Posts by jholland1964

Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.
* Windows will issue a prompt asking whether you wish to run the program, click Run

You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a …

Can you run a new HJT scan and post back with that log please?
Thanks! Judy

Still not clean. You are going to have to do the following:
Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

*Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.

Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore …

You have to be patient sometimes there is only one of us here...The last HJT log you posted is incomplete. The top part is missing, we always need to see the full log, including this part...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:31:44, on 03/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Can you run a NEW Full System scan and post that entire log for me?
Last night was a long night here.
Judy

These files should be copy/pasted into a reply not attached. Can you do that for us?
Thanks,
Judy

Yes, thank you VERY much. Things seem to be back to normal!! Looks like Mcafe isnt doing its job very well!

The infections on your computer were Trojans, an anti-virus program isn't equipped to look for and remove Trojans. It works on protection against viruses.
Keep the MBA-M program and scan with it at least weekly, be sure to update before each scan. For weekly scanning just use the Quick Scan, if it finds and removes something then use the Full Scan to be sure everything is gone.
You should set a new and now clean restore point by right clicking My Computer. Choose Properties. When System Properties opens click the System Restore Tab. Put a check mark into Turn Off System Restore. You probably will get an alert or warning that it is turning off, click ok or yes, whatever the correct answer is there. Then System Restore will turn off. Wait a moment and do the reverse, go in and take OUT that check mark and System Restore will turn back on.
If you feel everything is solved you can mark this thread Solved.
Judy

Actually looks pretty good and appears that MBA-M and ESET removed quite a bit.
Have things improved?
I note your java program is out of date. Current version is Version 6 update 11. You should go HERE Download the Offline Install to the desktop. Once that is downloaded then go to Add/Remove and Uninstall ALL previous versions of Java showing there. Once the uninstalls have completed then go to that install file on the desktop and double click to install the newest version. When the install is complete go back to the Download page and on the Right side you will see Verify Now. Click that to go to the verification page where you can test and be certain that your install was successful.
Judy

Ok, here is what you need: download CodeStuff Starter
This program is free and a very easy way to control both Auto Starting Programs and Auto-Starting Services.
Once you get it installed and open the program you will see Three Tabs;
Startups (these are programs which auto start when you start the computer) Processes (this is the same as your Task Manager) and Services (these are the programs which start as services)
First Click on the Startups Tab.
Click All Sections right at the top on the left side. This will show all programs which auto start from different locations...users, current users, registry...etc. You will see all of yours.
Take the check marks out of the following listings:
These are ones you can ABSOLUTELY stop and are not needed at all to run at Start up and can all be run manually when needed.
ISUSScheduler>>>InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software
ISUSPM Startup>>>InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software
NeroFilterCheck>>>Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
igfxtray>>>Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets
igfxpers>>> Associated with the Common User Interface module for Intel graphics cards
Google Desktop Search>>>"a desktop search application that provides full text search over your email, computer files, chats, and the web pages you've viewed.
TkBellExe>>> Application Scheduler installed …

The logs look good. I have several questions before I want to offer start up advice. I see several references to LeapFrog. I know these are kids video game players and several other type items...I have grandkids...but have not found anyplace where these are required to run at start up. Are these used very often? There are multiple listings for Leap Frog both in start ups and start up services.
I also note you say you use wireless internet. You have a start up for ModemOnHold which generally is used for dial up connections and wouldn't be needed unless you use dial up, the same goes for Digital Line Detect
You also have some definitely unnecessary start ups which you can stop and I will note those and tell you how to stop themafter I get your answers on these other questions. Disabling unnecessary start ups would certainly speed the boot time. I will also give you a link to a free program to control these.
Judy

Malwarebytes' should not be showing in the log. The computer evidently was not rebooted properly after running it.
From the looks of the HJT log I would say, no, the computer is not clean yet.
MBA-M must be run properly in order to work properly.
Please shut down the computer. Reboot. Update MBA-M and run another full system scan with it.
Be sure that everything is checked, and click Remove Selected.
Reboot the computer.
Scan again with HJT and save the log. Then post back here with the new MBA-M log and the new HJT log.
Also please turn off that uTorrent program until the computer is deemed clean. You shouldn't be doing "extra" things until the computer is clean.

Do you feel things are corrected and running better?

The files found by MBA-M are in your System Restore.
The HiJackThis scan was run while the computer was in safe mode. This will not give a clear picture. It must be run in Normal Mode. Was the MBA-M run in normal or safe mode? This program is designed to be run in Normal Mode and shouldn't be run in safe mode unless instructed to do so.
Please reboot to normal mode and run HJT again.

Run HJT again. Place check marks next to the following entries if still present:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O23 - Service: Microsoft Update Service Helper (msupdsvc) - Unknown owner - C:\WINDOWS\system32\msupdsvc32.exe (file missing)
O23 - Service: Niku Beacon - Unknown owner - C:\niku\Clarity\bin\nikubeaconservice.exe (file missing)
O23 - Service: Niku System Admin Server - Unknown owner - C:\niku\clarity\bin\nikunsacmd.exe (file missing)
O23 - Service: NobleNet Portmapper for TCP - Unknown owner - C:\niku\Actuate7\Server/bin/portserv.exe (file missing)
O23 - Service: OracleOraDb10g_home1TNSListenerMITRE - Unknown owner - C:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe (file missing)
O23 - Service: OracleServiceMITRE - Unknown owner - c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE (file missing)
O23 - Service: Actuate Process Management Daemon 7 (__AC_PROCESS_MGMT_DAEMON7) - Unknown owner - C:\niku\Actuate7\Server\bin\pmd7.exe (file missing)
Once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Reboot the computer. Run HJT once more and post the new log here.
Judy

Please do the following:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Reboot the computer.

Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.
Reboot the computer.
Then run a new HJT full …

Can you tell me who is your internet provider? Did you personally add all those trusted sites? Is this a business computer or used for your job?

Reboot and run update MBA-M then run a full system scan with it, reboot and run a new HJT full system scan and save the log, post back here with both.
Judy

I would like you to do the following:
Open Notepad(NOT WordPad) and copy/paste the text in the below quote box into it

KillAll::

File::
c:\windows\system32\hidujuku.dll
c:\windows\system32\najowate.dll
c:\windows\system32\nasikunu.dll

Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe

*At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe
* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
Post back here with that new log.
Judy

Give me a bit to go through all this and I will get back with you ASAP.
Can you update MBA-M and do another scan with it, reboot and then give me a new scan with HiJackThis.
Judy

Ok, the files found by MBA-M were in your Recycler folder and they are gone now.
I would like you to do the following;
Go to this website http://virusscan.jotti.org/
This is a website which will scan suspicious files using multiple antivirus programs and then report back to you what is found by there various scans.
I would like you to upload these files to the site and allow the scans to take place. Report back on the complete findings for each one.
c:\windows\system32\hidujuku.dll
c:\windows\system32\najowate.dll
c:\windows\system32\nasikunu.dll
c:\windows\system32\noturoya.dll

Judy

I know that some of these protection programs can be difficult to turn off. Maybe the simplest way is to go into Task Manager...Ctrl-Alt-Delete keys and when that opens highlight each one of the items noted below and then click the End Task button.
These include all the McAfee processes I see running in your HJT log and also Windows Defender and AdAware Service (which really does nothing anyway unless you have the paid version and doesn't need to be running at all) I would also advise using Windows Defender only for scanning as it can interfere with fixes done also.
Here are those you should End.
MsMpEng.exe
aawservice.exe
McSACore.exe
mcmscsvc.exe
mcnasvc.exe
mcproxy.exe
mcshield.exe
MPFSrv.exe
mcagent.exe
MSASCui.exe
mcuimgr.exe
mcvsshld.exe
Once you have done that then try running combofix as directed.
Judy

Thanks for the info Brian. Let me go through this log, as you can see it will take awhile, but I will get back with you asap on it.
Try running another HJT scan and post that too. Do you feel things improved any with the running of combofix?
You might also update MBA-M and run a new scan with that too. Allow it to fix anything it finds.
Post that log also.
Judy

I am very familiar with the link provided, this is the one we all use.
If you don't have an XP disk then no, you cannot install the recovery partition. But it may all ready be on the computer.
If you would prefer not to run the program then you can try to fix with some fixes via HJT but the log shows there is still infection there and this may only stop it from running at the present, not actually remove it.
I have not had experience with people losing use of their computer while running combofix under supervision but this is your choice so we will forgo running it and attempt to remove this infection using HJT and then doing manual search and removals.

Anyway,
Run HJT again and place check marks next to the following entries:
O4 - HKUS\S-1-5-19\..\Run: [lolafegaku] Rundll32.exe "C:\WINDOWS\system32\fupuvuyu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [lolafegaku] Rundll32.exe "C:\WINDOWS\system32\fupuvuyu.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [lolafegaku] Rundll32.exe "C:\WINDOWS\system32\fomihari.dll",s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [lolafegaku] Rundll32.exe "C:\WINDOWS\system32\fomihari.dll",s (User 'Default user')

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\zewuzano.dll
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - SSODL - (no file)
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe

Once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Reboot the computer.
Run a new HJT scan and save the log and post it back here.
There will then be some manual …

Yes - work pc. Not getting any help from work IT support. They suggest I re image.

Regarding the trusted sites - they are all intranet sites... work related...

Thanks,
Brian

I hesitate to offer suggestions which may violate your work rules. Is it possible that there are other computers infected on this work network?
Have you updated all the removal programs and then disconnected the internet cord and run all these without being connected to the network? If you can rule your computer totally clean then I would think there is a chance of another infected computer within the network spreading this to everyone else. Don't know this is the case but something to think about.
Here is one thing you have not tried, if it doesn't violate your work rules you could do the following:
Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

*Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.

Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a …

Ok then on Norton. Can I ask why you are not allowed to uninstall the etrust? Is this a work computer or something? What about those trusted sites I noted?
Judy

Brian, can you run a new HJT scan and post that here?
Judy

Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.

Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see …

Not meaning to "step on toes" here but caperjack has informed me you have a double post going here
http://www.daniweb.com/forums/post769217.html#post769217
and since I didn't realize this and don't know if you will go back to the other thread I wanted to post this in this one also.
You note in this thread right here that you have tried multiple anti-virus programs, including CA, AVG, and also Avira. I didn't have this information in my post to you in the other thread, but there also I noticed in your log posted there that you currently have CA running and also Norton.
You obviously are not uninstalling all of these anti-virus programs completely. You must UNINSTALL all of these except one of them. Running more than one at a time will certainly complicate your problems.
I am not certain what two HJT logs that Suspishio is comparing, the two I see here are pretty much the same.
I will repeat here some of what I posted in the other thread since we don't know which one the poster is checking on;

The first thing I notice in your HJT log is that you are running two anti-virus programs, eTrust and Norton. This is an absolute NO-NO. The RULE is ONE anti-virus program running on a computer. One of these must be totally Uninstalled Immediately.
The second thing...did you personally add all of these Trusted Sites? I have tried them all and none of them …

The first thing I notice in your HJT log is that you are running two anti-virus programs, eTrust and Norton. This is an absolute NO-NO. The RULE is ONE anti-virus program running on a computer. One of these must be totally Uninstalled Immediately.
The second thing...did you personally add all of these Trusted Sites? I have tried them all and none of them can be found. I you personally did not add these then they should be fixed using HiJackThis.
You are running an extraordinarily large number of programs at once.
There are a large a number of programs I have never seen before and ones I cannot find information about, except google searches which come up with malware forums noting the same programs. But since I cannot find information on the majority of them I am at a loss to tell you what to stop.

3. Ran the EST online scanner (will attach screenshot of results)

You need to have the ESET Scanner clean those items and then save the log and post that here. Two of those files found by ESET are .tmp files and should have been removed by AFT Cleaner
We definitely need a HJT log.
I would have preferred that you NOT have turned off System Restore. You generally would not be re-infected by something in System Restore AND if one of these programs should make changes you would need to undo...even if that meant re-introducing the infection...you will have no restore points.
Turn it back on please until directed to turn it off to set a new clean restore point.
Judy

Looks like MBA-M found and removed a lot.
Quick look through of the uninstall list shows me your Java is out of date. You need to go HERE and download the latest version. Choose the Offline Install and save it to the desktop.
Once the download is complete then go to Add/Remove and Uninstall ALL the older versions of Java you find there.
Once you have uninstalled all of those then go back to that install file residing on the desktop Double click to install the new version. When that is complete then go back to the download page and on the right side you will see Verify Now. Click that to go to the verification page to be assured that the install was successful.

Next we need to see a Full System Scan with HJT and save the log. Post that log back here before we can go further.
Judy

We would need to see some logs in order to have an idea of what may be going on with the computer.
First do the steps listed HERE but ignore step concerning Deckard Scanner and substitute instead HiJackThis.
Download HiJackThis
Do a full system scan with it and save the log.
Post back here with logs from Malwarebytes' Anti-Malware (MBA-M) and HiJackthis and then we can see what you may be dealing with, be sure to have MBA-M remove whatever it finds and then reboot the computer and run the HiJackThis scan.
Judy

Can you open and leave opened..the RUN window? (START>>RUN)
Do you get any message when it won't open?
Do you have Administrator privileges on the machine?

You don't need the Repair Console if you have the install disk.
See HERE.
Cohen, you never said how do you actually KNOW that you have a virus? The symptoms you show "can" be a virus but don't necessarily have to be caused by that either. Something you recently installed which is legitimate could cause these symptoms also. You are file sharing....this can be a big cause of the problem.
Have you done this step and then updated and run MBA-M again?

* Click on Start, click Run, and then type devmgmt.msc and click OK
* On the View menu click on Show hidden devices
* Browse to Non-Plug and Play Drivers and you should see something like TDSSserv.sys
* Highlight that driver and right click on it and select DISABLE
* Now RESTART your computer.
* Download a copy of Malwarebytes but DO NOT run it yet.
* Rename the downloaded installer file to any generic name such as your own name but keep the .EXE extension on the file and run it.
* Once the program is installed go to the UPDATE tab and try to update the program if you can.
* Then go to the SCANNER tab and run a Full System and allow MBAM to fix anything found.

You shouldn't have run combofix without first posting the MBA-M logs showing items fixed and then the HiJackThis log run after a reboot.
Also combofix was run from c:\documents and settings\ and it should have been run from the desktop.

The administration tools shows an empty message as well as games :/.. Help!

The games were obviously infected as they were removed by combofix.

I need to see the ORIGINAL MBA-M log and also the ORIGINAL HJT log.

Also now update MBA-M and run a new Full System Scan with it, have it REMOVE anything found and save the log. Reboot and run HJT and save the log.
Post back here with both logs.

Turn off that uTorrent for the duration. Also turn off IndieVolume
Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log
J

I need to see that MBA-M log where the fixing was done.

You didn't allow MBA-M to fix anything. You need to run the program again, once it finishes scanning then be sure everything is checked and click Remove Selected.
Reboot and then see if you can download HiJackThis.
Judy

Good. Then the next thing you need to do is update your java program it is way out of date and out of date java can pose a security risk. To do this go HERE and download the Offline Install file and save it to your desktop. Once it is downloaded then go to Add/Remove and Uninstall ALL versions of Java that you find there.
While you are in Add/Remove also Uninstall the Viewpoint Media Player or Viewpoint Manger Control Panel, actually anything named Viewpoint. This is considered foistware because it is installed without your knowledge when installing something else.
Once that is complete then close that out and go to the desktop and double click that install file to install the newest version. When that is installed go back to that download page and on the right side of that page you will see Verify Now. Click that to go to the verification page to assure that your install was successful.
After doing that run HJT again and put a check mark next to the following entries if they still remain:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] F:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

O15 - Trusted Zone: *.amaena.com

O20 - AppInit_DLLs: vaxagi.dll

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - F:\Program Files\Viewpoint\Common\ViewpointService.exe
After you …

Go to Start, Search Files and Folders. Type in vaxagi.dll.
Be sure to use Advanced Options Search System Files, Search Hidden Files and Folders, Search Sub Folders.
Have it search your Hard Drive which appears to be "F" drive. If you have more than one hard drive then do the search on all of them.
If the search comes back empty then that is fine. If the file IS found then type the full path of the file into the upload window at the jotti website and allow it to be uploaded for scanning.
Either way, come back with a "not found" or the results from jotti.
I don't want to go forward with anythng until we know IF this file still exists on the computer and if it does exist then we need to know if it is part of the infection and we can go from there.
Judy

Not so fast, ok.
You need to do this
Please locate the following file and upload it to Jotti's for a scan.

vaxagi.dll

http://virusscan.jotti.org/

Once the file is scanned you will receive information from the various scanners there on whether this is an infection or not. Post back here with that info.

Also, did you add this site to your Trusted Zone? .amaena.com

What registry fix program did you run? I don't normally recommend these or even "playing" playing in the registry. I do hope you did a backup of the registry BEFORE you used this program. Also what were the "bunch of different anti virus programs" that you ran?
Judy

Ok, be sure to have it Remove whatever is found and then reboot and run a new HJT scan and post both logs. I'll be waiting.
Judy

For further information concerning this thread please see this thread
http://www.daniweb.com/forums/thread163743.html

Don't know if this will work or not, but try it:
Please try the following routine given in the MBA-M forum to see if you can get Malwarebytes to run.

* Click on Start, click Run, and then type devmgmt.msc and click OK
* On the View menu click on Show hidden devices
* Browse to Non-Plug and Play Drivers and you should see something like TDSSserv.sys
* Highlight that driver and right click on it and select DISABLE
* Now RESTART your computer.
* Download a copy of Malwarebytes but DO NOT run it yet.
* Rename the downloaded installer file to any generic name such as your own name but keep the .EXE extension on the file and run it.
* Once the program is installed go to the UPDATE tab and try to update the program if you can.
* Then go to the SCANNER tab and run a Full System scan

Be sure that everything is checked, and click Remove Selected.
When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Reboot the computer.
Run a new scan with HJT and post back here with both logs.

I had run malware and it found most of the files. However i know which files to get rid of yet i'm not quite sure how to safely delete them.

The way to safely delete them is by using the MBA-M program. If you mean by deleting them manually there is no sure way you will remove them all. MBA-M DOES remove them and safely. If you be sure to place a check mark next to all items found and then choose Remove Selected and Then Reboot the system.

Will playing W.O.W cause any complications?

YES. Doing anything else before the system is completely clean will cause complications. This means no games, no updating of software unless it is needed for removal, no downloading new programs unless they are needed for removal. Adding or changing anything on the machine while cleaning or before it is completely clean WILL cause complications.
Judy

Can you completely delete that HijackThis v1.99.1 and then run a new scan with that newest version which is version 2.0.2 and post back with that log.
Judy

Cohe,
As of 6:30 P.M. EST Dec. 21,, 2008 in the U.S. the latest database verion is 1528. I am sure it will update again soon but the database you keep posting this evening is not the one shown on their latest updates at the moment. This poster DOES need to do updates but be sure to give correct database number or they will think they have a problem with the program.
Judy

Did you reboot after running MBA-M?

We need to see the MBA-M log too please. Thanks
Judy

Looks good to me. If Cohen agrees then the only thing left to do is set a new and clean System Restore point, which can be done by following the steps given HERE for XP. But let Cohen weigh in first, he may have other ideas.
Judy