Microsoft Outlook Error

[MuHaxor]

When i run my Microsoft Outlook i have a runtime error message and can't access my mail. It says "Microsoft Visual C++ Runtime Library" in the title and the description is "The application has requested to close in an unusal way ETC..."

It may have occurred over night when i left it on Downloading.
I really need help installing/fixing it

Thanks

[guestolo]

I'm just stepping out for a bit but see if this is any help
http://support.microsoft.com/?kbid=325117

Additionally,
Seen that error when the user had an old Google toolbar installed
But it was related too Internet Explorer

[MuHaxor]

Hi thanks for that i checked out the Microsft Help section and it seemed to be the sort of error that i am experiencing but the difference is the message comes up as soon as Outlook opens i cant click File Tools Help (along the top) etc when i click ok Outlook just closes. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />

any help would be good

Thanks

[guestolo]

What are you using for a virus scanner?
Do you have Norton Anti-Spam installed?

[guestolo]

Actually, If I can just get you to show me a hijackthis log, it may be of some help
Take a look at this link

I'll be back later to see how it looks

[MuHaxor]

This is the "log" i think i did everything right.
In regards to your previuos question i dont have Norton Anti-Spam
and by the way it might help you to know my Firewall and AntiVirus (both Norton) are screwing up and not working. Theres probably a link between that and my Outlook Errors?




Logfile of HijackThis v1.99.1
Scan saved at 7:06:38 AM, on 31/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Permeo\e-Border Driver\s5credmgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.usdgcolnzohsbsktj.uk/CAxDu12zOB...Fu4vehRsbg.html
R3 - Default URLSearchHook is missing
O1 - Hosts: 67.15.126.34 www.japsclan.com
O1 - Hosts: 67.15.126.34 www.japsclan.info
O1 - Hosts: 67.15.126.34 japsclan.info
O1 - Hosts: 67.15.126.34 japsclan.com
O1 - Hosts: 67.15.126.34 irc.japsclan.com
O1 - Hosts: 67.15.126.34 www.japsclan.us
O1 - Hosts: 67.15.126.34 japsclan.us
O1 - Hosts: 67.15.126.34 www.japsclan.org
O1 - Hosts: 67.15.126.34 japsclan.org
O1 - Hosts: 67.15.126.34 rxp-clan.us
O1 - Hosts: 67.15.126.34 www.rxp-clan.us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SS SS Plugin - {1D1B2879-99FF-11E3-8D96-D7ACAC95952A} - C:\WINDOWS\system32\svchosttwb.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\system32\navshext.dll (file missing)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
O4 - HKLM\..\Run: [e-Border Credential] C:\Program Files\Permeo\e-Border Driver\s5credmgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [axispoke] C:\DOCUME~1\Owner\APPLIC~1\4SOFTB~1\Longdrvbleh.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://www.braustfair.dyndns.org:205/activex/AMC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[guestolo]

I would definitely say there's a link between that error and Nortons

Is your subscription to Norton's still valid?

Can you do the following please, you show signs of Perfectkeylogger on your computer
as well as other problems

Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as findjobs.bat
Save this file on the desktop

 

Code: [Select]

dir %Windir%\tasks /a h > files.txt
notepad files.txt

Double click on findjobs.bat
A text file will open, can you copy and paste the contents back here please

Could you also, Open Hijackthis>>Open Misc tools section
Open the Uninstall manager>>
Click the SAVE LIST button
Save the list to desktop and copy and paste back here the contents

[Guest]

bump

1. No the Norton ran out and we instantlly got the Virus/Bug/Glitch
2. This is the findjobs.bat

 Volume in drive C is PRESARIO
 Volume Serial Number is 1C7C-D138

 Directory of C:\WINDOWS\tasks

26/10/2005  06:21 PM    <DIR>          .
26/10/2005  06:21 PM    <DIR>          ..
31/10/2005  06:00 PM               266 A90417EB918B8FDB.job
31/10/2005  06:00 PM               262 ACC8FC8C93E770D0.job
23/09/2002  02:29 PM                65 desktop.ini
31/10/2005  03:11 PM                 6 SA.DAT
31/10/2005  09:06 AM               366 Symantec NetDetect.job
               5 File(s)            965 bytes

 Directory of C:\Documents and Settings\Jack\Desktop




3. This is uninstall list

Adobe Acrobat 5.0
Ahead InCD
avast! Antivirus
AXIS Media Control
Black and White
Canon MP Drivers
Coloreal
Conflict Desert Storm II
Dark Orbit
Driver Detective
DynSite 1.11
Game Maker 6.0
GameArena The Arena
Half-Life® 2
HijackThis 1.99.1
Inactive HP Printer Drivers (Remove only)
Inactive HP ScanJet Drivers (Remove only)
Intel® Extreme Graphics Driver Software
iPod Updater 2004-11-15
iTunes
J2SE Runtime Environment 5.0 Update 2
LiveUpdate 1.90 (Symantec Corporation)
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 2.0 Beta 2
Microsoft Office XP Professional
Microsoft Picture It! Photo 7.0
Microsoft Plus! Dancer LE
Microsoft Web Publishing Wizard 1.53
Microsoft Windows Journal Viewer
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Mozilla Firefox (1.0.7)
MSN Messenger 7.5
Mu
Need2Find Bar
Network Play System (Patching)
NVIDIA Drivers
NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
OIN
Permeo e-Border Driver 3.5.1
Pig Pen
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RecordNow Update Manager
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Shockwave
simpsons350thss.exe
simpsonsaniss.exe
Skype 1.4
Spybot - Search & Destroy 1.4
Steam(tm)
System Process
The Battle for Middle-earth (tm)
The Sims 2
TI InterActive!™ Icons and Bitmaps
TwistedBrush
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
USB Storage RW
Virtual Warfare
Weatherscope
WildTangent Channel Manager
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip

[MuHaxor]

bump

The guest was me forgot to log in  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />

1. No the Norton ran out and we instantlly got the Virus/Bug/Glitch
2. This is the findjobs.bat

Volume in drive C is PRESARIO
Volume Serial Number is 1C7C-D138

Directory of C:\WINDOWS\tasks

26/10/2005 06:21 PM <DIR> .
26/10/2005 06:21 PM <DIR> ..
31/10/2005 06:00 PM 266 A90417EB918B8FDB.job
31/10/2005 06:00 PM 262 ACC8FC8C93E770D0.job
23/09/2002 02:29 PM 65 desktop.ini
31/10/2005 03:11 PM 6 SA.DAT
31/10/2005 09:06 AM 366 Symantec NetDetect.job
5 File(s) 965 bytes

Directory of C:\Documents and Settings\Jack\Desktop




3. This is uninstall list

Adobe Acrobat 5.0
Ahead InCD
avast! Antivirus
AXIS Media Control
Black and White
Canon MP Drivers
Coloreal
Conflict Desert Storm II
Dark Orbit
Driver Detective
DynSite 1.11
Game Maker 6.0
GameArena The Arena
Half-Life® 2
HijackThis 1.99.1
Inactive HP Printer Drivers (Remove only)
Inactive HP ScanJet Drivers (Remove only)
Intel® Extreme Graphics Driver Software
iPod Updater 2004-11-15
iTunes
J2SE Runtime Environment 5.0 Update 2
LiveUpdate 1.90 (Symantec Corporation)
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 2.0 Beta 2
Microsoft Office XP Professional
Microsoft Picture It! Photo 7.0
Microsoft Plus! Dancer LE
Microsoft Web Publishing Wizard 1.53
Microsoft Windows Journal Viewer
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Mozilla Firefox (1.0.7)
MSN Messenger 7.5
Mu
Need2Find Bar
Network Play System (Patching)
NVIDIA Drivers
NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
OIN
Permeo e-Border Driver 3.5.1
Pig Pen
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RecordNow Update Manager
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Shockwave
simpsons350thss.exe
simpsonsaniss.exe
Skype 1.4
Spybot - Search & Destroy 1.4
Steam™
System Process
The Battle for Middle-earth ™
The Sims 2
TI InterActive!™ Icons and Bitmaps
TwistedBrush
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
USB Storage RW
Virtual Warfare
Weatherscope
WildTangent Channel Manager
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip

[guestolo]

Very sorry for the delay

Can you do the following please

Access your Add/Remove programs and do the following
Remove
Need2Find Bar

Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as remjob.bat
Save this file on the desktop

Code: [Select]

%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h A90417EB918B8FDB.job
attrib -r -s -h ACC8FC8C93E770D0.job
del A90417EB918B8FDB.job
del ACC8FC8C93E770D0.job
Doubleclick on remjob.bat. A doswindow will open and close

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.usdgcolnzohsbsktj.uk/CAxDu12zOB...Fu4vehRsbg.html
R3 - Default URLSearchHook is missing
O1 - Hosts: 67.15.126.34 www.japsclan.com
O1 - Hosts: 67.15.126.34 www.japsclan.info
O1 - Hosts: 67.15.126.34 japsclan.info
O1 - Hosts: 67.15.126.34 japsclan.com
O1 - Hosts: 67.15.126.34 irc.japsclan.com
O1 - Hosts: 67.15.126.34 www.japsclan.us
O1 - Hosts: 67.15.126.34 japsclan.us
O1 - Hosts: 67.15.126.34 www.japsclan.org
O1 - Hosts: 67.15.126.34 japsclan.org
O1 - Hosts: 67.15.126.34 rxp-clan.us
O1 - Hosts: 67.15.126.34 www.rxp-clan.us

O2 - BHO: SS SS Plugin - {1D1B2879-99FF-11E3-8D96-D7ACAC95952A} - C:\WINDOWS\system32\svchosttwb.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)

O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\system32\navshext.dll (file missing)

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe

O4 - HKCU\..\Run: [axispoke] C:\DOCUME~1\Owner\APPLIC~1\4SOFTB~1\Longdrvbleh.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Restart your computer

Back in Windows

Download and InstallAd-Aware SE Personal 1.06
Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates
After Ad-aware had been installed and updated I need you to do the following
Follow the link to download and install
VX2 Cleaner Plug-in.

After the plugin is installed please do the following

Run Ad-Aware
Click on Add-ons in the lefthand column.  Select VX2 Cleaner V2.0 and click Run Tool.  Click "OK", then, if something is found, click "Clean" as in the directions given.  Click "Close", and exit Ad-Aware.

Reboot your PC
If nothing is found by VX2 Cleaner
I need you too do the following anyways
Run Ad-Aware again.  This time, click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next.  Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects").  Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK".  Exit Ad-Aware and restart your PC once again.

When Ad-Aware starts up, click on "Start", then "Next".  Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.

After the above is done

One more scan please
==Download and then Install
Ewido Security Suite

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, IF you get a warning "Database could not be found!". Click OK. We'll fix that next
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

Restart your computer again

Back in Windows, can you post the following
A fresh hijackthis log
The report from Ewidos
Double click on findjobs.bat again and post the whole contents

[MuHaxor]

Bump

OK When doing the thing in HijackThis the followning i couldn't find:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.usdgcolnzohsbsktj.uk/CAxDu12zOB...Fu4vehRsbg.html
O2 - BHO: SS SS Plugin - {1D1B2879-99FF-11E3-8D96-D7ACAC95952A} - C:\WINDOWS\system32\svchosttwb.dll
O4 - HKCU\..\Run: [axispoke] C:\DOCUME~1\Owner\APPLIC~1\4SOFTB~1\Longdrvbleh.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA

not sure why?


1. This is the scan in Ewidos

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         8:13:54 PM, 2/11/2005
 + Report-Checksum:      6276C3F5

 + Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B} -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}\TreatAs\\ -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\CLSID -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\CLSID\\ -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\CurVer -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin.1 -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin.1\CLSID\\ -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin\CLSID -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin\CLSID\\ -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin\CurVer -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin.1 -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin.1\CLSID\\ -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Classes\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\HbTools -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\HbTools\HbTools -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\HbTools\HbTools\PI -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\HbTools\HbTools\PI\3.2 -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\HbTools\Hotbar -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\HbTools\Hotbar\Install -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
   HKU\S-1-5-21-3305781904-3999868759-2749077437-1006\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{946B3E9E-E21A-49c8-9F63-900533FAFE14} -> Spyware.HotBar : Cleaned with backup
   HKU\S-1-5-21-3305781904-3999868759-2749077437-1006\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{E77EDA01-3C56-4a96-8D08-02B42891C169} -> Spyware.HotBar : Cleaned with backup
   HKU\S-1-5-21-3305781904-3999868759-2749077437-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{74CC49F7-EB32-4A08-B204-948962A6E3DB} -> Spyware.HotBar : Cleaned with backup
   HKU\S-1-5-21-3305781904-3999868759-2749077437-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{74CC49F7-EB32-4A08-B204-948962A6E3DB} -> Spyware.HotBar : Cleaned with backup
   HKU\S-1-5-21-3305781904-3999868759-2749077437-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
   HKU\S-1-5-21-3305781904-3999868759-2749077437-1006\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
   HKU\S-1-5-21-3305781904-3999868759-2749077437-1006\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
   HKU\S-1-5-21-3305781904-3999868759-2749077437-1006\Software\ShopperReports -> Spyware.HotBar : Cleaned with backup
   HKU\S-1-5-21-3305781904-3999868759-2749077437-1006\Software\ShopperReports\ShopperReports -> Spyware.HotBar : Cleaned with backup
   HKU\S-1-5-21-3305781904-3999868759-2749077437-1006\Software\ShopperReports\ShopperReports\PostInstaller -> Spyware.HotBar : Cleaned with backup
   :mozilla.6:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.7:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.8:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.9:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.10:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.11:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.12:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.13:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.14:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.15:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.25:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.26:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.27:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.28:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.41:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.44:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
   :mozilla.45:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
   :mozilla.78:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
   :mozilla.117:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
   :mozilla.125:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
   :mozilla.128:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
   :mozilla.136:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
   :mozilla.147:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.148:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.149:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.150:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.153:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
   :mozilla.156:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.173:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   :mozilla.180:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
   :mozilla.205:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
   :mozilla.270:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.271:C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\c36k5ykg.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   C:\Documents and Settings\Jack\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\Jack\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Jack\Cookies\jack@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
   C:\Documents and Settings\Jack\Cookies\jack@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   C:\Documents and Settings\Jack\Desktop\ElFerProxy214.rar/ElFerProxy214\ElFerProxy214.exe -> TrojanProxy.VB.g : Cleaned with backup
   C:\Documents and Settings\Jack\Desktop\ElFerProxy214.rar/ElFerProxy214\InvisibleProxy.exe -> TrojanSpy.SCKeyLog.y : Cleaned with backup
   C:\Documents and Settings\Jack\Desktop\Mu Servers\Server\MU0_96y_full(Chs).zip/Service.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\Content.IE5\856BC9EB\ibar[1].js -> TrojanDownloader.IstBar.ad : Cleaned with backup
   C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\Content.IE5\A4Q31VWJ\ysb_prompt[1].htm -> TrojanDownloader.IstBar.j : Cleaned with backup
   C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\Content.IE5\S5GDQRCT\ysb_prompt[1].htm -> TrojanDownloader.IstBar.j : Cleaned with backup
   C:\Documents and Settings\Jack\My Documents\MUONLINE\MU ONLINE HACKS\ElFerProxy214\InvisibleProxy.exe -> TrojanSpy.SCKeyLog.y : Cleaned with backup
   C:\Documents and Settings\Jack\My Documents\MUONLINE\MU ONLINE HACKS\My Mu Hack\ElFerProxy214\InvisibleProxy.exe -> TrojanSpy.SCKeyLog.y : Cleaned with backup
   C:\Documents and Settings\Jack\My Documents\MUONLINE\MU ONLINE HACKS\My Mu Hack\ElFerProxy214.rar/ElFerProxy214\ElFerProxy214.exe -> TrojanProxy.VB.g : Cleaned with backup
   C:\Documents and Settings\Jack\My Documents\MUONLINE\MU ONLINE HACKS\My Mu Hack\ElFerProxy214.rar/ElFerProxy214\InvisibleProxy.exe -> TrojanSpy.SCKeyLog.y : Cleaned with backup
   C:\Documents and Settings\Jack\My Documents\MUONLINE\MU ONLINE HACKS\My Mu Hack\Hack\ElFerProxy214\InvisibleProxy.exe -> TrojanSpy.SCKeyLog.y : Cleaned with backup
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
   C:\Documents and Settings\Trudi\Application Data\ShopperReports -> Spyware.HotBar : Cleaned with backup
   C:\Documents and Settings\Trudi\Application Data\ShopperReports\cs -> Spyware.HotBar : Cleaned with backup
   C:\Documents and Settings\Trudi\Application Data\ShopperReports\cs\Config.xml -> Spyware.HotBar : Cleaned with backup
   C:\Documents and Settings\Trudi\Application Data\ShopperReports\cs\db -> Spyware.HotBar : Cleaned with backup
   C:\Documents and Settings\Trudi\Application Data\ShopperReports\cs\db\Aliases.dbs -> Spyware.HotBar : Cleaned with backup
   C:\Documents and Settings\Trudi\Application Data\ShopperReports\cs\db\Sites.dbs -> Spyware.HotBar : Cleaned with backup
   C:\Documents and Settings\Trudi\Application Data\ShopperReports\cs\dwld -> Spyware.HotBar : Cleaned with backup
   C:\Documents and Settings\Trudi\Application Data\ShopperReports\cs\dwld\WhiteList.xip -> Spyware.HotBar : Cleaned with backup
   C:\Documents and Settings\Trudi\Application Data\ShopperReports\cs\persist.dbs -> Spyware.HotBar : Cleaned with backup
   C:\Documents and Settings\Trudi\Application Data\ShopperReports\cs\report -> Spyware.HotBar : Cleaned with backup
   C:\Documents and Settings\Trudi\Application Data\ShopperReports\cs\report\ag.xml -> Spyware.HotBar : Cleaned with backup
   C:\Documents and Settings\Trudi\Application Data\ShopperReports\cs\report\ag.xml.db -> Spyware.HotBar : Cleaned with backup
   C:\Documents and Settings\Trudi\Application Data\ShopperReports\cs\report\send.xml -> Spyware.HotBar : Cleaned with backup
   C:\Documents and Settings\Trudi\Application Data\ShopperReports\cs\report\send.xml.db -> Spyware.HotBar : Cleaned with backup
   C:\Documents and Settings\Trudi\Application Data\ShopperReports\cs\res2 -> Spyware.HotBar : Cleaned with backup
   C:\Documents and Settings\Trudi\Application Data\ShopperReports\cs\res2\WhiteList.dbs -> Spyware.HotBar : Cleaned with backup
   C:\Documents and Settings\Trudi\Application Data\ShopperReports\shprrprt.log -> Spyware.HotBar : Cleaned with backup
   C:\Documents and Settings\Trudi\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Trudi\Cookies\trudi@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Trudi\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\Trudi\Cookies\trudi@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   C:\Documents and Settings\Trudi\Cookies\trudi@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   C:\Documents and Settings\Trudi\Cookies\trudi@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
   C:\Documents and Settings\Trudi\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Documents and Settings\Trudi\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Documents and Settings\Trudi\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Documents and Settings\Trudi\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Documents and Settings\Trudi\Cookies\trudi@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   C:\Documents and Settings\Trudi\Cookies\trudi@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Documents and Settings\Trudi\Cookies\trudi@hypertracker[2].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
   C:\Documents and Settings\Trudi\Cookies\[email protected][1].txt -> Spyware.Cookie.Lop : Cleaned with backup
   C:\Documents and Settings\Trudi\Cookies\trudi@lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
   C:\Documents and Settings\Trudi\Cookies\trudi@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   C:\Documents and Settings\Trudi\Cookies\trudi@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
   C:\Documents and Settings\Trudi\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
   C:\Documents and Settings\Trudi\Cookies\trudi@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
   C:\Documents and Settings\Trudi\Cookies\trudi@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
   C:\Documents and Settings\Trudi\Cookies\[email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
   C:\Documents and Settings\Trudi\Cookies\trudi@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   C:\WINDOWS\system32\hjhrwnun\smss.exe -> Backdoor.Virkel.a : Cleaned with backup
   C:\WINDOWS\system32\winstart.dll -> TrojanSpy.SCKeylog.af : Cleaned with backup


::Report End

2.This is the findjobs.bat not sure y it didn't work like last time?

Volume in drive C is PRESARIO
 Volume Serial Number is 1C7C-D138

 Directory of C:\WINDOWS\tasks

02/11/2005  06:17 PM    <DIR>          .
02/11/2005  06:17 PM    <DIR>          ..
23/09/2002  02:29 PM                65 desktop.ini
02/11/2005  08:19 PM                 6 SA.DAT
31/10/2005  09:06 AM               366 Symantec NetDetect.job
               3 File(s)            437 bytes

 Directory of C:\Documents and Settings\Jack\Desktop

3.Finally this is the fresh hijack log

Logfile of HijackThis v1.99.1
Scan saved at 8:22:06 PM, on 2/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Permeo\e-Border Driver\s5credmgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [e-Border Credential] C:\Program Files\Permeo\e-Border Driver\s5credmgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://www.braustfair.dyndns.org:205/activex/AMC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

[guestolo]

I'm sorry, I'm having a hard time making it to the forum, can you let me know the following
Is your System Restore function working properly?

Also, open Hijackthis,Open the Misc tools section>>Open the hosts file manager
Click the "Open in Notepad" button
A text file will open, can you copy and paste the whole contents back here please

also post a fresh hijackthis log