Hijack This Log - Any help would be appreciated

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

You have several different infections going on. This will likely take a few posts to clear up.

---------------------------------------------------------------------------------------------

Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3.....we'll use this shortly.

---------------------------------------------------------------------------------------------

Download combofix.exe to your desktop.

* IMPORTANT !!! Place it on your Desktop.

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK


When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------

Run NoLOP

• First close any other programs you have running as this will require a reboot
• Double click NoLop.exe to run it.
• Now click the button labelled "Search and Destroy"
  <<your computer will now be scanned for infected files>>
• When scanning is finished you will be prompted to reboot only if infected, Click OK
• Now click the "REBOOT" Button.
• A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log in your next reply.
  

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

---------------------------------------------------------------------------------------------

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

MessengerPlus3 - You have installed MessengerPlus3 and contracted a lop infection. Please uninstall MessengerPlus3 using Add/Remove Programs. If the program is a must have, reinstall it and politely decline when asked to install the sponsor's software.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

R3 - URLSearchHook: (no name) - {89BE4D2C-AEC9-A03E-9AFB-87FA39DA3A90} - C:\WINDOWS\system32\tncf.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {D3CE719E-CD2B-98DB-7805-B8891F0E69C5} - C:\WINDOWS\system32\qzs.dll (file missing)
O4 - HKLM\..\Run: [vga slow proxy math] C:\Documents and Settings\All Users\Application Data\Amok Gram Vga Slow\AXIS FLAW.exe
O4 - HKCU\..\Run: [Kyieqrhj] \?hkdsk.exe
O4 - HKCU\..\Run: [Oohs] "C:\DOCUME~1\ADMINI~1\MYDOCU~1\ASKS~1\wowexec.exe" -vt ndrv
O4 - HKCU\..\Run: [svchost] C:\WINDOWS\system32\jvyolx\svchost.exe
O4 - Startup: csrss.lnk = ?
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O20 - AppInit_DLLs: mshta.dll


Close HijackThis now.

---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.


Delete the following if they exist:

C:\Documents and Settings\All Users\Application Data\Amok Gram Vga Slow
C:\Documents and Settings\YOUR USERNAME\Start Menu\Programs\Startup\csrss.lnk
C:\WINDOWS\system32\jvyolx

---------------------------------------------------------------------------------------------

Restart in normal mode.

---------------------------------------------------------------------------------------------

Download fl.zip
Extract the contents to a new folder on your Desktop.
Within the folder, locate & double-click fl.bat.
It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply

---------------------------------------------------------------------------------------------

Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Please return with results from:

C:\NoLOP.txt
C:\ComboFix.txt
C:\findlop.txt
HJT

I'm sorry it has been so long since your reply. I have followed your steps. Thank you. When I reset my computer in Safe Mode I was unable to locate

MessengerPlus3
C:\Documents and Settings\All Users\Application Data\Amok Gram Vga Slow
C:\Documents and Settings\YOUR USERNAME\Start Menu\Programs\Startup\csrss.lnk
C:\WINDOWS\system32\jvyolx

Here are my logs:

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Administrator\Desktop
[29/01/2007]
[3:03:01 PM]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\A6DD4BBD912AC629.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Objtwowindowfast
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Macrovision
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\Skype
C:\Documents and Settings\All Users\Application Data\Pixelstorm
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Nvidia Corporation
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Move Networks
C:\Documents and Settings\All Users\Application Data\Teleca
C:\Documents and Settings\All Users\Application Data\Sony Ericsson
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Mozilla
C:\Documents and Settings\Administrator\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Mail Bike Safe -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Sun
C:\Documents and Settings\Administrator\Application Data\Lavasoft
C:\Documents and Settings\Administrator\Application Data\Macromedia
C:\Documents and Settings\Administrator\Application Data\Apple Computer
C:\Documents and Settings\Administrator\Application Data\Adobe
C:\Documents and Settings\Administrator\Application Data\Adobeum
C:\Documents and Settings\Administrator\Application Data\Symantec
C:\Documents and Settings\Administrator\Application Data\Thunderbird
C:\Documents and Settings\Administrator\Application Data\Teamspeak2
C:\Documents and Settings\Administrator\Application Data\Avg7
C:\Documents and Settings\Administrator\Application Data\Real
C:\Documents and Settings\Administrator\Application Data\Skype
C:\Documents and Settings\Administrator\Application Data\Vlc
C:\Documents and Settings\Administrator\Application Data\Atari
C:\Documents and Settings\Administrator\Application Data\Securom
C:\Documents and Settings\Administrator\Application Data\Leadertech
C:\Documents and Settings\Administrator\Application Data\Revolution
C:\Documents and Settings\Administrator\Application Data\Musicmatch
C:\Documents and Settings\Administrator\Application Data\Installshield Installation Information
C:\Documents and Settings\Administrator\Application Data\Talkback
C:\Documents and Settings\Administrator\Application Data\1clickdvdcopy
C:\Documents and Settings\Administrator\Application Data\Copytodvd -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\?dobe
C:\Documents and Settings\Administrator\Application Data\Slysoft
C:\Documents and Settings\Administrator\Application Data\Teleca
C:\Documents and Settings\Administrator\Application Data\Smith Micro
C:\Documents and Settings\Administrator\Application Data\Ign_dlm

--------------------------------------------------------------------------

"Administrator" - 07-01-29 14:53:07 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Administrator\desktop"
Command switches used :: /v winrbt32 tncf

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\tncf.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\npf.sys
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\WINDOWS\CROSOF~1.NET
C:\qoobox\purity\WINDOWS\MCROSO~1.NET
C:\qoobox\purity\WINDOWS\SKS~1
C:\qoobox\purity\WINDOWS\çSKS~1
C:\qoobox\purity\WINDOWS\FNTS~1
C:\qoobox\purity\WINDOWS\ASEMBL~1
C:\qoobox\purity\WINDOWS\SEMBLY~1
C:\qoobox\purity\WINDOWS\system32\YMANTE~1
C:\qoobox\purity\WINDOWS\system32\DOBE~1
C:\qoobox\purity\WINDOWS\system32\ICROSO~1
C:\qoobox\purity\WINDOWS\system32\MCROSO~1.NET
C:\qoobox\purity\WINDOWS\system32\YSTEM3~1
C:\qoobox\purity\WINDOWS\system32\CURITY~1
C:\qoobox\purity\WINDOWS\system32\FNTS~1
C:\qoobox\purity\WINDOWS\system32\PPPATC~1
C:\qoobox\purity\Program Files\SMANTE~1
C:\qoobox\purity\Program Files\çSKS~1
C:\qoobox\purity\Program Files\YSTEM~1
C:\qoobox\purity\Program Files\MBOLS~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\YMANTE~1
C:\qoobox\purity\Program Files\Common Files\ICROSO~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~1.NET
C:\qoobox\purity\Program Files\Common Files\ICROSO~1.NET
C:\qoobox\purity\Program Files\Common Files\WNSXS~1
C:\qoobox\purity\Program Files\Common Files\TSKS~1
C:\qoobox\purity\Program Files\Common Files\YSTEM3~1
C:\qoobox\purity\Program Files\Common Files\ECURIT~1
C:\qoobox\purity\Program Files\Common Files\SSEMBL~1
C:\qoobox\purity\DOCUME~1\ADMINI~1
C:\qoobox\purity\DOCUME~1\ADMINI~1\Application Data
C:\qoobox\purity\DOCUME~1\ADMINI~1\My Documents
C:\qoobox\purity\DOCUME~1\ADMINI~1\Application Data\from.txt
C:\qoobox\purity\DOCUME~1\ADMINI~1\Application Data\MCROSO~1
C:\qoobox\purity\DOCUME~1\ADMINI~1\Application Data\çSKS~1
C:\qoobox\purity\DOCUME~1\ADMINI~1\Application Data\TSKS~1
C:\qoobox\purity\DOCUME~1\ADMINI~1\Application Data\STEM~1
C:\qoobox\purity\DOCUME~1\ADMINI~1\Application Data\SSEMBL~1
C:\qoobox\purity\DOCUME~1\ADMINI~1\My Documents\from.txt
C:\qoobox\purity\DOCUME~1\ADMINI~1\My Documents\RACLE~1
C:\qoobox\purity\DOCUME~1\ADMINI~1\My Documents\SMANTE~1
C:\qoobox\purity\DOCUME~1\ADMINI~1\My Documents\DOBE~1
C:\qoobox\purity\DOCUME~1\ADMINI~1\My Documents\ICROSO~1
C:\qoobox\purity\DOCUME~1\ADMINI~1\My Documents\CROSOF~1.NET
C:\qoobox\purity\DOCUME~1\ADMINI~1\My Documents\WNSXS~1
C:\qoobox\purity\DOCUME~1\ADMINI~1\My Documents\ASKS~1
C:\qoobox\purity\DOCUME~1\ADMINI~1\My Documents\YSTEM3~1
C:\qoobox\purity\DOCUME~1\ADMINI~1\My Documents\SMBOLS~1
C:\qoobox\purity\DOCUME~1\ADMINI~1\My Documents\FNTS~1
C:\qoobox\purity\DOCUME~1\ADMINI~1\My Documents\àPPATC~1
C:\qoobox\purity\DOCUME~1\ADMINI~1\My Documents\ASKS~1\ASKS~1
C:\qoobox\purity\DOCUME~1\ADMINI~1\My Documents\ASKS~1\wowexec.exe


((((((((((((((((((((((((((((((( Files Created from 2006-12-29 to 2007-01-29 ))))))))))))))))))))))))))))))))))


2007-01-29 14:55 <DIR> d-------- C:\WINDOWS\erdnt
2007-01-27 15:31 <DIR> d--hs---- C:\FOUND.003
2007-01-25 16:31 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-01-14 11:22 <DIR> d-------- C:\Program Files\iPod
2007-01-14 11:19 <DIR> d-------- C:\Program Files\Apple Software Update
2007-01-11 03:00 <DIR> d-------- C:\WINDOWS\ie7updates


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-29 08:01 40 ---hs---- C:\Documents and Settings\Administrator\Application Data\.zreglib
2006-12-12 16:25 2 --a------ C:\WINDOWS\system32\wnsapisv.exe
2006-12-11 05:41 190976 -r-hs---- C:\?hkdsk.exe
2006-12-10 12:50 -------- d-------- C:\Documents and Settings\Administrator\Application Data\ign_dlm
2006-12-06 21:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-03 23:15 737280 --a------ C:\WINDOWS\iun6002.exe
2006-11-22 18:36 3082 --a------ C:\WINDOWS\system32\affv11300p2now.sys
2006-11-11 06:57 356352 --a------ C:\WINDOWS\esellerateengine.dll
2006-11-07 21:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Steam"=""
"Kyieqrhj"="\\?hkdsk.exe"
"Oohs"="\"C:\\DOCUME~1\\ADMINI~1\\MYDOCU~1\\ASKS~1\\wowexec.exe\" -vt ndrv"
"AnyDVD"="E:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"svchost"="C:\\WINDOWS\\system32\\jvyolx\\svchost.exe"
"igndlm.exe"="E:\\Program Files\\FilePlanet\\Download Manager\\DLM.exe /windowsstart /startifwork"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"vga slow proxy math"="C:\\Documents and Settings\\All Users\\Application Data\\Amok Gram Vga Slow\\AXIS FLAW.exe"
"UStorag"="c:\\program files\\u-storage tool2.91\\ustorage.exe sys_auto_run C:\\Program Files\\U-Storage Tool2.91"
"Wise-FTP Scheduler"=""
"URLLSTCK.exe"="E:\\Treadstone Setups\\UrlLstCk.exe"
"MessengerPlus3"="\"E:\\Treadstone Setups\\MsgPlus.exe\""
"DAEMON Tools-1033"="\"E:\\Program Files\\TorrentSpy stuff\\daemon.exe\" -lang 1033"
"AudioDeck"="C:\\Program Files\\VIA Technologies, Inc\\Audio Deck\\ADeck.exe"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mimboot.exe"
"SunJavaUpdateSched"="E:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"AVG7_CC"="E:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"LVCOMS"="C:\\WINDOWS\\system32\\LVComS.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
@=""
"Sony Ericsson PC Suite"="\"E:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"QuickTime Task"="\"E:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"E:\\Program Files\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="mshta.dll "


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="E:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="E:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34c43c65-1d79-11da-a858-000fea1c652e}]
Shell\AutoRun\command I:\setupSNK.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\A6DD4BBD912AC629.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 07-01-29 15:00:02

-----------------------------------------------------------------------

Volume in drive C has no label.
Volume Serial Number is 1F68-17DE

Directory of C:\Documents and Settings\All Users\Application Data

29/12/2004 04:31 PM <DIR> .
29/12/2004 04:31 PM <DIR> ..
30/12/2004 11:31 AM <DIR> ObjTwoWindowFast
31/12/2004 03:40 PM <DIR> Spybot - Search & Destroy
07/01/2005 05:59 PM <DIR> Apple Computer
07/01/2005 05:59 PM <DIR> QuickTime
09/01/2005 03:12 PM <DIR> Macrovision
15/01/2005 03:49 PM <DIR> Symantec
23/01/2005 03:04 PM <DIR> Adobe
25/03/2005 09:12 PM <DIR> AVG7
29/05/2005 08:03 PM <DIR> Skype
21/08/2005 02:10 AM <DIR> pixelStorm
02/10/2005 02:43 PM <DIR> Adobe Systems
09/10/2005 10:14 AM <DIR> Windows Genuine Advantage
27/01/2007 10:20 PM 3,341 QTSBandwidthCache
25/01/2006 06:04 PM <DIR> NVIDIA Corporation
31/03/2006 11:39 PM <DIR> Grisoft
11/11/2006 12:16 AM <DIR> Teleca
11/11/2006 12:16 AM <DIR> Sony Ericsson
11/11/2006 01:36 PM <DIR> TEMP
1 File(s) 3,341 bytes
19 Dir(s) 3,277,111,296 bytes free
Volume in drive C has no label.
Volume Serial Number is 1F68-17DE

Directory of C:\Documents and Settings\Administrator\Application Data

29/12/2004 04:05 PM <DIR> .
29/12/2004 04:05 PM <DIR> ..
29/12/2004 04:05 PM <DIR> Identities
29/12/2004 04:13 PM <DIR> Mozilla
29/12/2004 07:45 PM <DIR> Help
29/12/2004 11:00 PM <DIR> mail bike safe
30/12/2004 12:07 PM <DIR> Sun
31/12/2004 03:47 PM <DIR> Lavasoft
01/01/2005 07:46 PM <DIR> Macromedia
07/01/2005 05:59 PM <DIR> Apple Computer
12/01/2005 06:53 PM <DIR> Adobe
12/01/2005 06:54 PM <DIR> AdobeUM
15/01/2005 03:50 PM <DIR> Symantec
19/01/2005 11:04 PM <DIR> Thunderbird
25/01/2005 10:45 PM 0 dm.ini
25/01/2005 10:45 PM 881 AdobeDLM.log
15/02/2005 07:12 PM <DIR> teamspeak2
25/03/2005 09:12 PM <DIR> AVG7
10/04/2005 02:32 PM <DIR> Real
29/05/2005 08:03 PM <DIR> Skype
21/06/2005 05:42 PM <DIR> vlc
29/06/2005 10:26 AM <DIR> Atari
14/08/2005 09:36 PM <DIR> Leadertech
27/11/2005 04:37 PM <DIR> Revolution
03/12/2005 02:31 PM <DIR> Musicmatch
19/03/2006 10:46 PM <DIR> InstallShield Installation Information
25/03/2006 12:55 PM <DIR> Talkback
15/04/2006 11:01 AM <DIR> 1ClickDVDCopy
15/04/2006 11:43 AM <DIR> CopyToDvd
22/08/2006 02:55 PM <DIR> àdobe
11/09/2006 04:07 PM <DIR> SlySoft
11/11/2006 12:17 AM <DIR> Teleca
03/12/2006 06:10 PM <DIR> Smith Micro
10/12/2006 12:50 PM <DIR> IGN_DLM
2 File(s) 881 bytes
32 Dir(s) 3,277,111,296 bytes free
Volume in drive C has no label.
Volume Serial Number is 1F68-17DE

Directory of C:\Documents and Settings\Default User\Application Data

29/12/2004 04:31 PM 62 desktop.ini
1 File(s) 62 bytes
0 Dir(s) 3,277,111,296 bytes free
Volume in drive C has no label.
Volume Serial Number is 1F68-17DE

Directory of C:\Documents and Settings\NetworkService\Application Data

Volume in drive C has no label.
Volume Serial Number is 1F68-17DE

Directory of C:\Documents and Settings\LocalService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'AppleSoftwareUpdate.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Apple Software Update\SoftwareUpdate.exe'
Parameters: '-Task'
WorkingDirectory: ''
Comment: ''
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 02/02/2007 17:27:00
StartError: 0x80090016
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .....F.
StartDate: 10/01/2006
EndDate: 00/00/0000
StartTime: 17:27
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


--------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:55:21 PM, on 29/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\u-storage tool2.91\ustorage.exe
E:\Program Files\TorrentSpy stuff\daemon.exe
C:\Program Files\VIA Technologies, Inc\Audio Deck\ADeck.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\LVComS.exe
E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
E:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\Program Files\SpywareGuard\dlprotect.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UStorag] c:\program files\u-storage tool2.91\ustorage.exe sys_auto_run C:\Program Files\U-Storage Tool2.91
O4 - HKLM\..\Run: [URLLSTCK.exe] E:\Treadstone Setups\UrlLstCk.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\TorrentSpy stuff\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA Technologies, Inc\Audio Deck\ADeck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVComS.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] E:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [igndlm.exe] E:\Program Files\FilePlanet\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Startup: SMPMEnvSetup.lnk = E:\Treadstone Setups\SMPMEnvSetup.exe
O4 - Startup: SpywareGuard.lnk = E:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - http://www.mtv.com/overdrive/bin/setup.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://famousplayers.zictor.com/Exent/ExentCtl.ocx
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

------------------------------------------------------------------------

Thank you very much :smile:

There are still some nasties onboard, but before we continue, I need a bot more information.

Copy everything inside the quote box below (starting with dir) and paste it into notepad. Go up to "File > Save As" and click the drop-down box to change the "Save As Type" to "All Files". Save it as findfile.bat on your Desktop.

dir C:\?hkdsk.exe /a h > files.txt
notepad files.txt

Click to expand...

Locate findfile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the contents of that Notepad here.

--------------------------------------

Copy an uninstall command:

• Open HiJackThis
• Click on the button " Open the Misc Tools section"
• Click on the Box that says "Open Uninstall Manager"
• Scroll to VSToolbar for Internet Explorer in the list of programs
• Highlight VSToolbar for Internet Explorer , and Copy the Uninstall Command (on the right side of the screen)
• Paste that information in your next reply.

Thank you for your reply Ok, I have the findfile.bat notepad post:

Volume in drive C has no label.
Volume Serial Number is 1F68-17DE

Directory of C:\

11/12/2006 05:41 AM 190,976 ?hkdsk.exe
1 File(s) 190,976 bytes

Directory of C:\Documents and Settings\Administrator\Desktop

--------------------------------------------------------------------

When I went through the uninstall programs list on HJT I was unable
to locate VSToolbar for Internet Explorer.

A screenshot is attached.

Thank you so much.

:redface:

Sorry about that....that was for another thread.

What I need from you is an Uninstall List:

Create an uninstall list:

• Open HiJackThis
• Click on the button " Open the Misc Tools section"
• Click on the Box that says "Open Uninstall Manager"
• Click on the button "Save list"
• Copy and past the List from the notepad file into your post

Not a problem, I'm glad it wasn't that I just couldn't find stuff.

2004 T1Plus with EFILE
AC3Filter (remove only)
Active Ports
Ad-Aware SE Personal
Adobe Acrobat eBook Reader
Adobe Audition 2.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Help Center 2.0
Adobe Photoshop CS
Adobe Photoshop CS2
Adobe Reader 7.0.7
Adobe Stock Photos 1.0
Allofmp3 Explorer
AnyDVD
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HydraVision
AVG Free Edition
Battlefield 2(TM) Demo
BitLord 1.1
ccCommon
DAEMON Tools
DesertCombat 0.7
DesertCombat 0.6F
Disc2Phone
DivX
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD X Copy Platinum 4.0.3
DVD X Rescue
DVDCopy5
Enable S3 for USB Device
ffdshow
FilePlanet Download Manager 2.1
FlashFXP v3
FLV Player 1.3.3
Fraps
GameSpy Arcade
Garfield 25th Anniversary Screen Saver
Garfield Fall Screensaver Screen Saver
Garfield Guide to Cats Screen Saver
Garfields 9 Lives Screen Saver
GearDrivers
Guild Wars
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
IGN Download Manager 2.3.3
iTunes
J2SE Development Kit 5.0 Update 5
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_01
JCreator LE 3.50
LimeWire 4.8.1
LiveReg (Symantec Corporation)
Logitech Pocket Digital
Lyra Personal Audio Player (RD1021/1071/1075)
Macromedia Director MX
Macromedia Extension Manager
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Windows Journal Viewer
Mozilla Firefox (1.5.0.9)
MSN Messenger 7.5
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Musicmatch® Jukebox
Nero 6 Ultra Edition
Nero Burning Rom Screensaver
neXBC 5.0
neXBC 5.0 Alpha
Norton WMI Update
NVIDIA PureVideo Decoder
PCFriendly
QuickTime
RealPlayer
Revolution 2.6.1
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
SereneScene Marine Aquarium 2
Skype 1.2
Sony Ericsson PC Suite 1.20.173
Spybot - Search & Destroy 1.4
SpywareGuard v2.2
StuffIt Standard
The Lord of the Rings Online™: Shadows of Angmar™ v06.11.30.134
Tiffany Screens 1.0
Total Video Converter 3.02
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
U-Storage
VIA Audio Driver Setup Program
VIA Rhine-Family Fast Ethernet Adapter
Wacom Tablet Driver
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinPcap 3.1
WinRAR archiver
Wise-FTP
World of Warcraft
XBC 5.1

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6-windowsi586-p.exe to install the newest version.

• After the install is complete, go back into the Control Panel and double-click the Java Icon.
• Under Temporary Internet Files, click the Delete Files button.
• There are three options in the window to clear the cache - Leave ALL 3 Checked
  • 
    [*]Downloaded Applets
    [*]Downloaded Applications
    [*]Other Files
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

• Install AVG Anti Spyware
• Double-click the icon on Desktop to launch AVG
• On the main Status screen, under Your Computer's Security, click Resident Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• 
  
  We'll use this later.
  ---------------------------------------------------------------------------------------------
  
  Go to My Computer->Tools->Folder Options->View tab:
  * Under the Hidden files and folders heading, select Show hidden files and folders.
  * Uncheck the Hide protected operating system files (recommended) option.
  * Also make sure there is no checkmark beside Hide file extensions for known file types
  * Click Yes to confirm and then click OK.
  
  
  Delete the following files/folders:
  
  C:\?hkdsk.exe<<<this will be a file with a first character which may appear to be a c, but is a cyrillic character. This file was created on 11/12/2006 05:41 AM and is 190,976 bytes in size. You can be sure of this by right-clicking on the file, and selecting Properties.
  
  C:\Documents and Settings\Administrator\Application Data\àdobe<<<Be very careful here. Do not confuse this malware folder with the legit Adobe folder in the same location. The one you want to delete was created on 22/08/2006 02:55 PM Again, check the properties
  
  C:\Documents and Settings\Administrator\Application Data\mail bike safe
  
  
  ---------------------------------------------------------------------------------------------
  
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware with it's updated definitions...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Restart in normal mode.

---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on
   located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on
  then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Please return with results from:

AVG Anti-Spyware
Panda online scan
HJT

How is your system behaving now, please?