Posts by jholland1964

Also....be certain there is NOT a CD in the drive, if there is then the computer could be booting to a CD....made by American Megatrends. If the computer is booting to the CD then you usually wouldn't see the normal Microsoft screen but whatever it is that the CD contains.

One thing I never asked, do you have some sort of USB device attached to the computer? Is it possible that rather than booting to the hard drive the computer is booting to...USB, CD, something other than normal boot?
Norton's can be difficult to remove but if done properly it shouldn't be a problem. I would wait until this is cleared up before changing software however, we need to know exactly what is going on.
Having the Norton and firewall on the computer wouldn't be a problem for any of the tools in the link I gave you.
I have to stress here though, this could very well be a legitimate happening on the computer, as this company IS legitimate, does provide hardware and software for many computers and it would not be unusual for one of these items to be ON your computer. So please don't assume this is something wrong or bad. You might end up removing a vital piece of software on the computer...needed driver or something like that. So try to get ALL the info you can on this, ok?
Why it is showing at boot...I don't know.
I really would like to see a print screen of this if possible, sure might help to narrow it
down.

Can you give me the make and model of the computer itself?
Judy

What was the name of the software and where did you get it? American Megatrends IS a legitimate company, not known for malware, viruses, trojans, etc. I honestly doubt that this is an infection of some kind. But for safety sake follow instructions given HERE

Are you absolutely certain that you have nothing on the computer with American Megatrends software?
PCI controllers, BIOS, Keyboard Controller, Data Storage, USB Drivers & Firmware for the mobile phone, RAID Controllers?
These a legitimate files, not something which would or should install without all ready being on the computer.

It happened after I posted the last log after I uninstalled Malwarebytes in getting ready to run the program in Normal mode. It's almost like I started from the beginning!

I'm at advanced boot options now...Safe mode, safe mode with networking, safe mode with command prompts, etc.

What happens if I go to "last known good configuration"?

Well, I don't know...at this point...you might try it. If that won't work then go back to safe mode and begin again...sorry.

Did you run any other programs, other than those mentioned here? This seems rather odd happening with just those programs having been run. Exactly WHEN did this happen? Immediately after running MBA-M or something else?
Can you get the computer to boot up at all? This is really quite unusual. None of the programs run should have caused this. Windows Defender should also be turned off during these clean ups as it also can interfere. Using msconfig was ok, just not the recommended way to turn off TeaTimer. Did all this occur immediately AFTER doing that or before?

The problem is now that I can't run any programs in Safe mode or Normal Mode. I turned off the teatimer by using msconfig, but I am unable to do anything further. Any other suggestions?

This is beyond stressful!

So you are saying that the computer doesn't boot now at all, correct?
or when you say you cannot run any programs do you only mean security programs?

If you cannot run any programs at all then how did you run msconfig?

Why did you use msconfig to turn off TeaTimer, that was not the instruction, and honestly don't know for sure that will work.

Try running your anti-virus in Safe Mode.

You know you all ready have two threads which are not complete:

http://www.daniweb.com/forums/thread237635-2.html

http://www.daniweb.com/forums/thread242629.html

Is this the same computer? If so you absolutely MUST complete all steps given to you, post back with results and then wait for the computer to be deemed clean and the thread marked solved. This problem you are experiencing now could be a result of the infections shown in the first thread above. I would recommend that you go back through the steps in that first thread and post the results of the newest scans here and plan to stick with this until you are told that the computer is showing clean.

Of course all is a matter of personal opinion on most things, however Avast rates higher generally on protection than AVG and also in speed. Also consider Avira Free. Excellent, doesn't cause slowdowns either. I have used it myself for several years and am quite pleased.
You might check out reviews HERE

You haven't given us much information really, we don't know what operating system you are using, what anti-virus program you are using, the names of these infections or their locations on the computer.
Since we don't know what was found, what files you removed or where you uploaded these files for identification we cannot give you many answers at this point. Just stopping processes from running will not remove an infection, just as creating a new account will not remove an infection, the infection is on the computer itself not just on a user account.

Please follow the instructions HERE and then post back with all of the requested information and logs of completed scans.
Judy

Hello and welcome to daniweb. You are using a WAY OUT OF DATE version of HiJackThis. Please uninstall this version and download the new version from HERE
You are running XP SP3 yet your log shows multiple programs listed as Windows 7. Please UNINSTALL all of those.

Exactly WHAT problems are you having with your Kaspersky Anti-virus program? Please give us full details.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

REBOOT after running MBA-M!
Then run a new HJT scan with the new version you downloaded.
Post back here with both the MBA-M log and the HJT log.
Judy

Hi, welcome to daniweb.
First of all turn off or better yet UNINSTALL that uTorrent program. P2P File sharing is a KNOWN cause of multiple infections.
It must be turned off and remain off throughout this clean up. If this is not done we cannot help you here.
Next do the following:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

REBOOT after running MBA-M!

Then run a new HJT scan and save the log. Post back here with the MBA-M log and the new HJT log.
Judy

You must TURN OFF Spybot TeaTimer as it will interfere with fixes attempted.

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Ok, now in normal mode Uninstall MBA-M, download it if possible from HERE, install and update and run a new Full Scan. Remove all that is found. Reboot.
Run a new HJT scan. Post back with the new MBA-M log and the new HJT log.
Judy

Hi Welcome to daniweb,
You need to follow the steps found HERE.
Please complete steps given there and post back here with the requested logs.
Judy

my searches redirect to random sites and spam popups pop up!

how may i fix it!?

In order for the few volunteers who offer a bit of their free time and expertise in this forum to assist you in a timely manner, please complete the following steps before posting a request for help
http://www.daniweb.com/forums/thread134865.html

Go ahead and post the HJT log.
Also download rkill.com. Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with the infection. When it has finished, the black window will automatically close and you can continue with the next step. You may get a message that rkill.com is an infection, ignore it, many infections produce this warning in order to get the user to stop using rkill.com. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the running files. please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of these steps.
Please then try to install MBA-M. If you still do not have internet access then you will have to install it via the flash drive. Be sure the copy on there is the latest one as you will not be able to update.
If you still cannot install in normal mode then go ahead and try to install it in safe mode. This isn't usually recommended as often the scan is not going to be totally complete since MBA-M won't load all of its drivers in safe mode but …

hey i think i have the exact same virus because it pops up with the same kind of messages only mine terminates windows instantly after they pop up and this includes everything, games, some mozzila but not IE, task manager. I tried to download that ESET program but it would close the window before i could click download, any advice?

We ask that members not piggy-back questions on to a thread previously started by another member here in the Viruses, Spyware & other Nasties forum, (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/forums/faq.ph...niweb_policies

Thanks for understanding.

Ponyboy76, you need to begin your OWN thread rather than posting your problems within another persons thread. It is impossible to work with two different posters and computers in the same thread. Create your own, fully stating all your problems, add the log and somebody will be happy to help you.
Judy

radmobile,I am happy that you feel things have been fixed, HOWEVER, this message is for ALL who may be viewing this thread, take heed of the warning given on BleepingComputer when attempting to use Combofix because this is the instruction given on ALL computer help forums, it is obvious that radmobile did not follow the instructions or the warning given:

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

This tool is NOT the end all and be all of computer repair. It should NEVER be used as a "regular" clean up tool. It is meant for use with specific infections. There are certain procedures which are always followed on this forum prior to running Combofix and it is generally the last resort recommendation given by the helper and that not given without considerable thought by the helper. There are also required steps which must be taken AFTER the running of Combofix, especially since Combofix cleanings are very often not complete, and other steps must then be taken, including the CORRECT removal of combofix itself, as it CANNOT and SHOULD NOT be Reused for other problems and should never be used without …

Michelle, honestly couldn't tell you WHAT fixed it...LOL. We did so much, let's put it down to...Christmas elves...LOL!
Merry Christmas to you too.
Judy

Hi, I looked at your other thread and one thing you said makes me curious:

am not able to make out any suspicious task which might be running that causes this regular restart.

You know it wouldn't HAVE to be a suspicious task, it could be something legal. But we have no idea what ANY of the programs are that you have looked at, checked, etc. just WHERE you have checked according to the other thread:

Registry (Windows Run keys), msconfig, services, scheduled tasks, etc.

It would certainly help us help you if we knew, by name, exactly what you found in all those places.

Download DDS by sUBs and save it to your Desktop.

• If your AV has a script blocker, please disable it
• DoubleClick on dds.scr to run the tool

* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).

• Copy&Paste the DDS.txt into your post for assistance.
• Please post Attach.txt as an attachment to your post - there is no need to Zip it. If you don’t know how to post an attachment, please Copy&Paste it along with the DDS.txt scanlog.

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista, right-click on it and Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* If the tool does not run from any of the links provided, please let me know.

Do not reboot the computer, you will need to run the application again

I install new windows in my laptop. After installation i open
my Drive E but it cannot open i think trojan viruses.
I have very importent data this drive, sooooo plz help me
I am such in big problium.
I have Aecr 3050 laptop
hdd 80 GB

This thread is one year old. You need to begin your own NEW thread. You won't get any help by hijacking another person's thread, a very old one at that.

First of all Combofix is NOT available right now due to a problem with the program. DO NOT attempt to download it at all. Please heed this warning from BleepingComputer

ComboFix is not available for download until an issue with the program has been resolved. Please be patient while the developer fixes the program and makes it available once again. As more information becomes available, we will update this page.

DO NOT attempt to download ComboFix from sites other than BleepingComputer.com and Forospyware.com!

Other sites hosting ComboFix are not authorized mirrors and are hosting outdated copies of ComboFix that contain a bug that may render some machines unbootable. Using unauthorized mirrors of ComboFix puts your computer at risk of not booting again. Please wait for the official version to be fixed and released again.

Try this:
Download gmer.zip: http://www.gmer.net/files.php
Unzip the file, and double click on gmer.exe, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

Can do! I've been using Spybot Search and Destroy and have been happy with it, and the F-secure scan I did revealed nothing, but I'll give this a go.

I thought my computer was slow, but my wife was complaining about hers so I took a look and it takes less time to actually shuffle cards than to load solitare! It's bad.

This program looks for OTHER things that F-Secure and Spybot don't look for, add this to your arsenal for weekly scanning. But do this scan right now and see if it comes up with anything.
As far as your wifes computer, once this one is finished feel free to begin a NEW thread concerning that one. Too confusing to work on two computers, at the same time AND in the same thread. What applies to one may not apply to the other but we will be happy to help you get hers speeding along too.
Post that MBA-M log, even if it shows clean, ok? Please IGNORE the program noted by aka-amboy. This is a paid program, not mentioned here before and we try to stick with the free programs if possible. It is also one I am not familiar with so go with the steps I am giving you, ok?
Judy

Now give us a new HJT scan and post the log.

i dont have my security center enabled because i dont use a firewall.

That is no reason to turn off the Security Center...WHY don't you use a firewall?
Have you checked for updated drivers for audio and graphics? They could have changed in a year.

Hyzaneretro, since you say the system is still running slowly I would like you to do the following:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Reboot the computer.
Then run a new HJT scan, save the log and post back here with the MBA-M log and the HJT log.
Judy

Hi, it looks complicated, I often encounter this ,very low speed. What's the easy solution to fix this.

As you see not often easy solutions. If you have a problem please create your own new thread and somebody will be happy to help you there. It is much better to work with ONE person and ONE computer per thread.

my java is :Java Version 1.6.0_16. (not sure what that means but i just googled what version of java do i have and it gave me that)

my virtual memory is 756 MB

I am asking again Why is your Security Center disabled?
You need to update your Java, it is out of date. Go HERE, download the OFFLINE install and save it to the desk top for easy access. Once it is downloaded then go to Add/Remove and Uninstall ALL older versions of Java you find there. Once that has completed then, close all browsers and double click that install file on the desktop to install the new version. Once it says it has completed then go back to the download page and click Verify Now on the right side of the page to go to the verification page to assure the install was successful.

Your Virtual Memory is set way too low.

The recommended size for virtual memory is 1.5 times the amount of RAM installed and also use a fixed virtual memory/pagefile size, to do this you would set the minimum and maximum size to the same number.
1. Click Start, right click on My Computer and then click Properties
2. Click ” Advanced “.
3. At the ” Performance ” section click ” Settings ” .
4. Select ” Advanced ” and in the ” Virtual Memory ” click ”Change”.
5. Custom Size ” and set …

Why is your Security Center disabled?

i believe its a virus because i had this spyware that would popup saying i should scan my computer and that it has found infected objects, i let my antivirus take care of that

How do you know the anti-virus program took care of it? Generally an anti-virus program cannot remove this. I am not saying it couldn't but anti-virus programs generally don't remove spyware or trojans. What was the name of this? It should be listed in logs from your anti-virus program.

Sun java i have not touched.

What version of java are you running? Current version is version 6 update 17.
1/4 remaining free on the hard drive isn't a lot, should be ok, but not a lot, progams might run slower. 1GB of RAM isn't much either, this would also maybe make programs run slower.

To check Virtual Memory setting do the following:
Right click My Computer, choose Properties, When that opens choose the Advanced Tab. When that opens Click Performance Settings button. When that opens again click Advanced. On the Virtual Memory setting what is the number showing there?

it happens to everything i do on the computer basically from typing on MSN to watching videos to playing games, so that is why im assuming its a virus thats messing up my computers memory.

So anything done ONLINE...? Because nothing you said above tells me this also happens if you are offline.
I am going to, at this time, say I don't think it is a virus. Why? You have an extraordinary amount of programs running on the computer...a huge number in fact and when I say running...I mean actually running. Now of course I could be wrong but if the amount of programs and files you had running at the time of the scan is normal then it could very well be that your system is just "over taxed".
How much RAM do you have on the computer? How large is your hard drive, how much Free space do you have on there? What are your settings for Virtual Memory?

When was the last time you did a basic cleanup...empty temp files, etc?
When was the last time you did a defrag? When did you last update all your drivers...graphics, audio, sun java?

the skip im talking about is the video stops for not even a second but it is noticeable. i cant really explain it. its just not smooth to watch the video when it is fully buffered. and my antivirus is avira free version.
Hi Judy, thanks for your reply. this has been happening for about 2 weeks now. i have ran MBA-M that is fully updated in both normal boot mode and safe mode and it did not find anything wrong (so i do not have the log files for that), i however, scanned with spybot S&D and i found a couple of suspicious files called "bluestreak" and "Zedo".

Bluestreak and Zedo are both advertising listings. Likely adware, hopefully Spybot Removed them.
Your MBA-M logs ARE available in the program, Open it up and go to Logs. Post the one from the NORMAL scan. MBA-M is NOT meant to be run in Safe Mode as it won't do a proper scan because all of it's drivers cannot be loaded.
I would like to see the log anyway, even though it showed clean.
You do have a lot of unneeded programs running all the time. This could also cause problems with other items running on the computer.
Does this skipping happen only with videos viewed via the internet or does it also happen with video files directly ON the computer?
Judy

Ok, here is the list and explanations of each as I see it. All I have listed here are NOT required to run at start up and have nothing to do with the actual running of the computer:
IgfxTray-Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets
Persistence-Associated with the Common User Interface module for Intel graphics cards
NvSvc-NVIDIA Driver Helper Service - installed when you change from the WDM drivers to nVidia's latest versions but not requied. Extreme shutdown delays can be encountered with this service active, but no adverse side effects with it disabled.
NvCplDaemon-System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again.
NvMediaCenter-System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties
iTunesHelper-Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times so you have to keep an eye out on this one in case it restarts itself.
SunJavaUpdateSched-Java auto updater, do this manually, plus this doesn't work correctly much of …

Thanks for the additional info.
First of all you need to turn OFF that Spybot TeaTimer. It can definitely interfere with other security programs. To do this do the following:
* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer
Do that to start with and I will go through your log and tell you which ones can be stopped and how.
Judy

Hello Heyzaneretro, welcome to daniweb. First of all your HiJackThis log is incomplete. We need to see the full log, including that top portion which tells version number, your operating system, IE version, and WHEN the scan was run. We have to be able to see all that before giving steps to complete.
One thing I do note in the log posted is you have an extraordinary number of auto starting programs 36 to be exact many of which are totally unnecessary and would most definitely slow your system.
Run a NEW HJT scan and post back with that entire log. Then we can hopefully be able to give some steps to speed the boot times.
Judy

try to reprogram your computer,maybe some of your important files were corrupted by a virus .. whats your anti virus software? not all anti virus softwares can detect malwares that you can get in using the internet..

Hey..what "skip" are you talking about?
I can't picture what are you talking about..
And please tell your ANTIVIRUS SOFTWARE.
And your Web Browser..

Hey folks, note the log, the poster is running Antivir anti-virus.
Now for the original poster, flipboi15, how long has this been happening?
You do have MBA-M on there, have you updated and run a Full Scan with it lately? If so we need to see the log. If you have NOT done this then please do so now, having it Remove All that it finds.
Reboot the computer and then run a new HJT scan.
Post back with both of those logs.
Judy

If you read my reply above I said BOTH.

on both the minimum and the maximum. That way the page file does not dynamically grow and shrink. On your 2GB of RAM this would be 3072MB

Reboot the computer after you change this

Best advice is to begin with steps given here;
http://www.daniweb.com/forums/thread134865.html

This original thread is nearly two years old. Posting info here will be of no use to the original poster who has never returned. I would advise those wishing to post advice to choose current threads in which to offer assistance.
For dan2oaks who posted:

If you are running McAfee and AVG anti-virus programs at the same time,that is your problem.

While the logs show evidence of at least portions of McAfee on the machine, there is no evidence of AVG on there so while your advice IS sound be sure there ARE two anti-viruses installed and on this one there didn't appear to be.

For Tech Jock who posted a link concerning an AdAware 2009 Installation error, this would not apply here since the poster DID have AdAware on the machine but no evidence it would have been AdAware 2009 and since the thread is nearly 2 years old it is unlikely any of the advice would apply.

How do i update ?

Open the program, click the Update Tab, when that opens hit the Check for Updates button. Program will update in just a few minutes. Then go back to the Scanner Tab. Put a dot in Perform Full Scan and click Scan. It may ask what to scan, choose "C" drive. Allow it to scan, may take awhile. When it is finished it will show any infections in Red. Make sure there are check marks in all and then click the Remove All button. It will remove all found and then you should reboot the computer.
If nothing is found then the program will tell you Congratulations nothing found and the log will open. Regardless, please post the log.

Thanks for your response, however I'm not quite certain what other logs you would like to see? Please let me know and I will do my best to produce them for you.

I am sensing that something in my registry that may have been previously modified by some kind of malware which has attributed to this behavior. I recently notice that if I press any keys on the keyboard it stops the popups and the window from flashing repetitiously.

I need to see any logs produced by the programs you say that you ran: MBAM especially. We need to know the actual NAMES and LOCATIONS of the infected files removed.
Judy

I´m located in Paraguay and yes, there are at least 3 computers connected to mine.
Which antivirus will you recommend me to download?
Do I have to disconnect myself from those computers?

Thanks a lot for the help

José

Hello Jose, my brother lived in Paraguay for three years, many years ago.

If you are connected to other computers then Yes, you need to remove yourself from that network. But, ALL of those computers may very well also be infected so they all will have to be cleaned also.
I would recommend that you use Avira Free. It is well respected and does a good job.

The programs which gave the indication of remote sharing on the log are these:
TeamViewer
TightVNC
I mentioned in my other post Dr.Web which IS a stand alone anti-virus program but offers NO protection at all. You also are showing an entry for an old Norton 360 program. It appears that it has been removed but very likely has remaining files on there since they are still listed in your log, but with (file missing) notation.
You should run the Norton Removal Tool which applies to the specific product you had on the machine to be sure these are definitely all removed.
My advice is remove yourself from the computer sharing network, add the Avira Anti-Virus program, update it and do a Full Scan with it and have it remove …

It looks to me like you are connected to other computers by using the program Team Viewer, is this true? The worm you are showing spreads via P2P sharing and possibly also remotely shared comptuers. As long as you are connected via remote sharing you may continue to be infected.

You were first showing AVG 9 on the system, you have obviously removed it because it doesn't show on the latest log. Now you have a program on the computer called Dr.Web but this is just a stand alone av program and does not provide any real time protection. What happened to the AVG 9? You also have no firewall on the computer.

Your internet domain showing is from Paraguay. Where ARE you located?
You have to get this computer OFF this remote connection with other computers and connect only this computer. You need an anti-virus program which is known to work well.

We need to see all logs you have.

Hi and welcome to daniweb,

The KEY to this is your own statement below:

I'm currently on a network and it has a LAN P2P spreader that has infected all 6 computers on my network, including media center PCs. Needless to say, when I reinstall my OS I simply get reinfected within the week.

We can clean your computer until "the cows come home" but it WILL continue to get infected if the entire network of computers is infected. You are not going to do any good just cleaning yours, they ALL have to be cleaned OR you have to disconnect your computer from this network and not reconnect until the entire network is clean. There really are no single computer options here. If you know absolutely the entire network of computers is infected then you have to clean them all to be completely free and clean.

I already uninstalled the two anti virus program , and installed the anti virus program you intorduced me .

But I have no way of knowing that because you have not done a new scan with HJT and posted the log as I requested now at least twice.
I also need you to UPDATE MBA-M and do another Full Scan with it. Have it REMOVE anything found.
THEN REBOOT.
THEN I really need you to do a NEW HJT scan and post the new log. I can't give any more steps until I see those new logs because I don't know yet if the system is truly cleaned or more needs to be removed. I need those two logs and they have to be brand new scans.

asaness This thread is solved as noted by the poster Lisa 4 days ago in the post ahead of yours. Please do not post in solved threads. This post of yours does NOT apply.

I remembered ! Its on 4th of december . Is NoLop a virus ? Cause i went to other forums they said that its a way to remove the pop-ups .

Lop is an infection NoLop is a removal tool for this infection. Now I said you should Uninstall Messenger Plus! Live because of this:

McAfee SiteAdvisor warns that the website http://www.msgpluslive.net/ is linked with adware Adware-Lop/Swizzor

and as Crunchie said:

As far as I remember, you can have messenger plus, but you need to deny the 3rd party installation that comes bundled with it.

but I have to say, I wouldn't use it. Their own website, which is in NO Way connected to Windows Live Messenger it is simply a 3rd Party Add-on from Yuna Software, NOT Microsoft. The Messenger Live! Plus distributor website gets an Unsatisfactory Rating through Web of Trust for Malicious Content, Spyware, Malware and viruses. The choice is yours of course but if it were my machine I would stick with Windows Live Messenger. Messenger Live! Plus supposedly expands the features of the public version of Windows Live Messenger and as I said, the choice is yours but are the expanded features worth it? But that is your choice to make.

Now I need to ask again...WHAT anti-program do you have INSTALLED as I see NONE in the Uninstall List but I see at least some files from BitDefender and AVG 9 running on the system …

Can I ask WHEN you ran the NoLop?