virus killed my internet and taskmanager

ok so i was downloading a keygenerator and instead i got some stupid virus
when i hit generate key it starts installing programs
so i closed everything out and restarted my comp
when it came back up it was running really slow
so i hit ctrl, alt, del and it says taskmanager was disabled by administrator
well i was able to fix that problem but it also killed my internet
now my computer says its connected but it wont receive packets
it can send them though
so i googled it and found some winsock reset thing
and i did that but the internet still does the same thing
its not on a router its just a cable modem
it obviously works because thats what im on now
i have a hijackthis log
but i dont see any problems
but i dont have as many programs running as i did before
can somebody plz help
i want my good computer back


Logfile of HijackThis v1.99.1
Scan saved at 9:23:55 AM, on 9/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O1 - Hosts: http://213.159.117.203/dkprogs/hosts.txt
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {9370EFDE-C0DA-42C9-B609-41C87B462011} - C:\WINNT\system32\vtuttut.dll
O2 - BHO: (no name) - {e2471d8c-4b83-4ed5-919b-16af11a3097c} - C:\WINNT\system32\cmcsmmf.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - file://C:\Program Files\gateway\helpspot\TechTools.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/09f591e74f19ac7...p/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1150164577284
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - file://C:\Program Files\gateway\helpspot\RunExeActiveX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/.../weblaunch.cab
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - https://support.gateway.com/eSupport...weblaunch2.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gateway.com/support/...vest/gwCID.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/act...a/SymAData.dll
O20 - AppInit_DLLs: C:\WINNT\System32\winka.dll c:\winnt\system32\ldcore.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: vtuttut - C:\WINNT\SYSTEM32\vtuttut.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhab32 - C:\WINNT\SYSTEM32\winhab32.dll
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

First can i say, DOH!
Never download keygens, always have viruses.

Second thing, i will look over the Log, and see if i can find something that jumps out at me,.

Dan

Hello Mastaof420.

I do not see any antivirus running on the computer. Why?
Are you able to download anything?
Are you running in normal boot mode?
Please go to Start > Run > type msconfig and click OK!
Select the General tab and select Normal Startup.
Then click Apply and OK and reboot PC before continuing.
Remain in this Normal Startup mode while your PC is being cleaned of malware.

Next go to C:\Program Files\Hijackthis\HijackThis.exe and rename the HijackThis.exe to Analize.exe. This is important as some new forms of malware can hide from HijackThis.

Here are some steps I would like you to follow. If you have problems with any of the move on to the next.

Add/Remove programs:
Quite often many problem programs can be uninstalled just by going to Control Panel and selecting Add/Remove Programs. Doing this before running cleaning procedures may help to give better more complete cleaning results and could even speed things up.

Please download ATF Cleaner by Atribune. ATF Cleaner.exe This program does not require an installation. The executable actually runs the program.

NOTE: ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.
* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.

If you use Firefox browser
* Click Firefox at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
* Click Opera at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

If you don't have Spybot Search & Destroy please download it.Here

* Click the Spybot.exe Icon to start the installation.
* Follow the prompts using the default settings and just click your way through the installer by using the Next button.
* After the installation has finished, you will see a Spybot - Search & Destroy button on your desktop and in your start menu. Click on it to start Spybot-S&D the first time.
* The first time you start Spybot-S&D, it will display a Wizard.
+ It is very important to keep up-to-date. Be sure to check for updates now and use the Immunize feature.
+ I suggest using the Resident SDHelper.
+ Don't activate the TeaTimer which does provide realtime protection but has been problematic.
* After the tutorial has finished, you will find yourself on the Settings or Update page.
+ The left side of the program has a navigation bar that can lead you to all functions of the program.
* Click labeled Spybot-S&D and this leads you to the main page.
* The first button in this toolbar is named Check for problems. That is the button you press to start the scanning. Lean back and watch the scan progress.
+ Once the scan is complete you can distinguish between the red entries, which represent spyware and similar threats, and the green entries, which are usage tracks.
+ All problems displayed in red are regarded as real threats and should be dealt with. For the green entries removal is non-critical, but depends on your personal preferences.
* Now it's time to use the Fix selected problems button. This will remove all threats found.
* Once the cleaning is done exit Spybot.
Note: Some forms of malware can not be removed by Spybot on the first attempt. If this is the case Spybot will ask to remove the entries upon restarting the computer. After restarting the computer run Spybot again. If the problem is still there we will deal with that with special removal tools.

Disable Spybot's TeaTimer so it doesnt interfere with the HijackThis fixes,
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer again once the system is clean.


Download AVG Anti-Spyware saving the installation file to your desktop.

* Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
* Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
* On the main screen select the icon "Update" then select the "Update now" link.
* Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
* Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
* Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
* Under How to scan?
**All checkboxes should be ticked.
* Under "Reports" Select "Automatically generate report after every scan" Also, Un-Select "Only if threats were found".
* Under "What to scan"?
**"Select Scan every file".
* Now close AVG Anti-Spyware and procede to the next set of instructions.

* Reboot your computer into "Safe Mode". You can do this by restarting your computer and continually tapping the "F8" key until a menu appears. Use your arrow key to highlight "Safe Mode" then press "ENTER".
* IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
* Now lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
* Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
* AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
* Once the scan is complete do the following:
* If you have any infections you will prompted, when prompted select "Apply all actions".
* Next select the "Reports" icon at the top.
* Select the "Save Report As" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
* Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Next run HijackThis and post a fresh log along with the AVG log.

ok before i follow the instructions u gave me i just thought u should know what ive already done to fix this
i reinstalled tcp/ip via the insanely long way
i used winsock reset
and netsh reset
i have also run avg like 3 times in normal boot mode
each time it found like 70-90 viruses
the last time i ran it, it found like 17
i fixed the taskmanager by using regedit local machine/micro/windows/currentver/policies/disabletaskmanager
but since i got this virus my computer takes a lot longer to boot up
even though my startups are like 0

Whatever warez\keygen you were trying to use is now working against you. The longer you take to begin removing the infections the more you are open to having your information taken and in turn given away. Traditional removal programs will not clean everything. There will be more steps. I need the logs to know where the infections are.

You need to follow the steps I suggested. Including msconfig\normal boot. Without launching all programs there will be infections we can not see.

The AVG I am asking you to run is AVG Antispy. Are you running this or AVG Antivirus? I did not see any active antivirus in your HijackThis log but did see a Symantec entry.

ATF Cleaner will clear out a lot of junk files and make the scans run much quicker.

Spybot will clean many forms of malware.

AVG will also clean malware but will also produce a log given you follow the directions I suggested. I need this log.

Rename HijackThis (HJT) and post a new log.

There will most likely be more steps.

You have to enable normal boot mode. After removal we will work on getting your system running at optimum speed.

ok i followed your instructions and booted up normal
updated my avg antivirus and spybot sd manually
ive run spybot twice and avg twice, once in normal boot and once in safe mode
i will post my logs when it is finished scanning later on tonight
it takes about 4 hours per scan
i have an 80gig hard drive and its pretty much full i have like 8 gigs left
i havent gotten the atf cleaner yet but i will download it now
ill get avg antispy too
when i boot up in normal mode I get errors that files are missing
and that avg cant verify its electronic certificate
ill msg back with the logs at like 10:00 eastern time
thanks in advance
mike

OK. Let me know if there are any problems.

ok ive been having issues
i dont have any access to my home computer cuz of the network issue
so i have to transfer data back and forth with my psp using it as a flash drive
and i forgot my psp at work last night so i was unable to do anything to the computer
except run avg over and over
i ran it like 6 times and on the last one it came up no threats
same with spybot but there is one thing i cant get to go away: wildtangent
i will have my psp tonight so i will be able to finish
i downloaded avg antispy and installed it and my comp froze when i opened the file
then it said that i couldnt open guard.exe there was an error
so i reinstalled it from scratch and now it stops mid installation with an error
and i cant get it to go on
i ran atf cleaner just once and it made the spybot go much faster
everytime i ran avg antivirus it said i have viruses in my system restore
so i followed basic system restore removal steps
i shut off system restore then ran avg again with it like that and it came up with nothing.
i should also add that when this whole thing started i tried the basic steps of doing a restore and it said i have no valid restore points????? yet i have my last 8 gigs on my harddrive for system restore......freekin microsuck
i also have lavasoft adaware and i was goin to run that today
i noticed that when i boot my computer up in normal mode that the antivirus & antispy
programs dont find anything extra
even though when i click msconfig and startups it says i have like 15 startup programs
and they all came from the virus except avg and norton.
oh and i no longer have norton just a few remaining traces
i had a full paid for version of norton with updates but it is more of a hassle than it is good
im more for performance of my computer so if i have more than 19 programs running at startup shits gotta go :)
oh i wondered how do i get the logs to u do i have to specifically copy and paste them right after the scan or could i go back in the history and find them

Since you have gotten some cleaning done with the virus/malware tools lets go ahead and post a fresh HijackThis log as per the instructions. Copy and paste will be fine.

If you turned off system restore and then turned it back on then you removed all of the restore points.
Be sure to leave it on from here on out. An infected restore point is better then no restore point.
We will toggle that again at the end of cleanup to remove the infected points.

You can use this [url=http://www.thecomputerforums.co.uk/file38.html] Norton Removal Tool[/url to clear out all traces of Norton. But you may want to wait until you have internet on the computer.

Logfile of HijackThis v1.99.1
Scan saved at 11:44:33 AM, on 9/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Prevx2\PXAgent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wbem\csrss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\analyze.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freecreditreport.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {9370EFDE-C0DA-42C9-B609-41C87B462011} - C:\WINNT\system32\vtuttut.dll (file missing)
O2 - BHO: (no name) - {e2471d8c-4b83-4ed5-919b-16af11a3097c} - C:\WINNT\system32\cmcsmmf.dll
O4 - HKLM\..\Run: [csrss] C:\WINNT\system32\wbem\csrss.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - file://C:\Program Files\gateway\helpspot\TechTools.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/09f591e74f19ac7...p/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1150164577284
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - file://C:\Program Files\gateway\helpspot\RunExeActiveX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/.../weblaunch.cab
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - https://support.gateway.com/eSupport...weblaunch2.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gateway.com/support/...vest/gwCID.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/act...a/SymAData.dll
O20 - AppInit_DLLs: C:\WINNT\System32\winka.dll c:\winnt\system32\ldcore.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: vtuttut - vtuttut.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PREVXAgent - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe" -f (file missing)




i dont know if this is all the startup programs that i have
i think there are some things not running
and that iexplorer i cant get to go away
its not an open internet window it just starts up when the comp does
and comes back when u end the task
ill get one more log
ive been having issues with my comp
i downloaded ad aware 2007 and it wont scan
it says the scan is busy
fckin computers its hard to imagine that im A+ certified

Hi. Please do the following.

1. Download this file combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

In the next post please add:
Combofix Log
A Fresh HijackThis Log

ok so i downloaded the combofix
but the link u posted said error 404
so i got it from another link
and when i run it
it comes up with an error notice:

You have used an invalid url to download ComboFix.exe. Please be advised that these are the correct links to use
http://www.techsupportforum.com/sect...s/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


but the first link is where i got it from
does this need internet to work?
but i did get the computer to boot in normal mode with everything running
extremely slow. this is my hijackthis log in normal boot

Logfile of HijackThis v1.99.1
Scan saved at 10:18:01 PM, on 9/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Prevx2\PXAgent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wbem\csrss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINNT\mgrs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Hijackthis\analyze.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freecreditreport.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {9370EFDE-C0DA-42C9-B609-41C87B462011} - C:\WINNT\system32\vtuttut.dll (file missing)
O2 - BHO: (no name) - {e2471d8c-4b83-4ed5-919b-16af11a3097c} - C:\WINNT\system32\cmcsmmf.dll
O4 - HKLM\..\Run: [csrss] C:\WINNT\system32\wbem\csrss.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.4\webbuying.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - file://C:\Program Files\gateway\helpspot\TechTools.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/09f591e74f19ac7...p/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1150164577284
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - file://C:\Program Files\gateway\helpspot\RunExeActiveX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/.../weblaunch.cab
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - https://support.gateway.com/eSupport...weblaunch2.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gateway.com/support/...vest/gwCID.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/act...a/SymAData.dll
O20 - AppInit_DLLs: C:\WINNT\System32\winka.dll c:\winnt\system32\ldcore.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: vtuttut - vtuttut.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PREVXAgent - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe" -f (file missing)