Posts by jholland1964 - Page 42

This needs to go into a new thread rather than piggy-backed onto this one. These are two different computers. Please provide some info on the computer and exactly what problems have been happening.

I've been having the same problem with my computer... Some icons work fine from my desktop and my system tray - others do not

kristie626, you need to create your own thread, giving it a definitive title so others will know what you are dealing with, stating all your problems, giving full info about the computer and when the problems began.
This thread is over 5 years old and belongs to another which makes the likelihood of you getting help in it are very slim. Plus just because you are experiencing similar problems does not necessarily mean that the cause is the same. Begin your own thread and somebody will be happy to help you.

Who is the manufacturer of the computer?

Ok, heading down the stretch here.....
There are still some Uninstalls I would recommend, your choice really but here goes:
Ad-Aware (why you have two copies I don't know but the program itself just isn't what it used to be. I would uninstall everything here with Ad-Aware on it.
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR - Unless your Dad is a web developer of some kind this isn't needed either, also don't know why two copies show but uninstall both
Adobe AIR
Bing Bar-does he use Bing? If not uninstall
Driver Detective - doesn't get very good reviews, uninstall
iDump (Freeware) Build:29 does your Dad use this? I had to search to find out what this was and frankly sounds like a stupid program,

The days of lame excuses are finally over. Download iDump and start faking excuses today!

...but if he likes it...leave it I guess.
Norton Security Scan - maybe a leftover listing or possibly from their online scanner, I don't know but uninstall.
Spooky Halloween - have no idea what this is...game, video? Uninstall.
iTunes is there, if heor somebody there has an iPod leave it, if he doesn't then iTunes can go also. But that's up to you.

Also the Java is out of date on this machine so a new copy should be downloaded from HERE choose the Offline Install and save it to the desktop. Then Uninstall that one old version showing in Add/Remove. Once it's uninstalled …

Ok, give me a new HJT log and also do a new Uninstall list generated by HJT. Then I can give you what hopefully will be the final steps and get your Dad surfing safe and happy.
Judy

My dad had mcafee, unistalled it, cuz it sucks...norton has been on there, but i didn't think it was active...now he has avira...installed it yesterday i believe...it's just that the mcafee was uninstalled in the midst of the beginning of the malware problem...does that make sense?

Yes makes perfect sense. Just needed to clarify. Now...P2P? Gaming?

Ok looks clean, now can you answer my questions? I really need all this info before we can go farther and we really are not finished yet.

I am also confused here, earlier logs showed McAfee, Uninstall list shows NO McAfee but shows some form of Norton. Combofix doesn't show McAfee at all but does show Norton and the latest HJT log shows no anti-virus program whatsoever....??????
You say this is your Dad's computer? Is he really into P2P file sharing and gaming?

Well I see more has been found, that Koobface by the way came from the video in Facebook.
You say this is your Dad's computer? Is he really into P2P file sharing and gaming?
Another P2P program which should be removed is Vuze.
I also would recommend that any programs downloaded and installed using P2P be removed. P2P sharing is very dangerous and can lead to serious infections. I can say for sure the ONE infection Koobface came from the Facebook video, but cannot say what others may have been involved here. I would recommend uninstalling any programs NOT legally obtained, this includes music, videos, games which normally would be paid for but instead were gotten via P2P.

I am also confused here, earlier logs showed McAfee, Uninstall list shows NO McAfee but shows some form of Norton. Combofix doesn't show McAfee at all but does show Norton and the latest HJT log shows no anti-virus program whatsoever....??????
You need to run the online ESET Scanner.
* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us.

Not done yet. I really need to go through the log, which, as you can imagine can take a bit. You say you could update and run the MBA-M program. Can I see that new log?
Judy

Ok now do the following and if you have to carry the program file from the clean computer to the infected one that's fine, but first try to do the downloading on the infected one.

Please download ComboFix by sUBs from HERE or HERE
· You must download it to and run it from your Desktop
· Physically disconnect from the internet.
· Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
· Double click combofix.exe & follow the prompts.
· When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
· Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

Run Combofix ONCE only!!
Again keeping my fingers crossed, though that didn't seem to help last time. But we must have confidence!

These programs MUST be uninstalled:
LimeWire 5.4.8, Playsushi, Zynga Toolbar

That can't be the entire list, it stops with the "G"s

Ok, we are likely going to have to run another very powerful tool but first of all I would like to see an Uninstall list generated by using HiJackThis.
To do this do the following;
Open the program, click on Msc Tools.
Click on the Open Uninstall Manager button. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into a reply.

Very likely after seeing this list there are programs I am going to insist that you uninstall. Then the next step will be using the very powerful tool to try to remove whatever this is.
But let me see the Uninstall list first.
Judy

Yes, try to load it from another computer. These are just executable files, the links are good, I just tried them, and when you click them you should get the option to save the files. Save them on the clean computer then just move them to a flash drive or cd and take them to the infected computer. I would advise that you do the same with the MBA-M files also.
Then follow the instructions. Remember, normal mode. If you still can't get them then let me know.
Judy

Obviously this nasty thing is running in the background and stopping the MBA-M program. Uninstall MBA-M again the same way as before and also using that mba-m removal file posted earlier at the end.

Then download this program which hopefully will stop the nasty thing from running long enough to get a new MBA-M on there and installed.
You need to do all of the instructions below in NORMAL MODE.
Download the following files to the infected computers desktop
These are all actually the same program, rkill but with different names, hopefully one will work.
rkill.com
iExplore.exe
eXplorer.exe
These instructions below are from bleepingcomputer

Now try these one at a time beginning at the top. "Double click to run rkill. You should see a small blackscreen appear while the program runs. Please be patient while the program looks for various malware programs and ends them. When it has finished successfully, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the infection when it terminates programs that may potentially remove it. If you run into these infections warnings that close rkill, a trick is to leave the warning on the screen and then run rkill again using the next file. By not closing the warning, this typically will …

HEY,
Thanks for reply, Anyways i already have MALWAREBYTES installed, And i've run the program dozens of times with no Luck, It has not picked up anything, I've tried all the big name anti virus, I've also tried a few different Malware software, No detection. HOW COME?
I Know there's something in My PC, thats why at the moment i'm not using it for the internet, Untill i saught this out, And i am not keen on doing a re-install at all, Because i've already done one about 9 weeks ago because of this. But i will try your steps just to make sure anyway. And i wil Post the MalwareBytes LOG file here.

Oh yeah, Yes i'm running windows 7
Thanks for your help.

That's great you have MBA-M and you have run it a number of times, I have seen no logs so I cannot judge whether they were run correctly. Did you run it solely on the infected USB devices? That is what I recommended.
A reformat and reinstall should have removed any infected files if done properly and if that is the case then even more this points to the USB device being the source of the infection.

Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
Restart your computer (very important).
Download and run this utility. mbam-clean.exe
It will ask to restart your computer (please allow it to).
After the computer restarts, Temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
Then see if it will work.

Looks good to me. Now you will need to uninstall combofix as it will not be needed any longer and cannot be re-used. Uninstall it this way:
* Click START then RUN
* Now type ComboFix /Uninstall in the runbox and click OK. The space between the combofix and the /uninstall, it must be there.
When shown the disclaimer, Select "2"

Next you should run HJT once more and place a check mark next to these entries:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
Once you have placed the check marks click the Fix Checked button.
Exit HJT.
Keep MBA-M on your computer for sure, update first and do at least a quick scan weekly. If the quick scan finds something, have it remove, reboot and then update again to be safe and do the full scan to be certain all has been found and removed.
Finally, you also need to set a new, clean Restore point.
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message …

Hi, sorry for the delayed response to your request.
Do the following for me:
Please Download ATF-Cleaner.exe by Atribune to the desktop.
Now RUN ATF-Cleaner.exe.

• Click on ATF-Cleaner to run it
• Where it says Select Files To Delete, Check the Select All Option
• Click Empty Selected > OK
Next do the following;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

REBOOT after running MBA-M!

Once rebooted then do another HiJackThis scan, save the log. Post back here with the MBA-M log and the new HiJackThis log.
Judy

Ahhh...appears that progress is being made.
How about updating MBA-M and doing another Full Scan with it, have it remove everything found, Reboot of course. Then do a new HJT scan and post back here with both logs.

Ok, get rid of the GMER program and try this program.

Now ALL Security programs must be turned completely OFF when this one is run, everything:
Avira
Zone Alarm
SUPERAntiSpyware
Spybot-S&D
a-squared Free Service
Lavasoft Ad-Aware Service

Follow these instructions exactly, no deviation.
Please download ComboFix by sUBs from HERE or HERE
· You must download it to and run it from your Desktop
· Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Close ALL Browsers.
· Double click combofix.exe & follow the prompts.
· When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
· Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

There is infection on that USB device. If this is happening with multiple usb devices then they all must be infected.
You need to stop the computer from using AutoPlay of USB devices in order to get the infection removed.
To do this do the following:
Start Menu \ Run and type in:gpedit.msc
You will see the Group Policy window. You should select Administrative Templates \ System in the tree view:
You will see an item in the right side pane called “Turn off Autoplay”
Double click the item, and set the radio button to Enabled, and change the “Turn off Autoplay on” to All Drives.

Next do the following:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
Once the program is updated plug in that infected usb device. DON'T do anything with it, just plug it in. It shouldn't auto play if you disabled it correctly.
* Once the program has loaded, select Perform full scan, you should receive a box where you select the drives to scan, of course scan "C" drive of the computer AND also place a check mark in that USB drive also, then click Scan.
* …

I also am concerned about the dates showing on the logs todays logs show 3/30/2010 ???? The HiJackThis log shows 3/29/2010 so the date was put on the computer incorrectly when it was reformatted...at least that is what I am hoping happened. If that's the case you need to go in and change it to the correct date.
I am not sure of your location, I am in the US and the current date is 3/2/2010
You also just said, with this post;

I went back and brought the computer up insafe mode and rescanned just to get the logs.

MBA-M really should be run in NORMAL mode. Safe mode should only be used if the computer cannot be booted to normal or if the program won't run in normal mode.
Also the MBA-M program wasn't updated before any of the scans because the database showing is the one contained in the install file. Can you update it and run it again? The current database is 3817. Run a Full Scan in Normal mode this time as there is a good chance there could be more infection but it would not be found with the old database, it needs the new one to be able to scan for all infections which have developed since this version was released.
But I also do need to see the log that first removed whatever was on there.
If you open the MBA-M program and go to the Logs …

Run another HiJackThis and post the log.

You are miss reading the name of the file, at least the ones I see, they all read wlnotify.dll. There is one which reads WLNotify.dll but would be the same file. These are all legal files, see this link;
http://www.systemlookup.com/search.php?type=filename&search=wlnotify.dll&s=
SpyBot should have caught and removed this I would think.
Maybe I am reading them wrong but they all look ok to me.

also i noticed that this malware program quarentines and deletes does that mean as long as i have this program loaded on my comp it wont get it again? cause im kinda disapointed in macfree cause thats was unacceptable that it just let it slide right in makes me think that there are better antivirus and security progams out there that my money would be better supporting.

No, this doesn't mean you won't get it again. It just means that it is gone now. I most definitely would keep the program, it is top of the line right now with removals. There is a paid version that does offer real time protection but remember it is NOT an anti-virus program. And frankly money doesn't buy protection. There are some excellent FREE anti-virus programs out there that rank quite high. Avira and Avast are two of the best and highly recommended. I personally use all free programs and am quite satisfied. I use Avira, MBA-M free version and scan weekly, always updating first, I use SpywareBlaster from Javacool Software which is not a scanner but gives superb protection against malicious software,spyware, adware, browser hijackers, dialers. Download, install, update and enable all protection and then close the program. That's it. Manually check for updates every week or so. It doesn't update too often but when it does download, enable all again and close the program. I wouldn't run my computer without it.

Now all that …

I had a same problem. Couldn't open mozilla and internet explorer 8. Tried lots of things but nothing helped just reinstalled windows and that was the best solution.
Btw when that virus strikes only best working exp.is "Google Chrome" it works perfect in that situation.

You know this thread is 14 months old. There is no guarantee the infection on this particular computer and yours are identical. Each computer is different and what works on one may not work on another, especially when discussing a problem posted 14 months ago and where the original poster neglected to return.

i have to right click and hit start

Nothing wrong with that it is a legitmate way to open software, either way is fine, double click or right click.

Your MBA-M program was not updated before you ran it. This is an absolute must that you update the program before each and every scan. This program often has multiple updates daily. The database you are showing is 3510 which is the install database of the current version and created before the appearance of this infection, so it wouldn't find all the infected files. Obviously you have more than that on the computer based on what WAS found with the scan.
Today's database is 3811 so you can see you are 300 behind. Update the program and run a Full Scan. Have it remove everything found and Reboot the computer. Then run a new HJT scan and post back with both logs.

I would recommend that you totally disconnect that infected computer from the internet. Then boot to safe mode and run MBA-M on it and have it remove what it finds. Reboot.Then try again to run it in normal mode. It won't be fully updated I know but it's possible that the run in safe mode, which is only recommended for instances like this one as it doesn't scan everything in safe mode, will have removed enough to allow a normal mode run.
Post back here with both the safe mode log and the normal mode log. But continue to keep it offline for the moment.

If you have a secondary hard drive on the machine and items were found by the Avira scan on it then you need to update MBA-M and do a new full scan and be sure this secondary hard drive is also included in the scan. Your first scan shows only the "C" drive was scanned. Do this again and post the new log.

Without knowing what exactly has been removed I cannot judge by the logs posted what those would be. One glaring omission I do see however is an onboard anti-virus program. I see Zone Alarm, which is a firewall and an abundance of anti-malware programs but no anti-virus program. Running an online anti-virus scanner doesn't take the place of having an anti-virus program installed and running at all times on the computer.
Looking at recent installs I note that virtually all of these security programs were just newly installed, today. Telling me prior to this there was no security on this system. You are very lucky if all you are getting are search redirects. Especially since I do see two of the programs installed on the computer, uTorrent and Limewire, mean that this computer is likely used regularly for P2P file sharing, one of the easiest ways to get a major infection especially without any security programs to hopefully be able to block some of the especially nasty infections which come in via P2P. Many of which can actually "toast" the system and require a reformat of the machine.

Immediately install, update and enable a good anti-virus program. Two of the best free ones are Avira or Avast. Choose one and install it and keep it enabled at all times. Choose ONE,install it , update and keep it running at all times. Do at least weekly scans with it along with the other security programs …

You are running a two year old version of HiJackThis, could be one reason for the error. But also, there is no way you have only ONE running process on the computer...it wouldn't be running... so the log is also incomplete. What operating system are you using? That doesn't show in the log either, possibly because you are running Windows 7 but also maybe because your HJT version is so old.
If somebody has hacked into your machine, get it off the internet and I mean UNPLUG the internet cable from the machine and if you have a wireless connection also disable it. You are going to have to download programs to a working machine, load them onto either a cd or flash drive and take them to the infected machine and run them that way. Now doing things this way will mean the programs cannot be updated but if you can get most of the infection off to then allow internet connection then the rest could be removed once you could get back online.
I hesitate to link to any removal programs until I have more info about the machine, especially what operating system is on it.
Do run a new HJT scan but with this current version. Download to another machine and take it to the infected one via cd or flash drive.
Then post the log back here.
HiJackThis

System restore is not going to remove an infection so even the thought of that is useless. Many people don't have system restore enabled on their machines because of the small amount of things it backs up. System Restore only really only operates on a very small number of system files and settings. Basically it backs up your registry and that is it. When using System Restore to go back for whatever reason you also shouldn't count on going back more than a couple days. New restore points are made a various times and system restore is meant for only very recent changes. It is only so large, once the disk space for it is filled then older restore points are wiped out. System Restore does NOT save your data, does not keep copies of your files, doesn't keep old versions of programs so expecting it to restore your computer to "clean" after an infection just isn't going to happen.
From Ask Leo

System Restore will allow you to restore your system's configuration to a previous state. In some cases that means that viruses or spyware will be "undone" as part of the process. But system restore does not remove infected files from your system, and you can quickly get infected again. It also does nothing to prevent new threats from arriving.

There are a number of good image programs out there yes, BUT they don't REMOVE infections either. If the infections are not removed then all …

Thanks J!
You're right, but I have trouble getting them to think ONCE...let alone twice.
Please keep us posted on any new developments with this monster.

Will do. Helped a friend earlier this year whose kids had infected the computer with one of the first types of this "monster", Antivirus 2009.
At the time it was also a "bear" to remove and the fact that it was a Vista computer without restore disks made it more so. I traced the infection to three P2P music files from a website AND one that came in via a flash drive, also originally a P2P shared album. I told her we would have to reformat but we couldn't get to the restore partition to even attempt that either. She called Dell and told them what the situation was and they mailed her all the disks for the restore. While waiting for those to arrive I continued to "play with" the computer as she had very important files on there because she is taking some classes herself which included a lot of online work that hopefully we could find a way to copy before the reformat. One of the things this infection did was make itself an entry in Scheduled Tasks which I found only by accident. I looked in there and found two unusual scheduled tasks...odd names which were scheduled to start when the computer started. Since we were going to do a reformat anyway I figured there was nothing …

If you have attempted all listed remedies, then no, I can't think of anything else to do but wipe it out and reformat. It will certainly be a good lesson because I image your child's computer has a lot of things that will be lost. Makes you think twice the next time.

Looks ok to me. I would recommend you add SpywareBlaster if you don't all ready have it.
To quote from their website:

Why SpywareBlaster? Spyware, adware, browser hijackers, and dialers are some of the most annoying and pervasive threats on the Internet today. By simply browsing a web page, you could find your computer to be the brand-new host of one of these unwanted fiends!

The most important step you can take is to secure your system.
And SpywareBlaster is the most powerful protection program available.

Multi-Angle Protection

* Prevent the installation of ActiveX-based spyware and other potentially unwanted programs.
* Block spying / tracking via cookies.
* Restrict the actions of potentially unwanted or dangerous web sites.SpywareBlaster does not have to remain running in the background. It works alongside the programs you have to help secure your system.

I truly wouldn't run my computer without it. It is FREE. Download, install, update and Enable All. Then close the program. Check for updates once a week. If there is one, install, enable all and close the program.
Other than that I think you are good to go. But do consider adding that.
Judy

Great! Glad all worked out so well. If you have "old" bookmarks in IE you can at least import those into Firefox.

Depends on data. Various documents and that type of thing could be burned to cd's. You will have to be very careful because of the infection, it could be in a lot of places on the computer.
Here is info about this particular infection:

Win32.Polip.A is a dangerous, polymorphic file infector, with a worm-like spreading capability. It's targets are EXE and SCR files.

It is a memory-resident virus, because once executed, it injects code in the running processes. The first files it infects are those located in %ProgramFiles% and %WINDIR% directories. But it hooks imported functions for the infected proceses, so that all executables accessed by those processes will be infected.

There are any number of excellent anti-virus programs, Avira and Avast are both very good. BUT continue with the P2P file sharing and even with good av programs your chances of getting infected again are pretty good.

Run HJT again and put a check mark in these entries:
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSC...ws-i586-jc.cab
After you have placed the check marks then click the Fix Checked button. Exit HJT.
It appears your java is out of date. Please go to http://java.com/en/download/manual.jsp and download the offline install file and save it to the desktop.
Close your browsers and go to Add/Remove. Uninstall all old versions of java that you find there. Once they are all uninstalled then click the install file on your desktop to install the newest version. Keep a close eye on the install procedure and they often times will offer toolbars you don't need. If you see one of these offered just remove the check mark next to the notification and proceed with the install. It should take only a few moments. Once the install is complete go back to the download page and on the right side you will see Verify Now. Click there to go to the verification page to be certain the install was successful.
Once complete do another HJT scan and post the log. Are you still getting the search redirects?

Go ahead and try running the program and see what it finds. If it finds something have it remove and reboot.

I used caps for emphasis only because updating is key. I am sorry you feel I am not professional or capable. I only stepped in because others were not available. I will no longer offer assistance.

I followed the links that were provided and it did the update for MBA-M because I made sure it was checked, like you asked. YOU DO NOT HAVE TO CAP to me. That is a little uncalled for. I am here asking for help, not to be scrutinized. I will download this one but I did go to the link YOU provided for Hijackthis the first time.

Pardon me. I didn't give you the original link crunchie did but I told you to download the program on the right side of the page which is the current version 2.0.2
Try again to update MBA-M as that database is at least 4 months old.
If you cannot update via the program then try this link for a manual update file. It won't be entirely current but more recent than the one you have
http://mbam.malwarebytes.org/database/mbam-rules.exe

I think you should follow the removal instructions on these links:
http://www.bleepingcomputer.com/virus-removal/remove-paladin-antivirus
http://deletemalware.blogspot.com/2010/02/how-to-remove-paladin-antivirus-fake.html

Good luck!

mcmike, you need to read all posts in a thread. The instructions I posted are the SAME ones given in the links you gave.

The first link that you have is the same link I all ready posted here.

What anti-spy programs did you run? We need to see all logs from programs run.
The program we ask all to run is Malwarebytes' Anti-Malware. Is this one of those that you ran? If so, post the log, if not, do the following;

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

REBOOT after running MBA-M!

Please uninstall that TEST version of HiJackThis using Add/Remove and download the current version from HERE Run a scan with this one AFTER you have done the MBA-M scan and rebooted the computer.
Post back here with both logs.

You DID NOT update MBA-M after the install and before the scan it still shows the original database which comes with the program download. MBA-M must always be updated before each and every scan. That HiJackThis is still the wrong one. Uninstall it via Add/Remove and download again from this link;
http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10781312.html

Forget that for now, move onto the rkill instructions. If that DOES work THEN try first tha tmbam-clean.exe

If you can't get the rkill files to download onto the infected computer then do as you did before and use the good computer and email to the other.
Are you absolutely certain that it is the infection blocking and not a firewall or some setting in the browser?

I cannot say for certain if the recovery disks would give you the option for a repair or not, though I would think they would.
As far as Windows Updates and notifications they are not good or to wait, those generally don't come from Windows but from websites like these. Also some of the PC online magazines will often have notifications that people are having problems with an update of some kind.
You do need to check on the Bitdefender because it doesn't show in the Uninstall list.
As for the System Restore you might give a read to this info from here as it gives a good explanation of what System Restore is and how and when it can be counted on and also when it cannot.

Unforturnately you have learned the dangers of P2P file sharing. Some of the worst infections can strike your system by sharing with others. Since you cannot repair these and you want a good running computer I think your only option is reformat, but if you continue to use P2P your computer will very likely become infected again.

Well, several things I note here, though you said in the original thread that you use BitDefender as your anti-virus program Norton, Bitdefender both have entries in your DDS log, however, there is no indication of either programs RUNNING on the system and the only semblance of a security program showing as being disabled, meaning it's at least installed is Spybot.

Going through the Uninstall list there is NO anti-virus program listed on that at all not even BitDefender so obviously there is no anti-virus program installed.
I see MBA-M in there and Spybot but neither of those is a real time scanner and neither is an anti-virus program so you don't have one installed. I don't see a Firewall listed either so unless you are using the built in firewall you don't have a firewall either. So you literally have no protection on the computer.

You said in the original thread

I tried to do a system restore, but ALL of my restore points were GONE! I have made some manual restore points since, and a few (not all!) are still there, but I cannot restore them.

You are operating under a mis-conception really, System Restore only works for a few key system files. It isn't going to give you your computer back to perfection usually.
The Windows Update you mention has caused problems for BOTH XP and Vista users and it was advised not to install it. Also for the Nvidial Display GeForce 9200 …