie271D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Drew.D3TPM191\Local Settings\Temp\tmp26F0.tmp (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Drew.D3TPM191\Local Settings\Temporary Internet Files\Content.IE5\1ORBIC89\FlashPlayer.v3.294[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Drew.D3TPM191\Local Settings\Temporary Internet Files\Content.IE5\J2W9869R\VirusRemover2008_Setup_Free_en[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Drew.D3TPM191\Local Settings\Temporary Internet Files\Content.IE5\J2W9869R\FlashPlayer.v3.294[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Drew.D3TPM191\Local Settings\Temporary Internet Files\Content.IE5\VD60QXI1\FlashPlayer.v3.294[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Spyware.Passwords) -> Delete on reboot.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msqpdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Drew.D3TPM191\Local Settings\Temp\matrix32946.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-A03.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Drew.D3TPM191\Local Settings\Temp\~tmpa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Drew.D3TPM191\Local Settings\Temp\~tmpb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Drew.D3TPM191\Local Settings\Temp\~tmpc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Drew.D3TPM191\Local Settings\Temp\~tmpd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Hi Skinny_Puppy

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/ww.homepage) - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

After that, please post back a fresh HijackThis log.

Hello shaba, thanks for the response. I downloaded Avast and updated the virus protection software to the most current version. I let the program run at the startup of windows, it found about 20 infected files. They were all deleted.

However though now, after I ran avast on startup. My computer will not start at all. The windows screen loads the OS, and it looks like its going to load the desktop, it logs me off automatically and goes back to the "welcome" screen with my accounts on it. I only have one account, which is me, (Drew). I click on my log on , it will say "loading your personal settings" then a split second later, it will say "logging off" and just stay at the welcome screen. :mad::mad: boy do i hate viruses.

FYI I have tried to boot into safe mode. The problem still exists when i try to log on to my name or the admin for windows XP, it just logs off right after i click on either admin or myself.

Please try use last known good configuration from boot menu and let me know if it helped.

Please try use last known good configuration from boot menu and let me know if it helped.

Unfortunately no , it has the same problem when i try last known good config.

Do you have windows CD handy?

Do you have windows CD handy?

:sad: I sure dont. I was looking for it all over the weekend because i knew it would come down to that. It's been a while since i got the computer, and i have no idea where the CD would be. Is there any way I can make a XP boot CD? I do still have the license key sticker on the side of my computer.

Can you maybe borrow window CD from someone else?

Can you maybe borrow window CD from someone else?

I got a hold of someone that has a XP professional CD, i am not sure if i had professional or not, or if there is a difference. Do you think that would work?

It depends if your computer has home or pro version of XP.

Home version needs home CD and pro version pro CD.

It depends if your computer has home or pro version of XP.

Home version needs home CD and pro version pro CD.

I was able to get a windows professional CD yesterday that also had its own cd key with it. I am not sure however if i have home or pro edition myself. Were you going to have me reformat the computer? Or do you still think there is a way to save the OS?

No, not reformat but do a repair installation.

See here (http://www.michaelstevenstech.com/XPrepairinstall.htm) for instructions and ask if you need before that.

No, not reformat but do a repair installation.

See here (http://www.michaelstevenstech.com/XPrepairinstall.htm) for instructions and ask if you need before that.

I have found out I have windows XP media center edition 2005. I cannot find a CD for the life of me. If i call windows, and I give them the product key, do you think they will send me a replacement? Or do you know anywhere else where I could get one?

That is always worth trying, yes.

Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.