ok did every thing u said everything went away as well except for the entry

O20 - Winlogon Notify: wancp - C:\WINDOWS\SYSTEM32\wancp.dll.tmp

i reposted the new log anyway...but there is still that blue highlight around the icon text and parts of the icon...if i change the background color under the display thing it will change that color...ive tryied the drop shadow thing and it still is blue...i really hope we can get this fixed

1. Please download The Avenger to your Desktop.

• Click on Avenger.zip to open the file
• Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Script file to execute" choose "Input Script Manually".
• Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
• Paste the text copied to clipboard into this window by pressing (Ctrl+V).
• Click Done
• Now click on the Green Light to begin execution of the script
• Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5.

Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply


Run HJT and remove these entries

O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O4 - HKCU\..\Run: [Usrr] "C:\DOCUME~1\Tina\APPLIC~1\MCROSO~1\netdde.exe
O20 - AppInit_DLLs: direct32.dll
O20 - Winlogon Notify: wancp - C:\WINDOWS\SYSTEM32\wancp.dll.tmp


If that O20 - Winlogon still remains aftre you have done the above this should fix it....

Download Ewido Anti-Malware

• Install Ewido Anti-Malware
• Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.

If you are having problems with the updater, you can use this link to manually update Ewido. When you have finished updating, EXIT Ewido.
Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

• In Safe Mode,run Ewido.
• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
• When the scan is complete click Recommended Action and change it to Quarantine
• Then click Apply all actions

Once finished, click the Save report button, then click Save Report As. This will create a text file.
Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.
Please perform another scan with Hijack This, and then post back with a copy of the Ewido log and the new HijackThis log.

ok did what u said..blue is still there...still cant get rid of that wancp.dll.tmp but i posted the logs below

Ok.Avenger has fixed that file so all you have to do now is remove the entry :

O20 - Winlogon Notify: wancp - wancp.dll.tmp (file missing)


Not sure what this blue light is.If none of the below fix it try and see what the guys in the XP forum can come up with.....



Try these options to restore the Desktop.
---------------------------------------------------

Download an run this Background Fixer
-------------------------------------------------------------------------

Run this file.Double click to merge it.
http://www.bleepingcomputer.com/files/reg/smitfraud.reg
----------------------------------------------------------------------
Go to Control Panel > Display Properties. Click the Desktop tab and click the Customize Desktop button. Click the Web tab and make sure all checkboxes in this window are unchecked. If any look a bit odd, check them then uncheck again.
Next, check hidden files and folders
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK

Search for C:\Windows\Web\Desktop.html and delete it if you find it.
Reboot and see if this helps.
----------------------------------------------------
You will find a fix here.Look for item 214 (Windows XP Style Changes )http://www.kellys-korner-xp.com/xp_tweaks.htm
---------------------------------------------------------------------------
Then go here http://www.kellys-korner-xp.com/xp_tweaks.htm and scroll down to line 187. Restore Themes Functionality. Download the regfile, run it and reboot.
------------------------------------------------------------------------

there wasnt a blue light it was the icons looked selected all the time but i fixed it dont worry about it thanks for all your help

Ok.Glad its all fixed..



If you wish to do so, here are a few things that you can do that will help keep your computer a bit more clean and secure..
If you have not already done so, you might want to run Disk Cleanup and run it in each user's profile:
Run Disk Cleanup
Click "Start > Programs > Accessories > System Tools > Disk Cleanup"
Please make sure the following are checked:
-- Downloaded Program Files
-- Temporary Internet Files
-- Recycle Bin
-- Temporary Files
Click "OK" and Disk Cleanup will delete those files for you.

Now that you are clean its now is a good time to flush out your restored files.
To flush the XP System Restore Points:
(Using XP, you must be logged in as Administrator to do this.)
Go to Start>Run and type msconfig Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.
Check the box labeled Turn Off System Restore.
Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.
How Do I Protect My Computer Against Future Malware Now I'm Clean.
NOTE:You may have already taken some of these steps.
Update your anti-virus software & Windows operating system on a daily or weekly basis. Microsoft also distributes updates to its operating systems. These updates fix security holes or other problems that make a computer susceptible to security breaches. How to update your Windows operating system
Know What You're Installing
Check the source.
To avoid malware, make sure your software comes from a reputable source. Be particularly suspicious of sponsored software (software that relies on advertising) or software that claims to speed up your Internet connection.
Use Custom Install.
If you feel comfortable with software installation, you can choose Custom Install (as opposed to Typical Install). Custom Install allows you to select only the software components you wish to install, and leave out others (such as potential spyware).
Modify Security Settings (Internet Explorer 6)
To reduce the risk of installing malware, you can set Internet Explorer to high security mode. To do so:
Open Internet Explorer. Go to Tools > Internet Options?.
On the Internet Options screen, select the Security tab, then select the Internet icon (if it is not already selected).
Under Security level for this zone, click Default Level. Set the slider to High.
Note: You may have to lower the security level to view certain Web sites.
Next, select the Trusted Sites icon. Under Security level for this zone, click Default Level. Set the slider to Medium.
Click Apply, then OK to save the changes.
Some Recommended Protection Programs
Each tool has its own strengths for identifying and removing specific types of malware. To thoroughly check your computer, its recommend that you use more than one malware removal program. Don't forget to back up your data files before starting a scan!
Some available programs are:
Ad-Aware
SpyBot Search & Destroy
Now that you are clean, to help protect your system I recommend that you get the following free programs:
SpywareBlaster to help prevent spyware from installing.
SpywareGuard to catch and block spyware .
IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
WinPatrol to monitor any changes that programs make to the registry.
If you do not have a firewall, here is a free one for personal use:
ZoneAlarm
http://www.zonelabs.com/store/conten..._freedownloads
http://www.zonelabs.com/store/conten...g=en&lid=ho_za

Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
If you want to know just how effective your anti-spyware program is, or how well any of the "rogue" programs listed at the above link work, check this for an independent comparison of several anti-spyware programs:
http://www.spywarewarrior.com/asw-test-guide.htm

Here is a helpful article:
"So how did I get infected in the first place?"
http://www.pchelpforum.com/index.php?page=protect
Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!