Posts by jholland1964

We need to see that Malwarebytes' log also. Go into the program and click on the Logs tab.
Copy that and post it here.
Also, why is this computer so out of date? It should, at the very least be updated to XP SP2

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Reboot the computer and run HJT again. Post both logs here.

What you are noting can be indicative of a LOP infection.
Notice some files are in Spanish, others are not. Any reason?
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Also do the following;
The first thing you should do is print out this guide as we will close all the open windows and programs, including your web browser, before starting the ComboFix program.

Next you should download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.

At this point you should do the following:

* Close all open Windows including this one.

Yeah, they take awhile. It does save the log automatically. If you cannot find it open the program and click the Logs tag, they all should be there and they are dated and the time is listed also if you ran more than one on any particular day.
Be sure to have it fix everything found.

You have at least two bad entries in the HJT log;
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Suzie\Application Data\WinTouch\WinTouch.exe
Insider is a variant of the Trojan.Win32.Agent.bnd Trojan.
WinTouch is identified as a variant of the Win32/Matcash.BU malware.

Once the Malwarebytes program is complete then you need to look for both programs, if they remain after the Malwarebytes scan and see if you can Uninstall them. Look first in Add/Remove. If you don't see them there then look in C:\Program Files\ for the Insider program and C:\Documents and Settings\Suzie\Application Data\ folder for the WinTouch program.

See if you can do the following;
download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

If you cannot do that in normal mode then see if you can do it with Safe Mode with Networking. If that is not possible then if you have another computer you can use try the download on it, but it to a disk or flash drive and bring it back to the infected computer and install and run it.
If you are able to run it then post back here with the log.
Judy

Hi, welcome to daniweb.
First thing I see is that you are running at least two antivirus programs and a huge number of security programs. You must UNINSTALL AVG 7.5 completely. For one thing it is out of date, but the KEY thing here is absolutely only ONE antivirus program should be running on a computer. Running more than one will actually lessen your protection.
Another thing you can do is turn off Spyware Doctor and frankly I would recommend uninstalling AdAware. This newest version just isn't as good as previous versions plus it does install and enable it's service which runs all the time in the background and really can interfere with fixes done.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > …

That of course is certainly your choice and if you feel comfortable doing that then that is fine. If you do have another available computer you could download at least Malwarebytes'-Anti-Malware to a disk or a flashdrive and then put it on the infected computer and scan that way.
If you do the factory reinstall be certain you have all the required disks and be certain you reinstall all needed drivers also.

You first need to go to Add/Remove and uninstall PC Check-up. If you cannot find it there then go to C:\Program Files\PC Check-up\ and uninstall it from there.

Then run HiJackThis again and place checkmarks next to the following entries if they still exist;

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [PC-Checkup] "C:\Program Files\PC Check-up\PCCheckUp.exe" -mini
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

Once you have those checkmarks placed then click the Fix Checked button. Exit HJT.
Reboot the computer and run one more HJT scan and post the log here.

If you are sure all is fine that great. If you would like me to check the logs again to be sure I will be very happy to do so.
Judy

See if you can download via Safe Mode with networking.

Happy I could help. If you find things are still not working exactly as you would like please post back here and let us know.
Judy

Looks pretty good. Have the re-directs stopped? You can go to "C" and see if you can empty that quarantine file.
Otherwise it looks pretty good. Let me know if things are working ok now.
Judy

Hi and welcome to daniweb,
Why did you run it in the first place? Running HiJackThis is a last step you take after cleaning the computer of viruses and malware. It is not really a cleaner program.
If you are having problems we recommend that you begin with the steps HERE
Post back with requested logs and be sure and tell us what problems you are having.
Judy

You do have some questionable entries in your log. I recommend that you begin by following the steps given HERE
Be sure to allow Malwarebytes' Anti-Malware to fix whatever it finds.
Once you have completed those steps then post back here with the MABM log, ESET scanner log and a new HJT log.

You should scan that USB device to be certain there are no infections on that.
Frankly I would have advised using the programs recommended by several forums, including here to remove this antivirus xp 08.
I would still recommend that you download, install and update Malwarebytes'Anti-Malware. Then do a scan with it of your computer and have it remove everything found. It will also clean registry entries and right now is the normally recommended tool to attack and remove this virus.
Run that, let if fix and then post back here with that log.

Reboot your computer. Your log shows Spybot needs to run at Start up in order to remove infections.
Then go back up HERE and download, install, update and run Malwarebytes' Anti-Malware program. Please allow it to fix everything found.
REBOOT the computer again and run a NEW HJT scan and post both the Malwarebytes log and the new HJT log

Hi welcome to daniweb,
I would suggest that you go HERE and follow all the steps given by PhilliePhan, with the exception of running the Deckard Scanner. Once you get to that portion just run a new HJT scan.
With the Malwarebytes' Anti-Malware program be sure to follow his exact instructions for updating and running the program, especially the instruction which says;
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
Once you have done all that then run the new HJT scan and post back here with that log and the others that he notes, especially the Malwarebytes' Anti-Malware log.
Also just a couple words, your HJT log shows 7 instances of the Google Chrome Browser running and one instance of Internet Explorer running when you did the HJT scan. Please be certain that you Close All browsers when doing the steps in PP's link unless it specifically states the browser should be open. In that case just use Internet Explorer. I realize you are not having this redirect problem with the Google Chrome browser but some of these programs will only work with Internet Explorer and plus since Google Chrome is really still is a Beta (test) version this is probably the reason the redirects are not affecting it. If there is no other way, say to download these programs then go ahead and use it …

Go to THIS STICKY
Follow the steps given there, very simple and easy to do by the way. Once you have completed the steps given by PhilliePhan, with the exception of the Deckard Scanner which isn't available at this time, then download HiJackThis

Run a full system scan, save the log. Then post back here with the requested logs (ESET Scanner and Malwarebytes' Anti-Malware) from PP's sticky and with the HJT log. We will be able to decide if more steps are required. Be sure to have that Malwarebytes' Anti-Malware fix everything found when you come to that step.
Judy

Hi, sorry I didn't get back sooner. They were doing some power work here this morning when I was working on your thread and had to shut down the computer. Then when I got back on I forgot which thread I was working on! Blame it on "old timers disease":D
To speed the computer a bit more you do have some programs auto starting, and therefore running all the time and using resources which really aren't necessary. All of these programs can very easily be run manually when needed.
If you want to stop these then run HiJackThis again and put checkmarks next to the following;
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exeO4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Once you have the checkmarks placed then click the Fix Checked button.

Ok, here are more steps you can try.
All the information below can be found on this page;

How to optimize or reset Internet Explorer 7

Run Internet Explorer 7 in "No Add-Ons" mode
Internet Explorer 7 add-ons, such as ActiveX controls and browser toolbars, are used by some Web sites to provide an enhanced browsing experience. An error may occur if an add-on is damaged or if an add-on conflicts with Internet Explorer 7. To determine whether the error is caused by an add-on, run Internet Explorer 7 in "No Add-Ons" mode. To do this, follow these steps:
1. Click Start, and then type Internet Explorer in the Start Search box.
2. Click Internet Explorer (No Add-Ons). Internet Explorer 7 opens without add-ons, toolbars, or plug-ins.
3. Test Internet Explorer to verify that it works correctly

If no errors occur, the problem is caused by one of the add-ons that typically load together with Internet Explorer 7. To rectify this then you can do one of the following;
Option 1: Reset Internet Explorer 7
Reset Internet Explorer 7 to its default configuration. This step will also disable any add-ons, plug-ins, or toolbars that are installed. Although this solution is quick, it also means that, if you want to use any of those add-ons in the future, they must be reinstalled.

To determine whether a performance issue or an error message is caused by configuration settings, reset Internet …

Thanks for posting the logs. This can help others with the same problems so this is why we like to see the logs so we can see what infections were removed. Glad you had a satisfactory outcome.
Judy

Fantastic. Happy to have been of some help.
Judy

Looks good, is the computer running ok?
Judy

roguephoenix, did you read any of my last post? You still show TeaTimer running, this IS a known issue when trying to clean the computer because Teatimer interferes with anything (even a cleaner program) that is trying to modify the registry. and the recommendations are to turn it off. Many cleaner programs advise that all anti-spy and anti-virus programs be turned off when using that particular program and then turn them back on after that program has done it's job. This really isn't an unusual request. Many of these infections are configured so that they are NOT picked up by specific programs, especially those which are set up to remove them and "hiding behind" an anti-spy program is not unusual.
I also commented on Peerguardian 2. On numerous websites were complaints about it's blocking of various web sites that it previously did not block, it doesn't interfere with connection speed. This program uses preconfigured block lists but lists can also be configured manually. You need to check those lists.

I know Malwarebytes' did pick up something else and because of this my feeling is it is better to be safe than sorry and run one more program to be sure everything is gone.
Since you have narrowed down your time frame to Sunday night, let's try combofix
Please pay CLOSE attention to the instructions and FOLLOW THEM TO THE LETTER.

The first thing you should do is print out this guide as we will …

Log looks better, however I see that you DID NOT uninstall that Registry Booster, even with it's not so good reviews. This is your choice of course but let me pass along some information I learned several years ago from an advisor whom I trust immensely and his thoughts on most Registry programs;

... those orphans and duplicates are all harmless and will not be negatively impacting on the performance of your system. Were registry cleaning *really* able to improve performance, the developers of these utilities would support their marketing claims with some form of empirical evidence (performance prior to cleaning -vs- performance post cleaning). But have you ever seen such benchmarking? No, and that's because registry cleaning does *not* improve perforance. Think about it ... programs such as SpywareBlaster dump 1000's of entries into the registry without causing any performance hit. Similarly, the fact that registries tend to hold significantly more information than in years gone by (bigger hard disks = more programs installed/data stored = more registry entries) has not resulted in systems slowing to a crawl.

Using an automated cleaner to try to fix a problem is akin to using a shotgun to remove an appendix. The best way to deal with (possibly) registry-related issues is is to throughly research the problem and then use regedit to make any necessary changes and/or deletions (having first set a restore point or created a backup).

But the choice is yours. Just be careful, know what you are doing.

Looks like Malwarebytes found and removed some nasty items. Your HJT log looks pretty good though you have some unnecessary auto starts that can be run manually when needed, which in turns give you a lot of running processes consuming valuable resources.
First thing you need to do however is update your java, it is way out of date. Go HERE download the Offline Install file.
Once that is downloaded then close the browser and go to Start, Control Panel, Add/Remove and uninstall the old versions of java. Once those are uninstalled then go the the java install file on the desktop and double click to install the newest version. Then go back HERE and on the right side of the page you will see Verify Now. Click there and go to the verification page to verify that your update was installed correctly.

The run HJT again and place checkmarks next to the following entries;

O2 - BHO: (no name) - {F7E44351-A695-41C8-91F3-39B1A7753925} - C:\WINDOWS\system32\yayvVnNe.dll (file missing)
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 …

Hi welcome to daniweb,
We need to see the FULL HiJackThis log not just this lower part.
We have to have it all and it should look like this;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:10:04, on 9/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:

Including all the processes showing below the line above. Without all this information we know nothing about the computer, the browser or if unusual processes are running.
Please run a Full system scan again, we need a new one, and post the entire log from top to bottom.
Judy

Just noticed two things in your HJT logs which also can interfere with attempted fixes by various programs and the key one is you are using Spybot Search & Destroy TeaTimer. TeaTimer detects when something wants to change some critical registry keys, which the Malwarebytes' Anti-malware and SmitFraudFix programs will do but if TeaTimer might not allow this so then the fix won't happen sometimes even if it shows it did.
To turn off TeaTimer open Spybot. At the top Click on Mode and choose Advanced Mode.
Then on the bottom left you should see three choices; Settings, Tools, Info & License.
Click on Tools. When that opens on the left side Click on Resident (the little icon looks like a shield) When that opens you will see two items, Resident SD Helper and Resident TeaTimer. Take the checkmark OUT of TeaTimer. Close the program. Don't turn TeaTimer back on when all this is done either, leave it off.

The other thing running which CAN slow the computer and is this, Ad-Aware 2007 (even the free version) installs its self as a "service" called aawservice.exe. This service loads with Windows and is on the system all the time whether or not Ad-Aware is being used to scan the computer. It also accounts for a hugh amount of RAM being used when it is loaded.
Frankly this newer version of AdAware is no where near the program AdAwareSE was and this added "service" is one …

Could you post that Malwarebytes' Anti-Malware log for us so we can see exactly what was removed?
You will find it within the program if you click the Logs tab.

No problem. Will be watching for your next post.
The reason it isn't recommended to install something unless told to do so is that some programs, no matter how good, can interfere with fixes being done, they will stop registry changes for instance, which programs like mbam and combofix sometimes need to do in order to do repairs. This isn't just a caution to you but to anyone dealing with the removal of some sort of infection on the computer. When working with a helper on any forum like this one it is vital to do only what is asked. This didn't appear to cause a problem so "no harm/no foul" but it was a surprise for me to suddenly see this appear in your logs.

Don't want to interfere here but
roguephoenix are you rebooting the computer AFTER the mbam scans? If you note the scan log says

Delete on reboot.

meaning you must reboot the computer for mbam to complete it's work on deleting the offending files. You must do this BEFORE running any other program like SmitFraudFix. I don't think that didn't put anything back, I think what happened is you didn't complete the process required with mbam before running the next program.

Plus I see you have not updated Malwarebytes'Anti-Malware which you should do each and everytime you run the program. The current version of the program itself is 1.26 and you are running version 1.24 and the data base you are showing is 1026 and the version available when you ran your first scans was 1101 and today's update brings it up to 1104.

Hi, welcome to daniweb.

i couldn't do a system restore either.

You don't need to do a system restore. That file was IN your system restore. If you turned off system restore then that should have removed the file.

You need to update your java program your program is out of date. Current version is version 6 update 7

I would advise that you uninstall, via Add/Remove Uniblue RegistryBooster 2009. These programs are certainly not necessary to run all the time in the background. The registry isn't someplace one should play around in, as you can do serious damage to the computer. When checking out this one it really didn't get very good reviews and as one site said,

We appreciated the attempt to explain areas of the Registry to be scanned in plain English, but this wasn't continued into the results section, where brief and often confusing descriptions abound. The same disappointment was experienced with the scan itself, which was the slowest on test; ....It comes across as a work-in-progress rather than a commercial product

Uninstall it.
Next, download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

• DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
• Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan …

The other programs are really must haves today, at least I believe.
Good Surfing! Don't hesitate to come back if you ever need help, somebody is always here ready to jump in.
Judy

Hi, Welcome to daniweb.
I see you have also posted an identical thread in the Firefox Support Forum.
I believe those two messages are probably related to the infected files you have removed but they probably are still listed to start up when Windows starts.
I would advise that you do the following to begin;

Download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the system.
Next download HiJackThis
Run a Full System Scan with HiJackThis. Save the log.
Post back here with that MBA-M log and with the HJT log.

Run a

Looks like combofix found the remaining problems. Couple of more suggestions;
I note in your newest HJT logs that sometime, between the first and second run of HJT you installed Windows Defender. While this is a good program you should have told me you had installed it because suddenly an unknown file showed up in the log and I had no idea what it was, so be sure to keep people informed of exactly what you have on the computer.

Frankly, I would disable the AdAware2007 Service so that it doesn't run all the time in the background. Continue to use it for scanning and cleaning if you wish but take it out of the continually running programs.

The programs I use to keep my computer safe are Antivir antivirus, SpywareBlaster, Spybot S & D, my built in Windows Firewall...you can use that or any of those listed here
I use Malwarebytes for weekly scanning as well as Spybot. I scan weekly with my antivirus program. I use Firefox browser as my default browser and use it 95% of the time. I only use Internet Explorer when a website requires it for updates. That is it.

I also follow this advice to the letter:
Keep Security Patches up to date
Download programs only from Web sites you trust.
Beware the fine print: Read all security warnings, license agreements, privacy statements, and “opt-in” notices with any software you download.
Don’t …

Happy everything worked. Glad your computer is back up and running the way you want it to.
Judy

As a help to others who may be having the same problem can you post the log and show us what the problem was?

What are the various scans that you have run?
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

I will answer your questions before we have finished.

You need to download and run one more tool.
Download Combofix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete. You may get a warning asking whether you wish to run the program or not. Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
ComboFix will to run and when it has finished you will see the Disclaimer screen you should press the number 1 key and then press the enter key to continue. then ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, …

You should run HiJackThis again and place checkmarks next to these entries if they still remain;
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\IntCodec\iesplugin.dll (file missing)

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm045
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - AppInit_DLLs: ayqqbm.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O22 - SharedTaskScheduler: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - (no file)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Once you have placed the checkmarks then click the Fix Checked button.
Exit HiJackThis.
Reboot the computer.
You also need to update your java which is out of date. Go HERE and download the Offline Install and save it to the desktop.
Once you have done that close your browser and go to Start, Control Panel, Add/Remove and uninstall all old versions of Java.
When that is completed then go back to that Java Icon on the desktop, doubleclick to install. Once the install is complete then go back to the download page and on the right side …

Where is the ESET Scanner log?

Little more information would be nice here. Have you had problems updating or something?

forgot to save the log file

Go into the Malwarebytes program There is a Tab which says Logs. The past logs can be found there. I would like to see that log where all items were fixed or removed if possible.
This latest HJT log doesn't show that all fixes I recommended have been applied, the following still remain;

O2 - BHO: bannerstyles15 browser enhancer - {ec61d085-0ba9-a2bc-dd5b-927171f5f977} - C:\WINDOWS\system32\atdkfvqterpgarkc.dll (file missing)

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

And you also can fix this entry which automatically comes in when you update the java programs, it is not needed and can be done manually

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

I note also that you are running AVG 7.5 for antivirus, which is fine but this WILL no longer be available after December and I would recommend either updating to AVG 8 or choosing another antivirus program A couple other good FREE ones are;
Antivir, and Avast

Another must have program, also FREE, and is a wonderful program to protect your computer is SpywareBlaster. It works great and DOES NOT run in the background.

What difficulties are you having with the computer? You are running the older version of HiJackThis. You should download and run the newest version and give us an idea of what problems you are experiencing.

Don't worry about that missing module message right now. It is part of the infection you have. Probably has been removed by your Spybot scan but the auto start listing is still there. These next steps should also remove that.

Re-run that Malwarebytes program and this time have it fix everything found. Save that log also.

Reboot the system.

Next run HJT again and place a checkmark next to the following entries if they still exist.

O2 - BHO: (no name) - {6958F783-2FD3-4C77-9227-C1217E756021} - C:\WINDOWS\system32\awtsp.dll (file missing)

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{08d8b4bc-4412-9c63-1754-710b72e899e0}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\atdkfvqterpgarkc.dll" DllStub
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)

Once you have placed the checkmarks then click the Fix Checked Button
Exit HJT.

Reboot.

Next you need to update your Java program as yours is way out of date. First go HERE to download the newest version. Choose the Offline Install and save it to the desktop.
Once that has downloaded then close all browsers. Go to Start, Control Panel, Add/Remove and uninstall ALL old versions of java that you find there. Once those are uninstalled then go …

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Be sure to reboot the computer and when it reboots run a new HJT scan and save the log.
Then post back here with those two logs.

Happy to see all seems to have been removed. You need to set new clean restore point now as noted in PP's instructional thread above.

rushworks, you need to begin your own thread, stating your problems and post your logs in there. It can get confusing if two people with a problem are posting in the same thread

Did you read the links I noted? The first one shows how to set up IE7 essentially.

Do you know what caused the crash? And what steps did you take to fix everything?

Are these tabs all blank or do they contain the same page? Do you have the IE7 Pro Add-on? From what I have found this will occasionally cause this problem. Check and see, if you do go to Add/Remove and uninstall the IE7 Pro add-on.

Take a look at these pages about IE7 and see if they offer any solutions;

http://www.ie-vista.com/tabs_groups.html

http://www.tips4pc.com/Articles/Software%20Tips/Internet%20Explorer%207/enable_or_disable_multiple_tab_b.htm