Posts by jholland1964

*************************************************** As you can see on my list of programs I already have both A-squared & Hijackthis on my pc.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Here is the a-squared Anti-Malware

Since crunchie isn't here right now, he didn't ask you to run a-squared that is a totally different program. He asked you do download, install, update and run Malwarebytes' Anti-Malware. This should be able to remove the infection that you have.
The HiJackThis version you are running is 2.0.3 and is the Beta (Test) version, it is the Current version which is 2.0.2 he wants you to run which is on the Right Side of the page he gave you.

Well this thing is an absolute bear I will say that. Now I want you to do these steps using the infected computer, don't mail them from the other one.
What is obviously happening is this "nasty" has something working in the background that is putting a stop to whatever is tried so you have to try to get IT stopped so you can go forward and get it off there.
First of all I want you to remove all copies of MBA-M from the infected computer using first Add/Remove and then restart the computer. Next download and run this utility. mbam-clean.exe
It will ask to restart your computer (please allow it to).
Next follow these instructions:
You are going to have to use this little program called rkill which stops the infection from running in the background and then hopefully you can get it off of there.
These are instructions from bleepingcomputer for the running of rkill

Download rkill.com
Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake …

You still have not updated MBA-M. The database version is the one which comes with the install file. You need to update it to the newest database version which is 3782 and do the scan again. The scan you just posted was done about 40 minutes after the last one was completed.
You must always check for updates each and everytime you run MBA-M. It very often has 2 or more updates daily, very often one right after the other so if you run a second scan you should always check to be sure there has not been an update. But this database version IS the original from when the program version was released several months ago so this has never been updated.

Before I go through the logs I am somewhat confused here. In post #15 you said

I have used my other clean computer to download malwarebytes, updated the progam, then plugged it into my infected computer, but is only showed up as the old version.

The MBA-M log you just ran does NOT show it is the old version, it shows it is the current version. The Database is out of date but not the program itself. Did you attempt to Update the program ON the infected computer before running?
Also, who told you to run Combofix? I certainly didn't. Please don't attempt to do this unless you are first told to do so. You need to remove that Combofix from the computer. If it is decided LATER that it needs to be run then a new copy would be required as it cannot be run a second time unless it is done so in a specific way and since you tried all ready this one cannot be re-used.
Nothing is showing in the Panda Scan except cookies.

I would like you to try to update that MBA-M program and run it again. Remove all that is found. Post back here with the log.

One more question: you clearly state in your first post here:

I have mcafee, so far it will not delete the programs, it will not do anything to them.

However, McAfee doesn't show here, Norton is the program that shows in the …

Panda ActiveScan

question 2,
I have used my other clean computer to download malwarebytes, updated the progam, then plugged it into my infected computer, but is only showed up as the old version.

Do you HAVE the old version on the infected computer? Have never heard of this happening, especially if the copy is brand new.
Don't update the program when you download to the other computer, all you want to do is download the install file and than take THAT to the infected computer. You can also download the install file to the other computer, rename that file to some other name entirely, just be sure the .exe remains and then put that renamed file on the infected computer and install. The infection is looking for the security programs by name usually but if it sees something like that it very likely won't see it or know what it is.

What was the log you posted in post #12?
Have you tried working via Safe Mode with networking? Especially downloading Malwarebytes' program?

Do you have another computer you could use to download Malwarebytes' and then take it to the infected computer, say via a flash drive or a cd?

You normally then have to shut the computer down then reboot, that would be when the computer should boot to the CD drive. Setting up the boot menu just tells the computer what it should boot to when started up.

Ok, here's the program which is free and easy to use. Mike Lin's Start Up Control Panel Just download and install. Once installed it will be located in the computer Control Panel with a little computer icon labeled Start Up.
Open the program and you will see various tabs, some with programs listed, some with none so you will have to go through each tab to look for those listed below. Just take the check marks out of those listed, close the program and then reboot the computer.
Here is the list. Some are your choice as to whether you want them or not, others are absolutely not required and can be run manually when needed and I have listed them this way in the two lists with an explanation of what each is for the ones which are User's Choice:
Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it...............
LogitechVideoRepair-LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30
SoundMAXPnP-SoundMax integrated sound. Required if you have custom settings for your sound, such as effects and environments
Kernel …

Give me a bit and I will give you a list and a little program to do it with.

something will not let me update malwarebytes, it says

error code 732.

but the 1/7/2010 is the current version it is on.

what should I do from here?

Error code also refers to no internet connectivity. Are you doing this posting from the infected computer?

Hi, this can be quite difficult to remove. But here are the steps to try which are from bleepingcomputer:

Print out these instructions as we may need to close every window that is open later in the fix.

First you need to end the processes that belong to Paladin Antivirus so that it does not interfere with the cleaning procedure. To do this, download the following file to your desktop.
rkill
Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Paladin Antivirus and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Paladin Antivirus when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Paladin Antivirus . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of the guide.
If you continue having issues, …

If it is running then it must be ok to run it as you are.

Really looks ok. How are things running?
Lots of unnecessary auto starting programs there that can consume resources as they run all the time in the background, even if you are not using the program at the time.

Were you playing this game online I assume? What browser were you using? You HAVE to use a browser to be online, unless you are only using an email program. In order to USE the game online it must come through the browser...Firefox I presume so that is why it would be using more CPU than the game program. So it is NOT opening in the background, it has to be open in order to be online.

But for the moment, that part is really immaterial, you have an infected computer.

You need to do the following:
STOP or better yet UNINSTALL, BitTorrent and uTorrent. Very possibly the way the infection entered the computer in the first place.
Please generate and Uninstall list for us using the HJT program. To do this do the following:
Start HijackThis
# Click on the Misc Tools button
# Click on the Open Uninstall Manager button.
Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into a reply

AFTER posting that log heredo this:
Download ATF-Cleaner.exe by Atribune save it to the desktop for easy access.
RUN ATF-Cleaner.exe.

• Click on ATF-Cleaner to run it
• Where it says Select Files To Delete, Check the Select All …

Follow the steps given on this sticky at the top of the page:
Read me before posting a request for assistance
Post back here with all logs requested in that sticky.

Looks better for sure.
You need to go into Services, Start, Control Panel, Administrative Tools, Services. When this opens scroll through the list there, it's alphabetical order and look for the following:
Marvell Yukon Service
Messenger Sharing Folders USN Journal Reader service
Double click to open each and change the Startup type to Disabled.
Then Exit Services.
Reboot the computer.
Run HiJackThis again and place check marks next to the following entries if they remain:
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\shane\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\shane\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O16 - DPF: {81449547-EB5D-422E-8730-932DC5E412C8} (UVUPlayer Control) - http://www.howardstern.com/install/uvuplayer.cab
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
Once you have placed the check marks click the Fix Checked button.
Exit HiJackThis and reboot the computer. Run another …

Checked with crunchie and here are the two solutions you might try:
Ultimate Boot Disk as you have heard, though neither of us has used it we have heard good things about it. You would have to download and burn a disk using another computer.
http://www.ultimatebootcd.com/tutorials.html

Also this one too:
Can also try Bart's PE Builder, same thing, download and burn.
http://majorgeeks.com/Barts_PE_Builder_d4007.html

Other than those two options we really have no other suggestions. Sorry we can't be of more help.
Let us know how things work out.

I will be honest here I have no idea how to help you. I will ask one of our other mod's to take a look.

Anything in the Hijack log that should be removed?

Have not seen the MBA-M log from normal mode yet.

I would also like for you to do the Online ESET Scan. You will have to use Internet Explorer to do the and also Disable Your Anti-virus program while it runs.
Once the program opens you will be shown items that you can choose to do or not. Please leave default checkmarks as they are and continue the scan. Please allow it to Remove/Quarantine all that is found.
Once the scan is complete then reboot the computer.
Please then run a New HiJackThis scan and save the log.
Post back here with the ESET Scan log which should be located at located at C:\Program Files\EsetOnlineScanner\log.txt. and the HiJackThis log.

Is this part of the origanal antisoft problem or a new problem all together.

I really have no way of knowing, except if all the scans previously were run in safe mode then it is likely the same infection.

Why are you running these scans in safe mode? They should be run, if at all possible in Normal Mode.

You have not posted the MBA-M log which can be found within the program under the Logs Tab. Open the tab, double click the log. It will open in Notepad. Copy/paste the log back here. One cannot say the problem is solved just by running one scan. Chances are that it is NOT, especially since you had to change the name of the .exe file in order to run the program.
The choice however is yours. If you prefer to assume all is well then click the Mark as Solved listing and consider things done.

Based on items noted in the MBA-M scan you should do the following:
First, uninstall the My Web Search option from Add/Remove Programs

1) Click on Start, Settings, Control Panel

2) Double click on Add/Remove Programs

3) Find "My Web Search" in the list of installed programs and click on Change/Remove to uninstall it. You may also want to uninstall any of the following items associated with FunWebProducts.

* My Web Search (Smiley Central or FWP product as applicable)
* My Way Speedbar (Smiley Central or other FWP as applicable)
* My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
* My Way Speedbar (Outlook, Outlook Express, and IncrediMail)
* Search Assistant - My Way

4) Reboot your Computer

There is a very good chance that what was found by MBA-M may not be all of it. Please also do the ESET Online scanner, you will have to turn off your av program and also run the scan from Internet Explorer and have it remove all that is found.
Reboot. Then run HiJackThis and post both logs here.

update: I managed to run hijackthis and it found a file called twext.exe... apparently this is a really dangerous file! I tried to remove it on hijackthis but it wouldn't do it. Does anyone know how to remove this file even though i can't install or run ANY antivirus programs? Please help! thanks, Hetty

That twext.exe is likely the file you were able to stop in the Task Manager. Check there and if you see it turn it off.

HiJackThis is basically a scanner program NOT a fixer program.
Please do the following:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer. Run the HJT program again, save the log. Post back here with the …

By all means definitely post the MBA-M log. Be sure to have it Remove all found and Reboot.
Post back here with the log. I will watch for it.

Looks pretty good to me, though Trusted Sites really aren't needed, I don't use that at all. No reason to really unless it is a work computer that would require this as some do.
Plus go with Firefox as the browser. It is much more secure than IE of any version and most definitely much faster. You can use Firefox and add the Coral IE Tab to Firefox for sites that absolutely require using IE. Also add Web Of Trust to IE and also Firefox if you decide to use it. This gives a good alert as to whether a website is trusted or not.
Be sure your IE cookie settings are:
Allow 1st Party Cookies, Block 3rd Party Cookes, Allow Session Cookies.
With Firefox Allow 1st party cookies and no check mark (meaning block) 3rd Party cookies.
Looks secure to me...watch where you surf is the key, NO P2P file sharing for sure and you will do fine.
You are a rarity, you actually research which is unusual today.

Thanks to Crunchie for jumping in here. Logs look much better but some things you still need to do:
1) Click on Start, Settings, Control Panel
2) Double click on Add/Remove Programs
Look for and Uninstall the following if listed:
* My Web Search (Smiley Central or FWP product as applicable)
* My Way Speedbar (Smiley Central or other FWP as applicable)
* My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
* My Way Speedbar (Outlook, Outlook Express, and IncrediMail)
* Search Assistant - My Way
Next, open My Computer, Drive C, and double-click on the Program Files folder
Right-click and delete the folders for:
* FunWebProducts
* MyWebSearch

Your java program is way out of date. Go HERE and download the Offline Install file and save it to the desktop.
Close all browsers. Go back to Add/Remove and Uninstall all old versions of Java you find there. Once all are uninstalled then double click that install file on your desk top to install the new version. This will not take long so be sure to watch as the install takes place. Make certain there are no additional toolbars installed with it. They will be marked with a check mark in a box next to the name of the toolbar, like yahoo toolbar. This has been offered recently in some downloads. You don't want any toolbars to remove the check mark if …

You have entries in your HJT log for autostarting programs which appear to contain Temp files. Have never seen this. It is a program called DelayShred which is apparently McAfee's Shredder for cleaning files after closing a session in Internet Explorer. This doesn't need to run at start up and should be turned off. I am not familar with the program, but I know it doesn't need to run at start up. You can use QuickClean manually via McAfee Security Center and run it from there"
Other than that I see no indication of infection in there, and that isn't infection, just an unneeded auto start.
How much RAM do you have installed?

...but this is the program that the owner of the company wants on all of the machines, so I get to make sure that he gets what he wants.

Hey, you "gotta do what you gotta do". You might recommend he consider something else next time.

I've been reading about malware in a few different forums, and a lot of people recommend installing several anti-malware apps. But if you do that, don't you have to make sure they're not all in the Start menu, so they don't run all at once and collide?

Yes, you are correct. You have to do your research. Typically a GOOD program will tell you what won't run well with something else. But also don't overload the computer is a key piece of advice. Use a 1 good anti-virus program, 1 good firewall, an anti-malware program like SpywareBlaster is excellent, mainly because it does not run in the background but does block, malware, spyware, questionable ActiveX programs and has an excellent Restricted Sites portion that DOES stop you from going to a known bad site in the first place. Install one or two scanner programs, MBA-M and Spybot are very good. SuperANTISPYWARE does a good job also. Use these programs as SCANNERS and use them at least once a week.
A key part of security is use proper settings in your browser...Allow 1st party cookies, BLOCK 3rd party cookies and allow Session Cookies. A Session cookie is a cookie that a website places on the computer to allow you to navigate their site so that you can go from page to page easily while using the site but once you leave that website the cookie goes away.
Reduce the size of disk space to use for Temporary Internet Files …

Download and run a system scan with HiJackThis, save the log and post it here.
http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10781312.html

EDIT: Additional Information
Just found this info. Ewido, which is now part of AVG so you would think that AVG would take care of this themselves with the install files but they don't, leaves a registry key on the computer, even if it is uninstalled.
Download and run this uninstaller and see if it makes a difference
http://www.avg.com/filedir/util/support/remove_ewido_en.exe

That said, may I further advise that you switch to a different anti-virus program? AVG doesn't get as high a ranking as either Avira or Avast.

It would likely be located in C:\Program Files.
Also go to Start, Search, Files and Folders, be sure Advanced options to look in hidden files and folders, system folders and sub folders also have check marks in them.
Then type ewido in the search box and choose "C" drive and click search.
This will run a full search of the "C" drive for any files named Ewido. You need to open these to see what they are when found, there may be an Uninstall file there to use.
If you cannot find it that way you can also use Revo Uninstall Free to locate and Uninstall the program. It works quite well.

http://download.cnet.com/Revo-Uninstaller/3000-2096_4-10687648.html?part=dl-6294459&subj=dl&tag=button

Have you followed all the steps given here http://www.daniweb.com/forums/thread134865.html including the MBA-M scan and the ESET scan? That is the way to tell for sure if you have an infection or not. The HJT occasionally will show indications of infection but certainly not always. Run those scans and post back with the results. A reformat is a very drastic step to take, especially with no guarantee it will fix your drive...plus how are you going to run the reinstall CD without a working drive?

One BIG reason for the computer running slowly is you have stated that you have two anti-virus programs on the computer, Norton and Avira and then you said you downloaded

AVG and Malware bytes and some other programs

but they wouldn't either install or work. I am not surprised. The absolute rule is ONE antivirus program only, not multiple ones. A really easy way to get an infection on a computer is running two anti-virus programs on the same computer. They end up conflicting with each other and then allow infection onto the computer.
If Norton is current, up to date then UNINSTALL ALL of the other anti-virus programs on the computer immediately. Note it say UNINSTALL using Add/Remove.
I don't know what the "other" programs you downloaded are but uninstall those as well, but I do need a list of what those are.
Whether you have an infection at this time it is very hard to say since you had such a multitude of security programs battling it out you likely would not have gotten a clean and thorough scan with any of them.

Uninstall MBA-M also and download it again. Follow these instructions for it's use:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is …

As commando as i am, i don't want to go it alone!
I have removed all sites from the trusted list.
Can i ask where you got your info on the websites? And should i just bin ie for all internet transactions?!
I ran the anti malware and nothing showed up.
I also ran two other anti rootkit apps - also nothing.

Some of the bad websites were all ready familiar to me from previous computer clean up but one way to tell if a website is clean is using Web Of Trust which is a small add on for both Internet Explorer and Firefox. It adds a small button to the top of the browser. When you go to a good website the button will be green, a questionable site will show as yellow/orange and one with poor reputation will show as red. Google searches will also show those same indicators next to the listings given. Now of course not all websites are listed, some have not yet been rated and naturally there is no way to rate every single website in the world but at least it gives some indication. By clicking on the button, whether on your browser or a google line you can get info given by others concerning the site in question. But as I said, when I see listings in the Trusted Zone I always check them out because much of the time they just aren't needed there. …

it happened after i try to use total video converter portable, it also happened on another computer

One safe rule, if something causes a major problem like that once, I frankly wouldn't use it again. But since this has happened all ready that is beside the point...but I would never use this again. Obviously there is a problem with it.

Your HJT log doesn't show anything indicating infection, though that doesn't mean there ISN'T one there. There will be other steps I want you to try after you have attempted the fix below.

Have you checked in the Device Manager to see if the drive is recognized or has a yellow exclamation point notation? It could be that all you need is a new driver. Have you rebooted the computer since this happened? If not, do so now. That would be your first step, then checking the device manager, if there is a notation that there is a problem with the drive. But even if the Device Manager says the drive is ok try reinstalling the drive. Go into Device Manager (right click My Computer, choose Properties. When that opens click the Hardware Button, then the Device manager button) and Uninstall it. See my attachment on how to do this.
Then reboot the computer. The computer should see the "new drive" and reinstall it. Then try again to have it play a disk.
Also, stop that SpyBot TeaTimer. It is more trouble than it is worth.

Thanks for the clarification on the firewalls.

jbennet called this when he moved your thread to this forum.

Moving to the viruses/malware board.

Check you dont have any dodgy entries in the HOSTS file. Prepaare a HijackThis log too.

Do i really need to remove all of my trusted websites (i have ie locked down except for websites i need js for)?

Evidently not "locked down" tight enough.
Obviously I would not have recommended the removal of those trusted sites if there were not bad sites listed there and there multiple sites on the list known to install unwanted programs and files. There are too many to list separately and I will not do so.
But a "sampling of notations concerning a good number of the sites you have listed as Trusted include:

Will flash up malware warnings from any good firewall program. Makes 9 registry changes, install 7 malware apps, will make 3 OLE echnges to your firewall. No uninstall option.

What happens; download software, register before install (no bank details), install, offer or free game given, now add bank details.

This site is a known Smitfraud-C website, which utilizes an ActiveX codec to trigger the distribution of the trojan. Don't go here, because Smitfraud is something you don't want to catch!

Free games! Just get a virus installed on your PC!

Listed on HMOS Domain Warning List

Closed my account recently small amount of money went missing...

Those are listings for only 6 of the …

Big problems to begin with where you stated:

I have two firewalls

The absolute rule is 1 firewall and 1 antivirus program should be running on a computer. So uninstall one to them immediately.
Then do the following:
Run HJT again and put check marks next to all of these entries:
O15 - Trusted Zone: *.1and1.co.uk
O15 - Trusted Zone: *.888.com
O15 - Trusted Zone: *.adobe.com
O15 - Trusted Zone: *.amd.com
O15 - Trusted Zone: *.cnet.co.uk
O15 - Trusted Zone: *.download.cnet.com
O15 - Trusted Zone: *.codeplex.com
O15 - Trusted Zone: *.codinginparadise.org
O15 - Trusted Zone: *.comodo.com
O15 - Trusted Zone: *.csshub.com
O15 - Trusted Zone: *.dabs.com
O15 - Trusted Zone: *.discountasp.net
O15 - Trusted Zone: *.dojotoolkit.org
O15 - Trusted Zone: *.domaintools.com
O15 - Trusted Zone: *.download.com
O15 - Trusted Zone: *.dreamtemplate.com
O15 - Trusted Zone: *.entertonement.com
O15 - Trusted Zone: *.facebook.com
O15 - Trusted Zone: *.fbcdn.net
O15 - Trusted Zone: http://www.free-av.com
O15 - Trusted Zone: *.google.co.uk
O15 - Trusted Zone: ie7-js.googlecode.com
O15 - Trusted Zone: *.gstatic.com
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: …

Key is don't leave yourself unprotected.
Use a good anti-virus program, firewall there are several good FREE ones of both available.
AV programs:
Avira
Avast
Firewalls:
Online Armor
COMODO Firewall
PC TOOLS FIREWALL

Use a good anti-malware remover. Malwarebytes' Anti-Malware is one of the best today. Update and scan at least weekly and remove all found. Very often the first tool recommended when a known infection has gone on attack.
Make sure your browser has the correct security settings including 1st party cookies ONLY, block 3rd party cookies. Use a safer browser, Firefox is one which is certainly more secure than IE.
Add the WEB of TRUST add-on to the browser. Won't stop you from going to websites but will give you a warning that a web site may not be trusted.
Use a program like SpywareBlaster to add to your protection.
Keep your programs up to date. A safer computer is certainly an up to date computer.

Update MBA-M and do another Full Scan and Remove all found. Reboot and run another HJT scan.
Post back with both logs.
Judy

have super anti spyware and Malwarebytes' Anti-Malware currently installed and i have tried running both programs at the same time on full scan to remove all the programs with no luck.

Not sure what you mean by running full scans at the same time...if you mean ACTUALLY running the scans at the very same time, then NO they don't work that way. You can only run ONE scanner at a time.
Turn off ALL P2P programs and leave them turned off, better yet, Uninstall them. Very likely the way you were infected in the first place that AND, as unitedwaykat stated, there is NO anti-virus program on there, WHY?
Turn off SAS. Update MBA-M. Run a FULL scan with it. When the scan is complete REMOVE all items found.
REBOOT the computer, this is VITAL.

Then do the following:
Run the ESET Online Scanner and post the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

REBOOT the computer.
Post back here with the MBA-M log and the …

Files Infected:
C:\WINDOWS\system32\drivers\zhklr.sys (Rootkit.Agent) -> Delete on reboot.

And DID you reboot? This is a KEY part of MBA-M instructions, REBOOT after clicking Remove Selected.

Turn this program OFF and leave it turned off.
BitTorrent DNA
Good way to get infected is by doing P2P file sharing.
Do the following:
Run the ESET Online Scanner and post the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

Reboot the computer.
Post back here with the ESET scan log.
Judy

i have the same problem on a acer aspire 6920 sexy machine n it turns out that it only switches off when it gets hot, i think its probably the heat is too much for the little fan to put out

joker050;
You need to begin with the steps given in this sticky
http://www.daniweb.com/forums/thread134865.html
complete all the scans as noted there and then begin your OWN thread noting your problems and including all the scan logs. Since this thread is 3 years old there is slim chance you will receive definitive answers to solve your problems in this one. A key rule here is never piggy back your question in another persons thread, makes things too confusing and then nobody receives the proper help they need. So do the steps given and then create your own new thread by clicking the Start New Thread Button on the upper left and somebody will be most happy to offer solutions.
Judy

I am SO new to this, but I catch on fairly quick. I need help please. My printer stopped working with the pop up Rundll32 failed to load. I got the hijackthis and the file it gen, but I don't know what to do with this.

Mtdreamaker, You need to begin with the steps given in this sticky
http://www.daniweb.com/forums/thread134865.html
complete all the scans as noted there and then begin your OWN thread noting your problems and including all the scan logs. Since this thread is well over 5 years old and the original poster never returned there is slim chance you will receive definitive answers to solve your problems in this one. A key rule here is never piggy back your question in another persons thread, makes things too confusing and then nobody receives the proper help they need. So do the steps given and then create your own new thread by clicking the Start New Thread Button on the upper left and somebody will be most happy to offer solutions.
Judy

If I may jump in here for just a moment, there seems to be portions of two anti-virus programs running on the machine and also some AOL Security items:

Running Processes:
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe

URL Searchhook
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

Toolbars
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

AutoStarting Programs
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

Services
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

Should only be one anti-virus program running on the computer.

2 jholland1964:
are you stupid or act like a stupid one?
check the internet buddy, this problem has been solved already...

No I am not stupid nor do I act like a stupid one. My reply to you was because YOU piggy backed the following here in apotoczny's thread with a request of your own, NOT the solution to the problem....

i have no idea.
hope somebody will offer solution..
comp do not start in safe mode at all.... ;(

My reply to YOU and to snowkatz, who also piggy backed a question in this thread, is the policy of daniweb and clearly stated in the Forum Rules:

Please do NOT piggy back on another members thread, but create your very own thread where you will receive better assistance.

If you also read apotoczny's posts he says nothing about doing a Windows update prior to this happening.

Looking at the HJT log clearly shows multiple infections. Begin by doing this:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

REBOOT after running MBA-M!

Next do the following:
Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please …

andyk2331, please follow the instructions given to you by jbisono, without instructions and then again by Crunchie with instructions in post#4.
MBA-M is, at the present time, the top of the line in malware removal.
We rarely, if ever recommend registry edits for removals, especially since the MBA-M program WILL remove and repair registry entries for most of today's infections.
Follow Crunchie's instructions exactly and post back with the requested logs.

First thing you need to do is this:
Turn off the following programs and leave them off for the duration of this procedure;
BitTorrent DNA
uTorrent

Better yet, Uninstall them. Very likely the source of your infection.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected. VERY IMPORTANT to do this.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the Computer VERY IMPORTANT

Run a new HJT scan and post back with the MBA-M log and the HJT log.

my computer died today feb11-2010 after i installed banch on new updates for win XP SP3
same error codes
no idea what to do
i don't think its a hijacking if few ppl have same errors it might help as it might be related to a certain microsoft update for example.

I read about 007e error, and Microsoft said on certain machines they can get this error (in win XP SP3 only, SP SP2 will work fine)
if you install windows OEM for Intel on computer with AMD CPU. in
my case i have Intel CPU so it is not related i guess....
or maybe my computer has windows xp OEM for AMD and now it's not working on intel CPU after this particular updates - i have no idea.
hope somebody will offer solution..
comp do not start in safe mode at all.... ;(

You need to begin your own thread rather than hijack another persons.
Even though symptoms may be the same, no two computers are identical. Make your own thread and somebody will attempt to offer some help.