Posts by dlh6213

I don't recommend updating to SP2 until after you've got your system clean; see this thread for more info about SP2:
http://www.daniweb.com/techtalkforums/thread10031.html

You need to put hijackthis in it's own permanent folder before you fix anything with it. HJT creates backups in case something goes wrong, and if it's in a temporary folder, as you have it now, they could accidently be deleted. A folder like c:\hjt\hijackthis.exe is suggested.

After you've moved it, close all browser windows, scan again and post a new log.

This may help with the cpu usage. CTHELPER.EXE should probably be disabled:
Quote from sysinfo:
"CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative’s sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it."

Close all browser windows, scan with HJT, and have it fix this entry:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

That's the only thing I see; someone else may spot something I missed.

I just have one silly question for you...

How do I get in to safe mode? :o I have only ever gotten there in the past when the computer had problems and prompted me to do so...

I am taking computer courses! I promise!! I paid $9750 to be there but I just started, so I am not sure how to do anything at this point in time!!!

Attina

Didn't any of your teachers ever tell you there's no such thing as a silly question? :) (or the only stupid question is the one that wasn't asked).

DMR's suggestion for getting into Safe Mode is the most common, but there is another way (if you're interested). Go to Start, Run, type in MSCONFIG, hit enter, click on the tab that says Boot.ini, selelect Safe Mode, and then click the OK button. When you're done in Safe Mode, repeat the instructions, but use the General tab, and select Normal.

I don't know what kind of classes you're taking, but you can get a great education just by reading the threads in forums like this one!

This is just a guess, so you may want to wait for someone else to verify this before you delete anything.

It looks like all your problems are within the same file (J38305.2372531366.WCU). The ".wcu" extention was just used as an extention name that isn't common to hide the file from most anti-virus programs. Normally AV programs aren't set to scan all files, only executable ones.

If it were me, I think I would delete the entire Business Logic folder, unless you know what it's for. Other than that, I would at least delete the J38305.2372531366.WCU part.

I'll see if I can get someone else to have a look at this for you.

oh also should i delete O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab ?
it looks like pretty much the same thing as what you told me to delete

Good catch! :) My bad :( You are correct, go ahead and have HJT fix that as well.

:rolleyes: i always forget that... ummm yeah it tells me where it is (only have avg now) but it is a HUGE location file and I can never find it... if u want the location let me know... i am not sure how to even begin fixing this type of stuff... darn us rookies :cheesy:

We're all rookies of some sort :)

The location would be helpful, but if it starts like this:
C:\System Volume Information\_restore folder
Then check this thread:
http://www.daniweb.com/techtalkforums/thread13362.html

If it doesn't, then try to give us the location.

Did you try fixing that line with HJT? (R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\winxp\system32\blank.htm)

If so, were all browser windows closed when you did it? If they weren't, or your not sure, try it again.

If it still doesn't work, try booting into Safe Mode and see if it will work from there.

I don't see anything else bad in your log.

Remember to close all browser windows before scanning with HJT :)

Have HJT fix this entry:
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

That's the only thing I see. When AVG and/or Norton find the problems you mentioned, does it tell you where they are located? It's possible they could have been included in a Restore Point, in which case they wouldn't show up in your HJT log, but you would still want to remove them so you don't 'Restore' them at some point.

Hi
Thanks it worked great! Is there any reading material that anyone can recommend so that I can understand the inner workings of this all better.
Thanks again!

There is a link to a hijackthis tutorial in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html

Is this what you wanted? Were there some particular things you would like to know about?

It still looks okay to me, but it still isn't showing what version of HJT you're using. There is a new one available now, 1.99, you should get that and then post another log.

First of all, you need to go to Windows Update to get the Critical Updates for your system. Hold off on SP2, however, until your computer gets cleaned up.

Next, you should put HJT in it's own folder instead of right on the desktop. You can do this by right-clicking on your desktop, point to New, and click on Folder. A new folder will be created that you can name whatever you wish (like HJT). Once you have the new folder named, drag hijackthis into it.

Whenever you scan with HJT, make sure all browser windows are closed.

This thread should resolve your bridge.dll problem:
http://www.daniweb.com/techtalkforums/thread7370.html

nwiz isn't harmful, it's part of NVidia; check this link for more info:
http://www.liutilities.com/products/wintaskspro/processlibrary/nwiz/

TV Media IS a hijacker, find out more about it here:
http://www.liutilities.com/products/wintaskspro/processlibrary/Tvm/
(Removal instructions will be found below).

CTHELPER.EXE should probably be disabled:
Quote from sysinfo:
CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative’s sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional …

Wheeee Im back lol My Norton was out of date so I saw AVG on another post and decided to give it a shot. Welllll... found a couple things Norton didnt, but there are 4 Trojan Downloaders that are on my computer and AVG is no help in deleting them! I have Downloader.Stubby.C on my computer twice and Downloader.Agent.AS is on twice also. The status on these is "infected, embedded object" is there a way to go into it manually and get rid of these buggers or are they gonna sit in my computer till i get a up to date ($$) antivirus? Also, the item that is infected is a HUGE address and i couldnt find it on my computer... :?: could someone help me out? Many thanks :D

Can you get the latest version of hijackthis (1.99) and post another log so we can see where these pests are residing?

I delete all my .tmp's about once a week (search for *.tmp).

Go here http://www.billsway.com/vbspage/ and download, unzip and run the Registry Search Tool. Type crazywinnings in the dialog box. Let it run and after a few minutes, a prompt will appear. Click OK to write the results to Notepad and post them here.

There are links to several helpful utilities in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html

Post a Hijackthis log (explained in that thread -- make sure you get version 1.99) and we can help you get rid of eZula and whatever else you may have :)

I don't know what it is either, but if it's a .tmp it shouldn't be important. Did you try deleting it in Safe Mode?

Maybe someone can help. I am having trouble re-installing Kazaa. When i try to re-install, it goes to a fix it screen. Once i hit the fix tab, it says that their is an error and the program will close. Please help

That's a good thing! You shouldn't want Kazaa on your computer anyway. And it's against the forum rules here to assist with it.

Jjfaeries2000, you need to start a new thread instead of tagging onto someone else's, and all hijackthis logs are supposed to be posted in the Viruses forum.

Put Hijackthis in it's own folder (like c:\hjt\hijackthis.exe) and close all browser windows when scanning with it.

After you've done your scans, you can post another log if you like, just to make sure.

To help protect your system, you should get SpywareBlaster and/or SpywareGaurd (links to both are in this thread: http://www.daniweb.com/techtalkforums/thread5690.html) and keep them updated.

just to let ya know dhl, it went great!! ive tried downloading sp2 before and it messed up my computer somethin serious... thank you very much :D

Glad to hear it! :) The reason it probably messed up before is because your computer was messed up. SP2 has a tendency to magnify problems if they exist, that's why I suggested you get it cleaned up before upgrading.

To help keep your computer somewhat safer, you should get SpywareBlaster and/or SpywareGuard (links to both are in this thread: http://www.daniweb.com/techtalkforums/thread5690.html). As with all other protection measures, keep them updated!

Happy computing!

This drove me crazy too when it first started happening. Turned out to be Google's pop-up blocker -- everytime it blocks a pop-up, you hear the drip. Now that I know what it is, I like hearing it! I remember reading there's a way to turn it off, but I don't remember how to do it.

Your log looks clean to me, but for some reason your HJT has been moved. You had it here before: C:\hijack this\HijackThis.exe, but now it's here: C:\HijackThis.exe

You should move it back into a folder (C:\hijack this\HijackThis.exe). Also, your log doesn't show what version you're using; if you're not using v1.98.2, you should update it and post another log.

Are you still having problems?

It appears to have been moved already. Follow crunchie's advice in post #3.

Try the advice in post #2 of this thread:
http://www.daniweb.com/techtalkforums/post67267.html#post67267

Your log looks clean to me... Not sure why your getting the CPU spikes. Hope the SP2 update goes well for you :)

If you decide to get rid of Kazaa -- and you should -- here's how to do it:

Go to Add/Remove Programs in the Control Panel and remove Kazaa. Get Kazaabegone to remove all remnants of kazaa:
http://www.spychecker.com/program/kazaagone.html

Before running Kazaabegone, download LSPfix from http://www.computercops.biz/downloads-file-334.html (the process of getting rid of Kazaa sometimes messes up the internet connection and this will allow you to restore it).

Run Kazaabegone; if your internet connection is lost, start LSPfix.
On the opening screen, click the "I know what I'm doing" checkbox. Then click Finish.
That will restore all previous settings.

You can have HJT fix these:
O2 - BHO: (no name) - {07084BEE-CB52-45C9-5BA5-931B7E910F1E} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

Are you having a particular problem?

Can you do steps 8 & 9?

And spyware at the same time. I managed to restore my system to the previous day. I'm using XP home edition. It seems to have fixed the problem.

My question is can I depend on this as a permanent fix for this one occurrence or could this thing still attack again?

Thanks

Most likely not, a hijackthis log would be in order here as OneNation suggested. You can find a link in this thread along with more useful information:
http://www.daniweb.com/techtalkforums/thread5690.html

I don't know how to check the boot sector, but I have a couple of other suggestions.
Have you tried running ScanDisk?
Did you install your motherboard drivers after you formatted?

Close all browser windows, scan with HJT, and have it fix the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\SPOOKF~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\SPOOKF~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\SPOOKF~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\SPOOKF~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\SPOOKF~1\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\SPOOKF~1\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {19747FDE-71B3-44F7-B0DC-5D6722D53AC3} - C:\WINDOWS\SYSTEM32\fgeno.dll (file missing)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [xpGG6r.exe] c:\documents and settings\spookfish\local settings\temp\xpGG6r.exe
O4 - HKCU\..\Run: [atiupdate] C:\WINDOWS\System32\msshed32.exe
(http://startup.iamnotageek.com/srch-msshed32.exe.html)
O18 - Filter: text/html - {2F3C9B3B-8AC9-47A0-8A06-4DCA304B49A4} - C:\WINDOWS\SYSTEM32\fgeno.dll
O18 - Filter: text/plain - {2F3C9B3B-8AC9-47A0-8A06-4DCA304B49A4} - C:\WINDOWS\SYSTEM32\fgeno.dll

Reboot into Safe Mode

For every User listed under C:\Documents and Settings, delete the entire contents of these folders:

1. Local Settings\Temp
2. Cookies
3. History
4. Local Settings\Temporary Internet Files\Content.IE5

Delete the entire content of your C:\Windows\Temp folder
Delete the entire content of your C:\Temp folder

Go to:
C:\WINDOWS and delete vsnpstd.exe
C:\WINDOWS\System32 and delete msshed32.exe

Empty your Recycle Bin

Reboot normally, close all browser window, scan with HJT, and post a new log.

That scan looks like it was done in Safe Mode. Have HJT fix this:
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

Then post another log from normal mode with all browser windows closed. Are you still having a problem?

You need to at least get SP1 for XP and for IE, I don't know why you would have gotten a message saying you only need SP2. But, it should be okay for you to get SP2 now -- have a look at this thread before making a decision:
http://www.daniweb.com/techtalkforums/thread10031.html

Also, SpywareBlaster and/or SpywareGaurd will help protect your system. Update them and have them enable all protection.

The only thing I see that's weird is that this keeps coming back:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

Have HJT fix it (again) and, if you haven't done so already, get Spywareblaster and/or SpywareGaurd (links in DMR's sig), update them, and have them enable all protection.

Good luck and keep clean!

Follow the suggestions in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html
Then post a hijackthis log (explained in that thread).

Make sure you're using Windows Explorer and not Internet Explorer.

As long as you use P2P programs you will continue to have problems (Networking2.exe, Piolet.exe, BearShare.exe all put spyware on your computer)

Download LSPfix from here:
http://computercops.biz/zx/phoenix22/LSPFix.zip
On the opening screen, click the "I know what I'm doing" checkbox. Check all instances of "calsp.dll" (and nothing else), and move them to the "Remove" pane. Then click Finish.

Go to c:\windows\system32 and delete the calsp.dll file manually.

Close all browser windows, scan with HJT, and have it fix the following entries:
O4 - HKLM\..\Run: [GXGG] C:\WINDOWS\srrpqk.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

Reboot into Safe Mode and go to:
C:\Program Files and delete the ISTsvc folder
C:\WINDOWS and delete srrpqk.exe

I can't find any info on this one, if you didn't install it you should remove it:
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe

Reboot normally, scan with HJT, and post a new log.

Go to Add/Remove Programs in your Control Panel and remove:
WildTangent
WeatherBug

Close all browser windows before scanning with HJT. Scan again and have HJT fix the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tqjvn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tqjvn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\tqjvn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tqjvn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tqjvn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tqjvn.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tqjvn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {62570A97-00AA-D18C-7CC3-2626EFF3D042} - C:\WINDOWS\system32\netng.dll
O4 - HKLM\..\Run: [MSConfig] SJVKRFQSJL.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [winfv32.exe] C:\WINDOWS\winfv32.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/mini...?rand=200341220

Reboot into Safe Mode and go to:
C:\WINDOWS and delete sdkxk.exe and winfv32.exe
C:\WINDOWS\system32 and delete netng.dll
C:\Program Files and delete the WildTangent folder

Reboot normally, close all browser windows, scan with HJT, and post a new log.

Put HJT in it's own folder before fixing anything with it or you may end up with backups scattered all over your desktop (like C:\Documents and Settings\Brent Williams.NA-OJSYSNA69ESY\Desktop\HJT\HijackThis.exe instead of C:\Documents and Settings\Brent Williams.NA-OJSYSNA69ESY\Desktop\HijackThis.exe)

You don't necessarily have to go through the suggestions in sequence, if you run into a problem with one thing, go ahead and try to do the rest. Do as Caperjack suggested and try cleaning the temp folders while in Safe Mode. Whether it works or not, you can still fix the stuff noted in your HJT log. And you still need to get the Critical Windows Updates (except for SP2, for now).

i cant find the file system! can you help. i have the xp.tks

Double-click on My Computer, right-click on the drive you want to check, click on Properties, and look for where it says "File System:" Next to that you should see NTFS, FAT32, or whatever file system you have.

Try cleaning out your Cookie and Content.IE5 folders while you're in Safe Mode.

In the Menu bar across the top (File, Edit, etc.), click on Tools, click on Folder Options, click on the View tab, find Hidden files and folders and click on the circle next to Show hidden files and folders; go down a couple more lines and you'll find Hide protected operating system files, remove the check from this box.

For every user account listed under C:\Documents and Settings, delete the entire contents of these folders:

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder
Delete the entire contents of your C:\temp folder (this should fix your salm.exe problem)

Do a search for *.tmp and delete everything found

Empty the Recycle Bin

Go to Add/Remove Programs in your Control Panel and see if you have Web Rebates; if so, remove it.

Whenever you scan with HJT, make sure all browser windows are closed. Scan with HJT and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file)
-Transponder parasite variant (LOCALNRD.DLL)
O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B206D897A} - (no file)
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\xxwa.exe-TrojanDropper.Win32.Small.cw
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...3b6edf749c9050f
-Blazefind Windupdates Adware
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yah...nst_current.cab
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - (no file)
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - (no file)

You also need to go to Windows Update and get the …

I deleted the two keys you mentioned, and I've emptied my Temp directory. A simple search for msshed32.exe turns up a copy in c:\WINDOWS\system32 as well - should I kill that one as well?

Yes, sorry I missed that.

Also, close all windows, scan with HJT, and have it fix the following entry:

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26de604...ip/RdxIE601.cab
-Netster

Please post another log.

It's possible I could have overlooked something, but I don't see anything in your log that would indicate a problem (with the possible exception of the Start page that was removed by a moderator).

You didn't give a specific problem other then the computer running slowly lately so maybe some of this will help. I realize you said you clean and optimize regularly, but go through everything listed in case there is something you haven't done.

For every user account listed under C:\Documents and Settings, delete the entire contents of these folders:

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire content of your C:\Windows\Temp folder

Do a search for *.tmp and delete everything found

Empty the Recycle Bin

Run Disk Cleanup, Scandisk, and Defragment

You have quite a few processes running; that could be what's slowing your system down. Check this site for advice on how to set them:
http://www.blackviper.com/WinXP/servicecfg.htm

Hope this is of some help.

It sounds like you probably have a virus of some sort. You should go to this site:
http://www.spywareinfo.com/~merijn/downloads.html, go down to Hijackthis, and download it from one of the links given. After you download it, unzip it into it's own folder, like c:\hjt\hijackthis.exe. Then close all browser windows, scan with HJT, and post the log in the Viruses forum.

And almost beyond my capability to stay awake for- could someone please tell me what the heck I'm doing up at 3 AM crunching through HJT logs?

Inquiring (and very tired) minds want to know... :mrgreen:

You just love it and can't get enough :lol:

Thanks for picking this up; I completely overlooked that wild tangent. Any advice for the 1800SearchAssistant?

My fault, I need to change my link, v.1.99 hasn't been officially released yet and can cause some problems. This site has links to several other sites where you can get 1.98.2:
http://www.spywareinfo.com/~merijn/downloads.html

When you get 1.98.2, make sure you put it in it's own permanent folder (your 1.99 is running from a temp folder).

As far as your log goes, I don't see anything; is your problem gone now?

Fix this only if you do not have Java Sun:
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
Hijackthis has a bug that misinterprets some 09 entries.

I only see one thing; close all browser windows, scan with HJT, and have it fix the following entry:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com