I TRIED EVERYTHING--

[justlikeyou]

I think I have a virus from a windows update. IE will not open. Google will not open unless I use Mozilla. My antivir stopped working, etc. I have been trying countless suggestions. I also get this “autorun.inf” file trying to run. I just did a WuAUServ from instructions of Microsoft tech support, but still no IE

Even hijackthis isn’t running properly---

this log had to be copied by THE SNIPPING TOOL and ran thru an OCR program to put it back into text. some text might be mis-spelled or slash missing on the log here that isnt missing or mis-spelled on the original.

also, hijack would not analyze or check any lines to be fixed.

Rl-HKCU\Software\Mcrosoft\Internet Explorer\Main,Default_Page_URL=http:://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW &Loc=ENG_US&Sys=PTB& M=M-1625
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/findink/?LinkId=54896
RI - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...s=PTB&M=M-1625
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Linkld=54896
R1-HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://go.microsoft.com/fwlink/?LinkId=54896
RO - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http:/www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW &Loc=ENG_US&Sys=PTB& M=M-1625
RO - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.h...s=PTB&M=M-1625
RO - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU \Software \MicrosoftWlindows \CurrentVersion \Internet Settings,ProxyServer = http=127.0.0.1:5577
RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
02 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C 2EBDC 3} - C:\program Files\Common Files \Adobe\Acrobat\4ctiveX\4croIEHelperShim.dll
03 -Toolbar: (no name) - {7FEBEFE3 66 19-4349-98D2-FFB09D4649CA} - (no file)
03 -Toolbar: MediaBar - {EE9A420864EC-11DE6440-204256D89593} - C:\program Files\Shareaza Applications \MediaBar \ToolBar \ShareazaMediabarDx.dll
08 - Extra context menu item: Add to Google Photos Screensa&ver - res://C: \Windows\system32\GPhotos.scr/200
09 -Extra button: Blog This - {219034166CB2-491a-A3C7-D9FCDDC9D600} - C:\program Files\Wlindows Live \Writer\WriterBrowserExtension.dll
09 - Extra Tools' menuitem: &Blog This in Windows Live Writer - {2 190 34 166CB2-491a-A3C7-D9FCDDC9D600} - C: \program Files\Windows Live \Writer\1WriterBrowserExtension.dll
09 -Extra button: Send to OneNote - {2670000A-7350-43c6081-5663EEOC6C49} -C: \PROGRA~1\MICROS~3\Officel2\ONBttnlE.dll
09 -Extra Tools' menuitem: S&end to OneNote - {2670000A-7350-43c6081-5663EEOC6C49} -C: \PROGRA~1\ MICROS~3\Officel2\ONBttnlE.dll
09 -Extra button: Research - {92780625-18CC -4108-896E-3C9C 571A8263} -C:\PROGRA~1\ MICROS~3\Office12\REFIEBAR.DLL
016 -DPF: {3EA4FA88-EOBE419A-A732-9679B87A6ED0} (CTVUAxCtrI Object) -http://dl.tvunetworks.comfTVUAx.cab
016 -DPF: {459E9386-150E-45D5-8D4645C66FCO35FE} (get_atIcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.cab
016 -DPF: {73ECB3AA-4717-450C-A2AB-DOODAD9EE203} (GMNRev Class) -http:/)h20270.www2.hp.com/ediags/gmn2jinstall/HPProductDetection2cab
016 -DPF: {8100D56A-5661-4820-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) -http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
016 - DPF: {E2883E8F-472F4FB0-9522-AC96F37916A7} - http://platformdLadobe.com/NOS/getPlusPlus/1.6/gp.cab
016 - DPF: {E2883E8F-472F4FB0-9522-AC96F37916A7} - http://platformdLadobe.com/NOS/getPlusPlus/1.6/gp.cab

Thank You In Advance,

[justlikeyou]

Now your site is playing games. my post was sent to the bottom automatically... arrow to the end of the window of my posted complaint.

[jholland1964]

also, hijack would not analyze or check any lines to be fixed.

You have mis-understood the use of HiJackThis. It DOES NOT analyze. It does not automatically check lines. It is a tool that just scans the computer, it does nothing else.
You didn't post the entire log, the top portion is missing. That would be the part that looks like this:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:19:59 AM, on 03/07/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Shaw Secure\Common\FSM32.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Bradley\AppData\Local\Google\Update\1.2.1 83.29\GoogleCrashHandler.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

We have to see EVERYTHING because each portion gives information so at least 1/2 of the info we need to see isn't there. There are also no O4 listings, no O20 and no O23's.
I can't give any recommendations or steps until we see the full log.
What version did you run? The current version is 2.0.4 anything other than that is useless.
I have a feeling that you didn't allow the HJT program to fully run. When fully run the log will automatically open in Notepad.

If all you saw is what is showing here



then the program was not finished running. Please run it again, click Save the log and save it to the desktop.
Open it up, click Edit, Select All, copy. Then open a reply here and paste the log here.

[justlikeyou]

thanks for the reply.

yes, i might have an old version.

i will go at it now!

[justlikeyou]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:14 AM, on 7/12/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.ex e
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\msconfig.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...s=PTB&M=M-1625
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...s=PTB&M=M-1625
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...s=PTB&M=M-1625
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.h...s=PTB&M=M-1625
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5577
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\Program Files\Shareaza Applications\MediaBar\ToolBar\ShareazaMediabarDx.d ll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

--
End of file - 4970 bytes

[jholland1964]

That is still the old version and the log is incomplete. You need version 2.0.4
Please begin by following all the steps given HERE
Post back with all logs from requested programs. Please have each tool fix or remove all items found.

[justlikeyou]

11. I could not find hijackthis version 2.04. when I clicked on your link it did not direct me anywhere. I went to hijackthis.com and it gave me the 2.02 version.
2. I did copy ATI Cleaner to the desktop but it wont run.
3. The instructions mentions ADD/REMOVE is that the same as PROGRAM FEATURES?
4. In PROGRAM FEATURES, the UNINSTALL service the only odd program is BROWSER ADDRESS ERROR REDIRECTOR, which I had renamed (sometime ago) rocXXBrowser…. I don’t know how to change the name back, that is, delete the rocXX. I did not uninstall this program.
5. I did get hijackthis, eset mbam and uninstall from hijackthis text logs, but none would upload. All reported failed. So I copied them as you can see.
6. Went to turn MS SECURITY ESSENTIALS back on and found it was already on. I had turned it off by task manager.
7. During the cleaning process, I wasn’t asked to
a. Safe boot
b. Enable hidden files, or
c. Disable SYSTEM RESTORE

8. IE ran then crashed and i could not get it going again.
9. google earth started, it too wasnt working.
10. google maps still isnt working. it says "windows cant find http\map.google etc."
i didnt try all the other desktop stuff.


Thank You In Advance,

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4305

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/12/2010 1:39:56 PM
mbam-log-2010-07-12 (13-39-56).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 332650
Time elapsed: 1 hour(s), 51 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESET

C:\Program Files\Windows Cannot Find Fix Wizard\CannotFindFixWizard.exe a variant of Win32/SecurityStronghold application
C:\Users\Dennis\Documents\Downloads\WindowsCannotF indFixWizard(2).exe a variant of Win32/SecurityStronghold application
C:\Users\Dennis\Documents\Downloads\WindowsCannotF indFixWizard.exe a variant of Win32/SecurityStronghold application


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:14 AM, on 7/12/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.ex e
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\msconfig.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...s=PTB&M=M-1625
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...s=PTB&M=M-1625
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...s=PTB&M=M-1625
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.h...s=PTB&M=M-1625
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5577
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\Program Files\Shareaza Applications\MediaBar\ToolBar\ShareazaMediabarDx.d ll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

--
End of file - 4970 bytes


uninstall/hijackthis

3ivx D4 4.5.1 Decoder (remove only)
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Acrobat Reader 3.0
Adobe Acrobat Reader 3.01
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
a-squared Free 4.5
AVIConverter 3.0
BigFix
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
ESET Online Scanner v3
Gateway Connect
Gateway Games
Gateway Recovery Center Installer
Google Apps
Google Desktop
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Product Detection
IDT Audio
IrfanView (remove only)
iTunes
Java(TM) 6 Update 15
Junk Mail filter update
LabelPrint
Malwarebytes' Anti-Malware
Media Player Codec Pack 3.9.5
MediaBar
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Choice Guard
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Security Essentials
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.6.6)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Law Library 1000
MWSnap 3
Netscape Navigator
OGA Notifier 2.0.0048.0
PhoTags Express
Photo Explosion Deluxe
Picasa 3
PicturePaste
Picturetrail Photo Editor 2.1.0.0
QuickTime
RealPlayer
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek USB 2.0 Card Reader
REALTEK USB Wireless LAN Driver
RealUpgrade 1.0
rocXXBrowser Address Error Redirector
Safari
ScanSoft OmniPage Pro 14.0
ScanSoft PDF Converter
ScanSoft PDF Printer
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Shareaza
Spelling Dictionaries Support For Adobe Reader 8
Spine Sticky 07
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Veoh Video Compass
Veoh Web Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer

[jholland1964]

Here is the proper link for HiJackThis version 2.0.4 Please uninstall that old one you have and download the new one.
The old one doesn't work properly with Vista.
http://free.antivirus.com/hijackthis/

ATI Cleaner is NOT the correct program. Here is the correct program it is ATF-Cleaner
http://www.atribune.org/index.php?op...d=25&Itemid=25

Please UNINSTALL Shareaza. P2P file sharing is very likely how you got infected in the first place.

[justlikeyou]

I re-ran it all
1. Opened all hidden files
2. Expunged RESTORE
3. Ran ATF CLEANER
4. Ran MALICIOUS REMOVAL
5. SHAREEZA is deleted
6. And here are the four logs:

[jholland1964]

You STILL don't have the correct version of HiJackThis and it still is incomplete, there is nothing showing below the O16 entries and there should be many others showing. You need version 2.0.4
I gave you the link in my post #8
Did you tell ESET scanner to clean what it found? If not please run it again and this time have it clean.
Also please do not attach logs, our instructions say very clearly copy/paste.
You also don't have an anti-virus program installed on there and unless you are using the Windows Firewall I don't see a firewall either.