its me again...

Why is this PC being run without any protection??? You have no antivirus, no realtime antispyware, and no real bidirectional firewall. And in addition, you Windows software is not updated! No wonder you are so badly infected. If you dod not properly protect your PC this time after malware cleaningis complete, you may be refused help in the future. We do not have the time to continue to help people who refuse to help themselves. It may already be too late for you this time because based on what I see in your logs, you are in big trouble and are probably looking at a total reinstall. You should back up important data now because further cleaning steps may render your PC unbootable since many of your requiree system files are now infected. DO NOT BACK UP anything that is an executable type file as they may be infected.

You need to run MBAM again and update it to the current version then run a new scan and attach the new log.

Then you need to either attach the log from SUPERAntiSpyware if you ran it, or you need to run it and attach the log. Make sure you are using the current version. Click the link in the sticky to see what the current version is. If you are not uring the current version, I will just be asking you to uninstall what you have and use what we have given in the READ & RUN ME.

Also you are not using the current version of MGtools!!!!!!! This is a bad practice. Everything you have is out of date.

The below is an attempt to start cleaning your PC, but this will not fix your infected Windows System files.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java(TM) 6 Update 10

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 - HKCU\..\Run: [nfra] c:\windows\nfra.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O20 - AppInit_DLLs: wmwdrn.dll

NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.
After clicking Fix, exit HJT.

Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Also delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\temp
C:\Documents and Settings\Gaming\Local Settings\temp

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Do you use a Proxy Server to connect to the internet? If not, then you need to change your browser settings so that it is not trying to use a proxy. If you do use a proxy, then you need to make sure the proper values are entered.

Yes Kaspersky is a good AV but none of them are perfect. You may be just as well off with a free antivirus as long as you also implement all other protection methods as mentioned in this: How to Protect yourself from malware!

You still have at least one major malware problem to correct. As I mentioned in my first message you have infected system files. Your userinit.exe file is still infected for sure and the svchost.exe has recently been changed but is the correct size so it may or may not be valid. I suggest that you run the below update for WinXP SP3 to see if we can get the system files problem resolved:

Windows XP Service Pack 3 Network Installation Package

This is a 316 MB file so depending upon your internet connection speed, it will take awhile to download. Save it somewhere safe like to a folder named like below that you create: C:\Downloads\Microsoft\WinXP SP3 Update

Then double click the download to run it. If all goes well, attach a new log from MGtools when finished.