Posts by jholland1964

Sorry if I sounded like I was in a bad mood, I apologize, I really am sorry and I certainly never meant to imply that you are stupid, because I certainly do not believe that you are. I guess I get frustrated when I read a log and then people doubt what I say. I sincerely hope you will accept my apology.

Now I have done some searching on the entries I noted from the combofix log. CNET Network and CBS Interactive are pretty much one and the same company as CNET Network was acquired by CBS Interactive in 2008. So this is why both of those entries show in the combofix log AND also in your latest HJT logs;
C:\Documents and Settings\Michelle\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
Now, that takes care of two of the items noted. Doesn't explain that OpenCandy, but since is gets awful ratings it may very well have come in with something else and I am still leaning towards that CNET TechTracker since it is listed with the other three items at the same time. Note also one of those Xobini listings also seems to be listed in that OpenCandy folder. If you can find that OpenCandy again yes delete it.
I also went back through many of your previous threads here containing HJT logs over the last several months and have noted that Xobni shows in NONE of the HJT logs until you installed that CNET TechTracker on November 17th. So this …

Ok, have done some research here, it appears your friend has installed the Verizon Security Suite. This is a PAID program from Verizon but has a 30 day free trial. You are going to have to find out if your friend PAID for the Suite or only installed the trial, and when. If the 30 days are up then it needs to be uninstalled. If your friend is paying for it then costs vary from $5.99 per month to $15.97 per month, depending on which version of the Security Suite is installed. Unless your friend has more than three computers I am presuming it is the $5.99 suite IF your friend is paying for it. The Uninstall List doesn't say if it is the paid version or the 30 day trial version, only says that it is installed. The Verizon Security Suite has an anti-virus program (Authentium Antivirus), an anti-spy program and a firewall.
IF your friend is paying monthly for this then the Avast anti-virus program needs to go as it isn't needed and more than on av program is a no-no. So before we go further you need to find this out.

Check the Time and Date on your computer and be sure that it is correct.
Also check out this page for other steps to try:
http://support.microsoft.com/?scid=kb%3Ben-us%3B813444&x=9&y=15

Yeh I had webtrust installed b4 I deleted my bloody profile. It's not always accurate I just want you to know.

I have absolutely no idea what program you are talking about but the add-on I am talking about ISN'T something called webtrust (I have never heard of that) it is Web Of Trust W.O.T. there is NO profile required for Web Of Trust, there is no registration, nothing, it is simply a browser add on that warns you before you interact with a risky website, period. It doesn't stop you from going there, it just tells you if the site is risky, you can read the reasons why on the scorecard for the website and make your own decision to go there or not.

Click Tale got on there & they have a great program. I told them about it & they were shocked.

If you mean this web site http://www.clicktale.com/, why would they be shocked or concerned, their web site gets a favorable rating.

I saw that Xobni & didn't know what that was either although it looks interesting, but I don't use Outlook anymore, so why would I install it?

I don't know Why you would install it, I frankly don't care, but it can't install itself. I don't care who installed something, you asked the question and I am giving you the answer according to your logs. I didn't say this Xobini program was a bad program I am just telling you what …

TeaTimer is a portion of Spybot S & D that runs all the time and watches for changes in the registry, which may be ok in some instances but it can also interfere with fixes needed to be completed by your anti-virus program or some other malware removal program, because it won't allow those fixes to take place. It really is more trouble than it is worth as far as I am concerned.
UNINSTALL that BitTorrent program via Add/Remove don't just delete it.

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

I NEVER installed this candy software.

Well, it may have come in with something else, not sure.
Take a look at these entries from your combofix log...

2009-11-17 18:58 . 2009-11-17 18:58 -------- d-----w- c:\program files\Xobni
2009-11-17 18:57 . 2009-11-17 18:57 5021168 ----a-w- c:\documents and settings\Michelle\Application Data\OpenCandy\Xobni_OC16.exe
2009-11-17 18:57 . 2009-11-17 18:57 -------- d-----w- c:\documents and settings\Michelle\Application Data\OpenCandy
2009-11-17 18:57 . 2009-11-17 18:57 100113 ----a-w- c:\documents and settings\Michelle\Application Data\CBS Interactive\CNET TechTracker\uninst.exe
2009-11-17 18:57 . 2009-11-17 18:57 -------- d-----w- c:\documents and settings\Michelle\Application Data\CBS Interactive

There is where the OpenCandy shows...all four of those items were run at exactly the same time...if those are all new then it is one of the other programs running at the same time I believe...either Xobni or that CBS Interactive. I may be wrong but none of those show any other time in the log.

What site should I be using to investigate a software's reputation b4 DLing it?

google is your best bet. Look for Reviews from legitimate PC sites...
Also, Install Web Of Trust which is a browser add-on for both IE and Firefox which gives information about the website you are visiting. If you are considering installing a new piece of software go to their OWN web site to get it. If the "parent" website itself gets a bad rating from Web Of Trust then DON'T download the software from ANYWHERE. If their own web site gets a bad rating then don't trust the program …

Java on this machine is WAY out of date. Do the following, go HERE and download the Offline Install and save it to the desk top.
Next do the following, go to Add/Remove and UNINSTALL the following programs:

Authentium AntiVirus SDK - 2 (I don't see this running in the log but the computer has Avast running and should only have ONE anti-virus program so this should go)
DesktopFun Toolbar
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
If you are required to reboot during ANY of the installs please do so and continue forward with the rest of them. After all those Uninstalls are complete then go to that Java Install file on the desktop and install the newest version. Keep an eye out during the install, occasionally these java installs add an extra toolbar or something...take the check mark out of the box next to it if you are offered something extra and continue on with the install. Once it is complete go back to that download page and on the right side is Verify Now, click that to go to the verification page to assure the install was successful.
When all that is complete come back here and let me know how things are running.
Judy

Run HJT again and place a check mark next to the following entries:
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 antiviraprof2009.microsoft.com
O1 - Hosts: 91.212.127.227 antiviraprof2009.com
O1 - Hosts: 91.212.127.227 www.antiviraprof2009.com
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
When you have placed the check marks then click the Fix Checked button.
Exit HJT
Reboot and run a new HJT scan and post the log.
There are several programs which definitely need to be Uninstalled, I will give you those once you do the newest HJT scan.
Judy

Welcome to daniweb, we need a bit more information. What version of Firefox are you using? Not sure what you mean by "typing on it's own". Typing where? What is it typing? Do you mean you can actually read words that it is typing?
I have heard of a browser opening multiple tabs but have never heard of a browser "typing". A keyboard must be used for typing, is your keyboard working properly?
What operating system are you using? What anti-virus program? Have you done any of the recommended scans? If so, please post those logs.
If you have not then begin with these two,

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot …

Turn off TeaTimer from Spybot and get rid of the BitTorrent program.

We need to see the logs from ALL of the programs that you ran.
There ARE MULTIPLE infections showing in that HJT log by the way.

No, the computer would not be clean yet since there was No action taken. on any of the items found. Update MBA-M again and run a Full Scan with it, please this time have it REMOVE items found.
Look for the ESET log at C:\Program Files\EsetOnlineScanner\log.txt anything found by it should also be fixed. If you didn't do any fixing with it and things were found then run it again and fix them.
Reboot the computer after doing each of the above.
Then run a Full Scan with HiJackThis and save the log. Post back with all those logs.
Judy

I just bought and installed the Norton Antivirus last night if I remove it will I be able to install it again?

Absolutely. But you MUST UNINSTALL all three of those first, and the Norton should be uninstalled also, just to be certain that it IS installed correctly.

Uninstall all of those as directed, then do the online ESET scan, that way you won't have to worry about having to turn off the Norton, since that is required when running the ESET scan. Also do the MBA-M scan and remove all found also. Reboot after each one of those. THEN reinstall your Norton program, update it and then do a Full Scan with it and remove/quarantine or fix whatever is found.
Then do the HJT scan. Post back with the MBA-M, the ESET and the new HJT logs.

Hi,
One glaring problem I note in the logs is that you are running portions of multiple anti-virus programs. I see Trend Micro PC-cillin Internet Security 12, McAfee Security Scan, Norton AntiVirus which is a BIG no-no. This means that NONE of them will work correctly even though loaded. They will fight against each other and as you have seen, offer no protection at all, or very little at best.
My advice would be UNINSTALL them ALL via Add/Remove. Follow all prompts EXACTLY. Once you have uninstalled them then also go HERE and download and run the Removal Tool for each one to be certain that ALL remaining files are gone.
If you have paid for a new version of one of them, and have the install disk OR the license code for the download of the new version then use that. If you have not done this, and all three of those programs are PAID programs so you must pay for them in order for them to work, then go with ONE of these FREE programs, both are excellent. Either Avira or Avast.
Once you have the new anti-virus program installed and UPDATED then run a full scan with it and have it Fix/Quarantine or Remove whatever is found.

You did not allow MBA-M to fix any of the items found. Please UPDATE it again, run another Full System Scan and then when you are shown what was …

You can download and run the Norton Removal Tool from HERE
Scroll through the list of tools, they are in alphabetical order. Just download, run the file and click a button to proceed with the uninstallation.

can u teach me, how to run this log exe downloader???

Not certain what you are talking about. The MBA-M program? Instructions are noted. Otherwise you wouldn't want to run the actual log.exe downloader, that is a trojan and would damage the computer.

First thing I note is that you have continued to add new programs even though the computer is not cleaned. If you really want your computer cleaned you need to stop adding software unless directed to do so. Installing new software is never a good idea on a dirty machine, especially OpenCandy whose very own website is listed by Web Of Trust as having a very poor reputation. The program is noted on many links given by a simple google search as spyware, adware, malware, here is just one example

Please do the following:
Open HijackThis and choose Misc. Tools. When that opens choose Uninstall Manager button.
Then click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into a reply

I don't see a LOP infection in the log. How do you know that is what the problems is?
I would need to see MBA-M log and other logs if possible before making other recommendations

Let's work on one item at a time.
Windows Media player: If you are running Media Player 11 on Windows Server 2003 there is a chance that it is not compatible with the operating system. It must be installed a specific way in order for it to work properly and it often times doesn't work even then.
Here are instructions for that installation:
http://www.msblog.org/2006/12/17/install-windows-media-player-11-on-windows-server-2003/

Now another solution given in most places is to go with an older version of Media Player, from the suggestions I have found it seems that version 9 is the one you would want.
http://www.microsoft.com/windows/windowsmedia/player/9series/

This also "could" be the problem with Movie Maker also. The version you have may not be compatible with your operating system IF you were formerly able to use it, did an update and now cannot.

:) Hi again,
I ran that diologe(regsvr32 %windir%\system32\qdv.dll) it did say suceeded but when I opened windows media player.. it gave me a not registered messege. The version is 5.2

For the media player I went to the: control panel > Sound and Audio Devices > Harware (tab) and checked down the list. They all say:
Device status: This device is working properly

Or do I need to check a different area?
Thanks a whole bunch! :D

That was not for Media Player it was for Movie Maker.
Your Windows Media Player is way out of date. Try updating it and see if that helps.
http://www.microsoft.com/windows/windowsmedia/download/AllDownloads.aspx

Hi, welcome to daniweb;
Why did you run HiJackThis? This isn't a cleaning program but for use when the computer exhibits signs of infections. What problems are you having?
Two glaring things I notice in the log is that you are not using an anti-virus program and you are not using a firewall absolute MUSTS today.
Judy

Think it is time for a big gun.
Do the following:

The first thing you should do is print out this guide, as we will close all the open windows and programs, including your web browser, before starting the ComboFix program.
Download ComboFix
Click on the Save button, and when it asks you where to save it, make sure you save it directly to your Windows Desktop. It MUST be saved there. DO NOT RUN it YET

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Windows may issue a prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
ComboFix is now preparing to run and when it has finished you will see the Disclaimer screen you should press the number 1 key and then press the enter key to continue.
ComboFix …

You asked about Kazaa. It is a P2P File sharing program, has to be installed by the user of the computer, if you didn't do it then somebody else with access to your computer did so. P2P is really a very dangerous practice and one that we don't condone here at all. One key reason is the ease of infections coming in with shared files, the other is the illegality of the majority of it. Sharing files with some unknown person in order to get something FREE which normally must be paid for is a violation of copyright laws.

You ran MBA-M in Safe Mode. Couldn't you run it in Normal Mode? MBA-M is meant to be run in Normal mode unless it is impossible to do so. Running it in Safe Mode doesn't allow it to load all of it's drivers so even the Full Scan in safe mode isn't complete.
Please Update it again and this time run the Full Scan in Normal Mode.
Remove what it finds and then reboot. Run a new HJT scan and post back with both logs.

I do need a new HJT log. What makes you think Anti-Vir isn't working? The last item found was a Trojan. Normally anti-virus programs are not geared to protect against Trojans, viruses yes, Trojans no. They WILL catch them occasionally in a scan but this is why it is always recommended to use more than one program for scanning at all times. Personally, I have used Anti-vir for over two years, I use MBA-M for my other scanner program. You need a firewall to help protect against Trojans and other malware along with proper browser settings and SpywareBlaster, a MUST have protection program, and it is FREE.
Judy

The only reason the Windows Genuine Advantage tool would be attempting to install, I think, would be if it failed to install the last time. This could be the fault of your McAfee because it blocked the tool.
If this is telling you at boot time it needs to install then that is probably the case and you should allow it to install. There are many updates which require a reboot in order for the update to be fully installed.

I have to see that MBA-M log before offering other advice. Also do a Full Scan with HiJackThis, save the log and post it here along with the MBA-M log.
Judy

We can get that "nag" to stop easily. Do the ESET scan and post back this that log and a new HJT and I can then better tell you what you need to do.
Judy

When the Windows Genuine tool pops up what is it telling you?

I would recommend that you run at least one online scan to be certain that the computer is clean, the
ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log.

Removing those Host Files was just step one really. You never stated WHAT problems you were having, just submitted the log.
What is the reason you want to remove the Windows Genuine Advantage validation tool?

Ok, let's try this a different way, maybe be able to figure out if this is a false positive or not.
Go to http://virusscan.jotti.org/en
There you and upload each of these files singly and allow them to be scanned by 20+ different scanners and see if they come up with the same findings.
It is very simple to do. You will enter the name of each on in the window you see there and have it scanned. You will be presented with a report on each one. Come back here with those reports. These are the files you need to upload:

E:\E-mails\HackersSpammers.dbx
E:\E-mails\Inbox.dbx
E:\E-mails\Poly_amory Yahoo Group.dbx

Don't give up, we will get this "licked" yet!
Judy

EDIT: for now don't worry about the defragging. For one thing, you can see it obviously had no affect on speeding the computer. That is minor at this time but we will discuss it once we get the computer cleaned up.

I am a bit confused here. You say you don't have a different hard drive. But these infected files show clearly as being on a different drive that where your operating system is located, which is "C" drive. The Folder is found on "E" drive, meaning the drive is on your computer. Is this a flash drive or something like that?
What IS "E" drive?
Open My Computer and see how many drives are listed. The infected folder is on "E" drive and it is named E-mails.
You also still have an IObit program on the computer, I thought you said you removed it. It clearly shows as running when the HJT scan was done:C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
There is absolutely no reason a defrag program should be running all the time on the computer. As noted before the IObit programs are really VERY questionable...ALL of them.

The scan is not going to tell you the subject line of the email or who it was from. It is only going to tell you what the infection is.
Here they are again as shown in that ESET scan. It is quite possible the entire FOLDER shown is infected. I know I wouldn't want to take the chance.

E:\E-mails\HackersSpammers.dbx Win32/Badtrans.29020.A worm unable to clean
E:\E-mails\Inbox.dbx Win32/Bagle.J worm unable to clean
E:\E-mails\Poly_amory Yahoo Group.dbxWin32/Klez.J worm unable to clean

ALL of those infections found are particularly nasty.

Try updating and running a scan on "E" …

You most definitely have malware on the computer.
Run HiJackThis again and put check marks next to the following entries;
O1 - Hosts: 91.212.127.227 winsecurepro2009.microsoft.com
O1 - Hosts: 91.212.127.227 winsecurepro2009.com
O1 - Hosts: 91.212.127.227 www.winsecurepro2009.com

Once you have placed the check marks click the Fix Checked button. Exit HJT.

Reboot the computer.

Update your MBA-M program and run a Full Scan with it.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.

Reboot the computer
Run a NEW HJT scan and save the log. Post back here with the MBA-M log and the HJT log.
Judy

does that mean its okay or that i got it from downloading malware bytes?

a squared cleaner also found this, ID Object
0 C:\Users\Chris4433\Downloads\SetupCasino.exe__en.exe Trojan.OnlineBank!IK

which i quarantined

can someone help me out please

That C:\Windows\system32\drivers\mbamswissarmy.sys is a NORMAL file from MBA-M, not a rootkit it is the
MalwareBytes 'Anti-Malware system driver file and in no way a threat to your system. You must have incorrectly uninstalled MBA-M. Since the rest of the program couldn't be found it is in all likelyhood why AVG flagged the file.
It would really help if we could see some logs here otherwise this is like trying to walk through an unknown building in the dark, we don't know what to look for or why we keep hitting walls.
The file found by aSquared

C:\Users\Chris4433\Downloads\SetupCasino.exe__en.exe Trojan.OnlineBank!IK

was downloaded by somebody using the computer.

Sorry crunchie, didn't see you there :icon_redface:

You left the wordwrap on for your HJT log. Can you post it again with wordwrap off? It is very difficult, if not impossible, to read.
Is the E drive an internal or external drive used for storage maybe?
All of the infected items found by the ESET scanner are in the same folder on this drive:
E:\E-mails\

Since you had infections it is possible these two applications were damaged. What versions of each do you have on the computer?

For Movie Maker you might try this:
Start -> Run dialog (copy paste and press OK)

regsvr32 %windir%\system32\qdv.dll

You should get a "DllRegisterServer succeeded..." message.

Then see if it works.

For the Media Player error, it is possible there is a problem with your sound card. Go to Device Manager and see if there is an error showing there with your Audio Card.

If their very own website is any indication then I wouldn't trust it. Their very own website gets a Warning! This site has a poor reputation. from WOT and the program itself receives a Rogue warning on Web Of Trust.
Editor's choice from whom?

Sounds like you got a really bad case of Mal-Ware. The goods news is that most of it is fairly easy to remove. First of all, I want you to download two programs:

Malwarebytes Anti-Malware........

Now once both these programs are installed and updated restart your computer but keep hitting the 'F8' key. A menu system should pop up. Select 'Safe Mode.'

Run Malwarebytes Anti-Virus first and then a-squared free. It should find a TON of random malicious programs. Remove them with the program and then restart your computer.

Safe mode doesn't let MBAM load all it's drivers which are often necessary for the best detection and removal results. MBAM works in safe mode but is crippled, so if at all possible it should be used in normal mode in an admin account.
MBAM is designed to work in normal mode. It's simply most effective when run this way. Other tools like Spybot Search & Destroy work pretty much the same in normal mode vs safe mode, but MBAM does not and that's the most important thing to remember. Nothing bars you from using it in safe mode, but the results just probably won't be as good as they would if run from normal mode.

Originally Posted by gad10=had a while back before these problems started spilled oil onto the keyboard around the "s" key which is what I thought might have been causing the problem....and laptop makes booting noises (whatever that is).

gad10 your problem "might" be malware …

Yea I noticed that but previous scans are irrelevant if you didn't update MBa-m or ensure all other AV programs were disabled. I noticed the scan you ran yesterday was severely outdated even. But it looks like Judy got you taken care of.

Yes RipperZ things are proceeding well I think. The poster posted that older MBA-M scan because we requested the original log. If you note other scans have now been run and all were up to date. By the way, there is no need to turn off anti-virus programs when running MBA-M if that was what you were talking about when you said the av hadn't been turned off. As for the online scans some require they be turned off and others do not, depends on the scan. If they require they be turned off the user will get a warning to do so and also some scans just won't run if the onboard av is enabled, so they usually know this.

Now I am just waiting for that final HJT scan to be run before giving final instructions.

You didn't have MBA-M fix the items found. Update it again, run another Full Scan and have it remove whatever is found.
Reboot, then do the following:
Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

Reboot.
Run a new HJT scan and save the log. Please be certain that wordwrap is NOT on.
Post back with all three logs.

Run HiJackThis again and place check marks next to the following entries:
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [Pqisokoxevokoxa] rundll32.exe "C:\WINDOWS\jgntesy.dll",Startup
Once you have placed the check marks then click the Fix Checked button. Exit HJT and reboot.
Run a new HJT scan and post the log here.
Are you problems with Movie Maker and Media Player still happening?
Judy

Happy to help.
Judy

Really happy to have helped. I am marking this one as solved. If you see the problems are not corrected just come back and ask for the thread to be reopened.
Judy

u didnt say anything about the image i posted why did that come up?

Sorry, Vista wouldn't allow write access to the Host File and if fixes with HJT had been needed you would have had to do it manually. No need to worry about that.
Your logs look good to me. Is everything working ok? If so you can uninstall HJT. If you would ever need it again a new copy should be used.
Judy

The program starts and prompts to update the version. I click no and then it tells me to stop my virus scan software, which I can't and then runs like normal.

The uninstall only works if you installed it directly onto your desktop which I assume you did. You can try manually to just delete the file from your desktop.
The combofix quarantine files are normally found in C:\Qoobox, and you can manually delete those.
It isn't going to hurt anything if it remains but don't ever use it again. If you would ever be directed to use it again then you would have to remove it.

When you said the program begins to run, do you get the Disclaimer Box? If so if you click No this hopefully should uninstall it.

I'll wait for that final scan then give the final clean up steps. Not hard or time consuming just a couple things that should be done.
Judy

no more adverts opening up any more :)
shall i still run MBA-M and HJT again then or not?

Yes, do both. We need to be certain everything is cleaned up. Then I will give you the final steps.
Judy

Looks pretty good. If you feel your problems are solved then you should do the following:
You should remove HiJackThis, you don't need it any more.
You also should uninstall combofix. It basically is a "one time" fix. If a person is told to use it again some other time then a new copy would be needed.

* Click START then RUN
* Now type Combofix /u in the runbox and click OK. The space between the combofix and the /u, it must be there.
When shown the disclaimer, Select "2"

You also need to set a new, clean Restore point.
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.

Judy

Looks pretty good. Update MBA-M and do one more Full Scan with it. Have it remove anything found.
Reboot the computer and do another HJT scan. Post back with both logs.
Are you still having the problems with IE 7 opening on it's own?
Judy

Give me one more HiJackThis scan and then I will give you the Final Steps...very simple.
Judy