Posts by gerbil

maverick, i really would like to know if you proceeded with that method, and how you got on....

.

Prevx have an online automatic HT log scan, there is another .. um.. dunno, google for it... but they are not perfect, in fact they may mislead you.

Dave, it would appear that you have two active virus scans. One is enough. Two is bad. Check any AV provider's website to confirm that... Since you are paying for Norton? you may wish to uninstall AVG free. I make no inference as to which is the better scan in that advice.
Next, do not run Hijack this from a temp folder!! Create a new folder, i suggest next to your program files, and run it from there. And post a fresh log.

One thing first, Tiric, i have just been prompted by another poster [PhilliePhan..] that HT can miss files for Avast when it checks for NT Services, so do not include those two Avast O23 lines for fixing until you decide what you are doing with your AV scanners...

hi tiric, a couple of things.... first off, do you have two active virus scans running? avast and McAfee? [i'm not talking about an online scan service]. One is enough. Two is more than enough, it is bad - they interfere. Choose one, ditch the other.
Hijackthis. Download [or unzip if u still have the zip file] a fresh copy to a new folder next to your program files eg C:\HT\.... and run it again from there. But in an attempt to clean things up, at first do a Scan Only, and set to fix:-

== every O18 entry shown in the log you have posted, plus these...
==O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
==O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
==O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Then fix them. And then run again with Scan and Save log file.
Next get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it from the install checkboxes to only open from the recycle bin. It's neater that way. Now run Ccleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the run Ccleaner option...].
Next try an online scan …

A good scan for finding trojans [adwar/spyware infections generally] is panda's online scan here:
http://www.pandasoftware.com/products/activescan?
It will fix the really bad ones for free, but just point to the others. But at least you know what to target. To avoid clutter in the findings it is wise to run a cleaner first. for eg, this is a generally convenient, configurable cleaner:- CCleaner from http://www.ccleaner.com/ - put it in a new folder. You should aim to keep this one for general use. I set it from the install checkboxes to only open from the recycle bin. It's just neater that way.

Btw, if you wish to view the contents of the clipboard, just copy something, anything, and then go Start > run, type clipbrd and <enter>. Presto. But it's a fairly useless exercise.....

nope, ur not annoying at all. it is not easy to gauge people's familiarity with windows... some get upset if i provide too much detail in steps....
Clipboard is that generally invisible cache u use all the time... u know, for copy and paste. So just highlight those two lines in my post above [the full paths] , rclick in them and go copy. They are then in the clipboard. And then follow the instructions again. [Don't try a paste operation]
You do not need to find the files in your computer cos killbox will do that. I guess i could have been more clear if i had written "Highlight these two lines and copy them ....". But they are the paths of files.. so i called em files. Sorry for the confusion. Go to it...

it's clean enough. you've killed your trojan. If you wish you could fix these 3 entries. They all point to nowhere.
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
[the last one is a dead trace of your trojan]. Cheers.

glad it worked for you. You have various none-english language apps on board, so i assume that you use tencent\qq anyway for messaging. Cheers.

just a note. before you scan with AVG AS 7.5 make sure that under Scanner, Settings you set recommended action to Quarantine. Do a full sys scan, and Apply recommended action.

Bear with me, this is tedious, but we should get there.. [hijackthis log shows clean, but panda says otherwise...]
Uninstall AVG antispyware 7.5.
Get Spybot S&D:- http://www.safer-networking.org/en/mirrors/index.html - from one of these mirrors. Update it.
Get Adaware SE Personal from http://www.lavasoft.de/software/adaware/ - install it. Update it. Leave it in its default settings state for the moment. Put an icon on your desktop for regular use.
And finally CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it from the install checkboxes to only open from the recycle bin. It's neater that way.

Download killbox from here:- http://www.downloads.subratam.org/KillBox.zip unzip it onto your desktop.
Dclick killbox to start it. Select "Delete on reboot", click the "all files" button.
Highlight these two files and copy them into clipboard [press Ctrl+C] [ or rclick, copy...]:-

c:\windows\xpupdate.exe
C:\WINDOWS\system32\dmxsg.exe

In killbox, go File menu, choose Paste from clipboard. Click the red and white button, click Yes on the reboot prompt, click OK if a pendingfilerenameoperation box opens. [do not be concerned if it says it cannot find a file...]

On restart, download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 -click the file to run it, go Select all, and then Empty Selected.
Now click Firefox at the top, Select All again, and Empty Selected again. Close ATF.

Boot into Safe …

urk! okay, download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 -click the file to run it, go Select all, and then Empty Selected, and finally close ATF.
Next try an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-the link to the scan is just above the padlock pic.... free online virus scan.. enter a valid? email and follow through to the scan, and scan your system. Post the log it produces here, along with that hijackthis log. I really am not sure why AVG failed.

You should also try this scan:- http://www.kaspersky.com/virusscanner
-you must install an ActiveX component from Kaspersky, so click Yes. Definitions will download, then when the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it. Click My Computer to start the scan. When the scan is finished, click the "Save as Text" button, and save the file to your desktop. Post it here also.

Hey!! you're sposed to be on this side of the fence!!
Anyway, ur prob getting cmd showing a:\> cos your sys just is not seeing the boot drive, which is normally c. Can you get to recovery console with that emachines disc? Get it to do a chkdsk /p first off. if it finds a prob do a chkdsk /r to repair, n then a /p to check it, an then...
ntldr is about the first thing read of your boot disc [from the boot sector]... it then reads the boot.ini file to see where your OS lies. So your c drive could be in trouble, or just the boot sector...
"Im posting this in the mod section because i think this is where the smartest of each forum gather."--- sorry, i jump about. heh heh...

k. a few ppl fool with that one when they play about with linux. they can put it back in if they need it.

you've probably rushed off and done that reformat, but a far quicker, less disruptive task to play with first is a simple rebuiding of some system files if any are broken, using M$'s system file checker...
Grab your xp cd, and go Start > run, type:- sfc /scannow
Be prepared to hit the enter key some 100 times, but let it run to the end. And see what happens. [see that space after sfc?]
Your log had nothing bad, just a few loose ends...

hi,
for a start may i ask what you are doing with this IP address? 172.30.1.100? It's a bit special, and i have included it to be fixed, but you may have other needs...
You have lotus and M$ Office both starting up at boot? is that ok?
Nothing special to be done, just start hijackthis again, press Do a System scan only, and then check the items in the following list to be fixed. Run the fix.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://172.30.1.100:8080

O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.92 85.255.112.10
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.92 85.255.112.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.92 85.255.112.10

Update AVG antispyware and do a full scan.
Update Java!!! Go control panel, java, update, update now. When it installs, restart, and then go to add/remove pgms and remove the old version.
Post the new hijackthis log.

Any decent virus/trojan will protect itself by disabling scanners and blocking downloads from certain sites. Not a lot i can tell from the avg log, cept that it broke...
Go here, get hijackthis....
http://216.180.233.162/~merijn/files/HijackThis.exe
Save it into its own, new folder [beside program files is good, NOT in a temp folder or on the desktop]. Start it by dclicking the .exe file, and then CLOSE ALL OTHER APPLICATIONS AND WINDOWS. Press Scan and save a logfile. A notepad with the file will open. Post it here. Someone will be around to check it..
[course, it may not be the fault of a bug, but it is easy to get that aspect out of the way. generally speaking.]

what are you asking? i see that you ran 1.... did you run 2. as well? Smitfraud files are in the log. You could take the time to post a hijackthis log after you do that..[please, with EVERYTHING else closed...]

You must be in an Administrator-privileged account to run this procedure...
To begin with I want you to download these softwares [and update where applicable]; they are all free...
===I would like you to download CCleaner from http://www.ccleaner.com/ and put it in a new folder. You should aim to keep this one for general use. I set it from the install checkboxes to only open from the recycle bin. It's just a neater thing.
===Get Adaware SE Personal from http://www.lavasoft.de/software/adaware/
- install it. Update it. Explore what settings you can change in it [via the cogwheel icon up top, if you are comfortable with that... you won't hurt anything, but it runs well with the default settings]. Put an icon on your desktop for regular use.
===GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5 -the link is almost at the bottom of the page , avgas 7.5.0.50. Install it and update it.
Did you really ask for/install TenCent? If not, go to add/remove pgms in control panel and uninstall it. I suggest that you do...

Open HijackThis and select box None of the above, just start the program. Next go Config > Misc Tools > Open process manager. From the list, check C:\nwnmff_15.exe if present, and Kill Process. Close HijackThis.
Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 -click the file to run it, go Select all, and then Empty Selected, and finally close ATF.
Download …

windows will have a driver copy stored in your pc. Try refreshing the USB driver stack....
So first - unplug all USB devices, and uninstall their software.
Reboot into Safe mode, navigate to Device manager. In view tab check show hidden devices. Delete/uninstall ALL USB drivers and devices: firstly printer, scanner, mouse etc, then root hubs, then controllers.. until there are no USB items of any sort left. Turn off and restart in normal mode. Windows should detect the controller and try to install new drivers. Go from there.

You have some old junk, but unfortunately you also have a password stealing trojan. We shall remove it. But first may i suggest that you use another clean? computer to change your banking passwords? And i shall get back to you on the fix pretty smartly.

.. you should be pleased..?? MyWebSearch... k, some folks may like it... but really it is just OneCare doing its job for you - i assume you have that pgm? To fix the issue go to add/remove pgms via control panel and remove any pgms related to this..My Web, My Way, Search Assistant. Track them down in your program files folder and delete them there also.

i do not use OneCare, but surely it supercedes Defender? .. M$ say that defender is "integrated" with onecare - did they really mean its supplied with it and just its status ismonitored? If not then you do not need two realtime scanners for spyware - it just bogs down your system. i find it surreal tho that M$ can sell software to block holes in its other products. Sweet. On to your problem.
You appear to have some sort of issue with bytemobile configurator.... do you use bytemobile to speed up a mobile phone web connection? Have you udated/upgraded it to the latest version? I see that bmnet.dll is missing, and that being an LSP can interfere with your net access. Google some information on it if you have a problem there. You may need to run LSP-Fix. If you no longer use the pgm then uninstall it and also check the last two items on the fix list.

Reboot your computer into Safe Mode - [ Press F8 several times while POST runs and before it finishes detecting your IDE drives...] and log in as an administrator. You now have a black screen with your icons etc...
Rightclick on Start, lclick explore, go tools > folder options > view, and select Show hidden files and folders, Apply.
Start Hijackthis as before and do a scan, then check these first two items for fixing-

O4 - HKCU\..\Run: [mschkdsk.exe] C:\WINDOWS\system32\mschkdsk.exe
O9 - Extra button: …

sodding opera. i wasted my time by posting on a non-updated tab! curses self.

There is also hello.exe.exe..?? -which application does this belong to?
.

...and right there my brain fell apart... :(. For some reason some time after i posted i glanced at the log again and the hello.exe.exe stuck out again. I clean forgot i had seen ht renamed to that, and edited that line in. sigh.... i put it down to christmas excesses.

Go here, get hijackthis....
http://216.180.233.162/~merijn/files/HijackThis.exe
Save it into its own, new folder [beside program files is good, NOT in a temp folder or on the desktop]. Start it by dclicking the .exe file, and then CLOSE ALL OTHER APPLICATIONS AND WINDOWS. Press Scan and save a logfile. A notepad with the file will open. Post it here.

You're pretty much jammed up against a wall. It's going to be the power supply, video card or the motherboard. Got a multimeter? There is surely a spare power plug flapping about in there.... if not u can unplug one from the floppy drive. It will have yellow, red and black wires, and from it you should measure +12[yellow], +5[red] to the black[ground]. Got those? Then at the power connector(s) to the mb [leave it plugged in] look for +3.3[orange], +5, -5[white], +12, -12[blue]. A couple of other wires [green, purple, grey etc are sensing lines..ignore them] Voltages should be within a few percent. eg 3.1 to 3.4 for the 3.3.... Got all those? Then your mb or the video card is likely fried. You may be in need of a tech now.

WHOOPS!! One final thing:- before you get back on the net, and only if your puter is working properly, turn off system restore for all drives. And then turn it right back ON again. That will clear all old restore points so any trojan remnants will be removed [if they were in there].
----Select Start , Control Panel > System. Then click the System Restore tab, and check the Turn off System Restore check box. Apply. OK.
Now go back and uncheck it!! And make a new restore point.

stranoblaze, i may not be that chap! However you have a nasty trojan/hijacker in there, and don't feel too bad about it cos quite a few guard softwares will let it in. One thing though, and i am not certain about this, but are updates for Ewido anti-malware still available, because it has been superceded by AVG anti-spyware 7.5? You should update... it's still free. Go to the ewido site, or AVG and follow the links.http://www.ewido.net/en/download/ :download button is on this page. Update the definitions!!!

On to your pest.... I think we have only manual methods to remove it. If you are uncertain about this, but follow my instructions exactly, you will not break anything.Here goes.
To begin with I want you to download these softwares [and update where applicable]; they are all free...
I would like you to download CCleaner from http://www.ccleaner.com/ and put it in a new folder. You should aim to keep this one for general use. I set it from the install checkboxes to only open from the recycle bin. It's just a neater thing.

Get Adaware SE Personal from http://www.lavasoft.de/software/adaware/
- install it. Update it. Explore what settings you can change in it [via the cogwheel icon up top, if you are comfortable with that... you won't hurt anything, but it runs well with the default settings]. Put an icon on your desktop for regular use.

Your problem is due to 3 files: we have to …

i've only read the last bits of this conversation, so i am not really up to speed. I do notice however that you have created a double extension for hijackthis, which in itself is no problem, but you may have a default setting which caused you to miss it. Go to any folder window > tools > folder options > view, and uncheck hide known file extensions. [This .exe.exe is poss what your antivirus is picking up...]
There is also hello.exe.exe..?? -which application does this belong to?
You mention AOL antivirus.... they used to offer McAffee, but now it is Kaspersky av scanning. You say you run aol's av, but i also see an Avira product. It is not wise to run two av shields/live scanners at the same time because of the way they mesh so intimately with various processes - they can interfere disastrously.
You are running PC Doctor as a startup pgm. That is not necessary - it can be on an as-needs basis. Many other entries you have as startup pgms could be removed... updaters and the like, but they are not the source of your current problem..

While you're up doing all that horseriding and eating ham don't let this stuff weigh you down too much.... but to clarify a bit more:-
"If your HD, CD and DVD are all IDE/ATA you should have the HD alone on its 80-wire cable and plugged to the Primary connector" [on the motherboard] - I must add that the HD should be on the END of the cable, and set as master.
"The optical drive [it's up to you which one] on the inner cable connector should be set to master, and the outer drive set to slave via the rear jumper." - well, I think I would set the burner as master... and don't fuss too much over whether the master optical drive goes on the end or the middle of this cable. These are slower creatures compared to a hard drive and it does not seem critical, for all the discussion on the subject that is on the net.
I hope it is safe to say merry christmas..

It will not be your screen. Help me more here - is it only text-based images that are affected.... are you sure that the text in the start button is pixelated? For Daniweb logo - the text in the logo image is pixellated but not the sofa in the pic? And the Google logo text also? What about the knitting kangaroos?

hey, Oded, i'm glad you got the context menu problem sorted also [I'm just going through catching up on things..]. The Identify button? - you would not see that unless you had a video card capable of handling multiple displays, so nothing missed there [all Identify does is show you which screen driver/channel number you're watching..]. And i guess Acronis just were not IE7 ready.

chkdsk in recovery console only has /p and /r as parameters.... it's not as comprehensive as when run from command window. And those commands with the ~ in them - type them exactly... the ~ is not a general character replacement thingy, and if you break the cd command into two parts you'll justly get access denied. This is the system volume information folder you're looking into, and M$ only lets you do that on their terms.
Of course, from a command prompt you could always type %systemroot%\system32\restore\rstrui.exe
But no data to save? If there is, try a repair install. None? format and run your recovery disk.

There is another method also which should not harm your data, but will break any recently installed applications[you have to reinstall them] cos it takes you all the way back to the registry created and saved by default when you installed windows originally.
http://support.microsoft.com/kb/307545
I've never tried it.

hello, kingy
i hope you are way since sorted.... i'm sorry for the delay. Anyway, i assume you extracted and burnt the .iso image and so got yourself a bootable CD with recovery console? And that it works.... ie boots your machine eventually into the console?
[you use NERO 6 or another pgm which can burn an IMAGE - don't do a data CD or all you will get is an iso file on a cd, which will be the same as the iso file you extracted and which is NOT bootable. Burn the iso image..]
Right.. you're in the console. I don't understand what you meant by "i've tried copying the new files but they are not there"?
And the bit about restore point and the ~ .... is what is on this page as section 2 the sort of thing you are talking about? http://www.help2go.com/Tutorials/Windows/C:%5Cwindows%5Csystem32%5Cconfig%5Csystem_missing_or_corrupt.html
Well, that ~ should work ok if you type those commands as shown.
Note:.. using chkdsk is NOT as they say on that webpage. chkdsk /p only performs a simple check of the drive. If there are any errors reported you must then do chkdsk /r to attempt to recover them, and follow with chkdsk /p to see if it is fixed. If not, try /r again, and so on.
{{{ chkdsk with /p as parameter will not fix a thing. Promise you. Some websites say it does.... well, if /p runs and reports …

ok, i'm going to assume straight off that you have not done anything like installing new hardware or drivers such as they suggest in the message. As a first step, and because it happens infrequently, please make sure that the fan cooling your CPU is functioning correctly [either a surface mounted type or a ducted unit] and that the fins are not clogged because overheating can cause this type of interrupt-related problem. Roost those spiders outta there.
Secondly, if this only occurs when you are connected to the internet I would suspect the NIC [network interface card] card if you have one [do you?] and/or its driver. Uninstall and reinstall, or update, the driver... Also with the machine powered down unplug and replug the NIC card.
Some sites will mention IRQL "conflicts" but these are not relevant to XP, and you cannot change them anyway. XP handles IRQs quite capably. Normally.

hello, bp.... nope, wasn eaten .... :)
Lessee now... two optical drives, huh? Gee, the luxury. So now i shall do a bit of guessing about your setup...
If your 3 drives [HD, CD and DVD] are all SATA then this note is irrelevant.
If your HD and one optical drive are SATA, and the other drive is IDE/ATA then this last should be connected via the inner IDE cable connector and the jumper set to Master. The cable would be plugged to the Primary connector on the motherboard as a rule.
If your HD is SATA, and both your CD and DVD drives are IDE/ATA but connected via separate IDE cables to the Primary and Secondary connectors, then this note is irrelevant, except to say that they should both on their respective inner cable connector and both selected by the rear jumper to Master.
If your HD, CD and DVD are all IDE/ATA you should have the HD alone on its 80-wire cable and plugged to the Primary connector, and both optical drives plugged to the Secondary connector. The optical drive [it's up to you which one] on the inner cable connector should be set to master, and the outer drive set to slave via the rear jumper.
-to avoid interference it is not a good idea to connect a HD and optical drive via the same IDE cable.

Of course, if you have a Cable Select compatible BIOS then you could …

wolffie, thank you very much for that reponse. I am sorry that we did not manage to get SP2 into the machine as we were trying, but no matter if the clean install worked. I am pleased that you could recover the data, and I thank you for the praise and feedback.
Cheers....

I just KNEW i would learn stuff by hanging around in here... so i googled AGP aperture size. I think i will go to some effort to forget about it now.
Tweak-3D helped me come to that conclusion.

go here, to www.webtree.ca and get this xp bootable cd image which includes recovery console. it runs from the cd which you will burn from the iso file..
http://www.webtree.ca/windowsxp/Tools/bootdiscs/xp_rec_con.zip
One other thing, to enable yourself to capture the error messages go into BIOS and disable the auto-restart on error thing.
http://www.webtree.ca/windowsxp/index.htm ... toward the bottom of this page is a description of the use of the console.
By the way, that error message is telling you that your registry has been duffed...

Sysinternals say that the SAC* and SAI* responses are normal.
Do you have Daemon tools on board? alcohol 120%? cos i notice an sptd entry....? It's okay.
The first entry.... try deleting your MRU list and see what happens with a fresh scan. Use CCleaner to do that.
Fifth entry- i think your sys played online while scan ran. To doublecheck that, disconnect from net and repeat scan.
The second entry? I cannot see it all.. Repeat the scan and google the entry to see what reult it picks up - try the sysinternals.. ok microsoft site for more info on that one. But i think it is part of an Explorer log, and i suspect that you did something while the scan ran, which was duly recorded and so put up a discrepancy.
So check/do what i have mentioned, and re-run the scan. But believe them when they say do NOT use the puter while scan runs - that way you avoid false positives. Feel free to repost another log.

er... that would be a buddhist date... such as from thailand, laos.... but still a bit of a westernised corruption for simplicity, less confusion, cos their new year day would be our april 13. i think. And that was only half a log; a lot of important entries are missing. You should post the whole log from a fresh scan.

may i butt in for one wee question... are you using some sort of web accelerator, such as google's?

Waht do you mean exactly by this "and sorrily a random systemroot command in c:." ?
As a first step go start > run > bootcfg /rebuild
If that works run chkdsk with switches /F /R

be nice if you put up the error codes instead of that sentence.

Let me start by saying Cor! You have some interesting stuff; you don't have antivirus, and i don't see a firewall [unless you are using windows version..], and your java is out of date, and so you probably deserve what you have - running Opera won't save you from all the nasties. But don't panic cos we can fix it all. I just have to work up a method... Meanwhile copy HijackThis out of the tempory cache from where you ran it, put it inside its own new folder alongside your programs folder and please rerun it from there next time i ask. The main reason is that HT makes backups and places them in the folder it is run from - you empty your temp cache and they are GONE. Another reason is that you can save you scans and use old ones as a template for checking a fresh scan...
Next get these things:-
I would like you to download CCleaner from http://www.ccleaner.com/ and put it in a new folder. You should aim to keep this one for general use. I set it from the install checkboxes to only open from the recycle bin. It's just a neater thing.
Get Adaware SE Personal from http://www.lavasoft.de/software/adaware/ Install it. Update it. Put an icon on your desktop for regular use.
Next go here to get Spybot S&D :- http://www.safer-networking.org/en/download/ Update it.
Get AVG Free (Anti-Virus) from :-

you don't HAVE any BHO's.... but you do have a pesty toolbar which hijackthis will easily remove. Plus you have removed java and there still are a couple of items referencing this. And a couple of timewasters are in there also.... it's up to you what you do with these. So-

BAD::  
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll

JAVA GONE::  
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
                     O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

WASTERS::  
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Run HT again and set the first 3 to be fixed; I personally would fix the last two also - they only check for updates every time you startup; you can still do that manually whenever you wish/feel the need. They just hog resources, not much, to be true, but....

To fix an entry, run HT, check the box alongside the entry and select Fix checked..

.. to quote"Hi Gerbil,
I followed your suggestion in the edited version of your reply and found three instances of the file desktop.htt. The search highlighted them in blue and when I tried to delete them, the system froze! I had to go to Windows Task Manager, delete and reinstate Desktop.exe." which is from post #9.
-which is the bit i am wondering about..... So, was it really desktop.exe? Ill assume you meant explorer.exe [desktop.exe is from a nasty trojan...]. But i think i cannot carry through on this problem - someone with more knowledge on shells and contextmenuhandlers etc [if that is the problem] had better pick it up for me.