[lyonsb]

Hi, first, the AVG Anti-Spyware log is shown below:

________________________________________________________________________________

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 03:00:54 11/02/2007

+ Scan result:



C:\Program Files\HJT\backups\backup-20070211-013659-470.dll -> Adware.Delfin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\VCCPGDATAACCESS.PgDataAccessCtrl.1 -> Adware.Delfin : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-828683821-3936211242-4230619298-1006\Dc5.#xe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
HKU\S-1-5-21-828683821-3936211242-4230619298-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1412445-4FF8-410E-8D24-F2CF86B171A4} -> Adware.Generic : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-828683821-3936211242-4230619298-1006\Dc4\VSAdd-in.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).


::Report end
___________________________________________________________________________________

Next is the WinDelf log...

WIN32DELFKIL LOGFILE - by Marckie


version 3.124
11/02/2007 1:51:00.82
running from: "C:\Documents and Settings\Bradley\Desktop"


--- File(s) found in Windows directory ---
gc404.cnf
gsc404.cnf

--- File(s) found in system32 folder ---

--- Services ---

--- Export SharedTaskScheduler key ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00404}"="z"



--- sharedtaskkey (1): A4F94C0C-54A7-4DB1-9AF3-B22E63D00404 ---
no keys found

--- Notify key ---


--- rebooting the computer ---


--- File(s) found in Windows directory ---

--- File(s) found in system32 folder ---

--- Services ---

--- Export SharedTaskSchedulerkey ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"



--- Notify key ---

Finished!
____________________________________________________________________

Now, when choosing the processes to fix in HJT, I did not choose lfs.exe, as I know that is a safe program. It is a racing simulator that I have installed on my computer.

Also, when you asked me to delete the 8 files or folders, I could not find:

C:\WINDOWS\system32\nfom.dll
C:\WINDOWS\system32\nfo.ocx

In addition to this, when I opened the Host program you asked me to download, it came up with an error message, and when i tried to restore the original .hosts file, it also came up with an error, both are attached to this post.
_____________________________________________________________________________
Panda Log


Incident Status Location

Adware:adware/delfinmedia Not disinfected c:\windows\system32\vidmon
Adware:adware/savenow Not disinfected Windows Registry
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\aafolpbm.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\bbllnrqq.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\bpchwhnf.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\brnlnkhh.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\ejurwvuw.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\gcqxlanb.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\hpcmibca.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\hswklsdy.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\iigthkrs.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\kqbyciqe.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\lujatfha.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\mbjpeeud.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\mnbknmau.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\mwddgqvf.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\neacpcwg.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\prgvogeq.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\qjmgqhju.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\qstuyept.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\riwjqpsd.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\wosswqff.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\wqahyauv.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\xmysmlgy.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Roguescanfix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\process.exe

____________________________________________________________________
And lastly, the new HJT log


Logfile of HijackThis v1.99.1
Scan saved at 11:53:26, on 11/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\TGVFDMsgservice.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HJT\Fix.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [TGX2_VFD] "C:\WINDOWS\system32\TGVFDMsgservice.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [workflow] E:\installs\workflow.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: services.lnk = ?
O4 - Global Startup: CPRun.lnk = C:\Freeline\CPRun.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

__________________________________________________________________

Thanks Kahdah,

Brad

Attached Files

•  hosterror1.bmp   191.9KB   110 downloads

Edited by lyonsb, 11 February 2007 - 05:54 AM.

[Advertisements]

This second error screenshot would not fit in my first post, so here it is:

Thanks

Brad

Attached Files

•  hosterror2.bmp   331.94KB   112 downloads

[lyonsb]

This second error screenshot would not fit in my first post, so here it is:

Thanks

Brad

Attached Files

•  hosterror2.bmp   331.94KB   112 downloads

[kahdah]

Hello lyonsb

You are doing a great job.

as I know that is a safe program. It is a racing simulator that I have installed on my computer.

No problem.
The reason I said to delete it was because DR.Web found it to be a possible trojan downloader.

LFS.exe;C:\Documents and Settings\Bradley\Desktop\LFS_S2_ALPHA_U;Probably DLOADER.Trojan;;

We must disable the Real-Time Protection feature of Windows Defender for it may interfere with the changes we need to make.

To disable Real-Time Protection:

• Go to "Tools" | "General Settings"
• Scroll down to "Real-time protection options"
• Uncheck "Turn on real-time protection (recommended)"
• Remember to reactivate this feature when we have finished all our work.

=================================
After that please Go to start > run and type: cmd
This should open the command prompt Window (A black Window)

In the command prompt Window type the following commands:

assoc .reg=regfile Hit enter

ftype regfile=regedit.exe "%1" Hit enter

there should be a space between assoc and .reg
there should be a space between regedit.exe and "%1"

Then close the command prompt by typing exit or just close it using the x in the corner.

Then try the reg fix again.
Directions:
Please open up Notepad and make sure to copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fix.reg on your Desktop.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"winlogon"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"winlogon"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoAdminPage"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000

Now double-click fix.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.


After that please [*]reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
Choose your usual account.

Then using Windows Explorer (to get there Right click on Start and click Explore)
Locate and delete these files\folders:

c:\windows\system32\vidmon
C:\!KillBox
C:\Program Files\Roguescanfix
C:\WINDOWS\system32\process.exe

Close Windows Explorer.

Then try to run Hosts Expert again:
Open up the HostsXpert 3.7 - Hosts File Manager program.

• Make sure that the "make hosts writable?" button in the upper right corner is enabled.
• Click back up Host files
• then click Restore orginal host files
• close program

After all of that please reactivate your Windows Defender software.

To enable Real-Time Protection:

• Go to "Tools" | "General Settings"
• Scroll down to "Real-time protection options"
• check "Turn on real-time protection (recommended).

Reboot and post back with how things went and a new Hijackthis log.
Let me know if the Hosts Expert tool runs please and if the reg fix works this time.
Thank you.

[lyonsb]

Hi, nice one, the fix.reg worked, and so did the Hosts Expert

All the files you asked to be deleted were also found and removed.

Below is a fresh HJT log:
__________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 11:28:00, on 12/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\TGVFDMsgservice.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HJT\Fix.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [TGX2_VFD] "C:\WINDOWS\system32\TGVFDMsgservice.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [workflow] E:\installs\workflow.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: services.lnk = ?
O4 - Global Startup: CPRun.lnk = C:\Freeline\CPRun.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

___________________________________________________________________________

Lastly,my computer has been really unstable over the last few days, freezing up when i change windows sometimes, or just randomly, so i have to manually power off the computer. I think this may or may not be because of the virus, because I installed an extra gig of RAM a few days ago, so im not sure if the RAM is slightly faulty, or there is something on my system that is clogging it up, and over working it, because my temps arnt too bad, although my harddrive has temps of over 60-65c, ive been told by the the manufacturer, Maxtor, that it is normal, but im wondering, if its at 65c idle, when im playing games, doing coursework etc, surely it would go up, and maybe the prolonged high temperatures have reduced its 'stability', or maybe its just the RAM is there any way I could test the ram?

Thanks Kahdah,

Brad

Oh btw: I didnt disable real time protection on windows defender, because, for some reason I couldnt install it, as I mentioned in one of the posts above, I also attached a screenshot if you wanted to find out why it wouldnt install and the error it created

http://www.geekstogo...s...st&p=903405

^^that is the link to the post where i mentioned and posted a screenshot about WD if you wanted to check it out.

Thanks.

Edited by lyonsb, 12 February 2007 - 06:46 PM.

[kahdah]

Hello again lyonsb

Please re-open Hjthis and hit scan only.
Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

O4 - Startup: services.lnk = ?

Now close Hjt.


After that I will need you to download ONE firewall and install it.
Here are some free ones to use.
Kerio personal firewall
or
Zone Alarm.
This link will explain how to use firewalls to better understand them, Firewall tutorial


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.

After that please Delete any tools that I had you download.
Delete anything in Quarantine in AVG Anti-spyware.

***Empty your recycle bin***

Then please clean up your System Restore points.
To do this:
(Windows XP)
1. Turn off System Restore.Click on *Start
Right-click *My Computer
Click *Properties
Click the *System Restore tab
Check *Turn off System Restore
Click *Apply, and then click *OK.
2. Reboot.

3. Turn ON System Restore.Click on *Start
Right-click *My Computer
Click *Properties
*UN-Check *Turn off System Restore*
Check *Turn on System Restore
Click *Apply, and then click *OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405

is there any way I could test the ram?

There are tools that you can download to test your computer memory.
Go Here
And try that tool.

If you keep having problems you can try posting in the Windows XP forum here at G2Go.
They may be able to help.

As I see nothing that is Malware related in your logs
Your all set.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Ad-Aware-Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Sywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Cleanup-Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Google- Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.

Trillian or Miranda-These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

Castle Cops To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

If you have any further problems please feel free to contact G2Go.

[lyonsb]

Ok, thanks alot for your help, again, kahdah