Posts by jholland1964

I don't see anything in the log which would give an indication of slowness. Have you done a general clean up...temp files, cookies, etc.?
One thing showing that shouldn't be there is MBA-M install program set to auto start. This should only have run once and not at start up. It should only run when you update and scan with it. Occasionally you will find it has found a file which has to be removed when the computer reboots, if that is shown then you should reboot immediately.
What is this ChryslerLarc program? Shows in auto starts and also in Services but with a missing file.

Two things for sure I would get rid of, Spyware Terminator, not highly recommended really. Malwarebytes' is a much better program, updates sometimes multiplte times a day and pretty much the Top of the Line today. Use the Quick Scan option at least a couple times a week, always updating first. Then if the Quick Scan finds something then remove it of course, update the program and do an immediate Full Scan. This way you can be sure whatever it was on there didn't bring along some hidden friends.

Also get rid of AdAware. It just isn't what it used to be. For one thing there is no reason under the sun an AdAware scan should take 4 hours, that alone would do it for me.
Add SpywareBlaster. A FREE, MUST have program. Great thing about it is it doesn't run in the background but it blocks, tracking cookies, unwanted activex installs and has a great Restricted Sites portion so you cannot stumble in some place you don't want to be.
Download it, install, update and Enable All Protection. Close it.
Check manually for updates weekly and enable all protection again when new updates have been downloaded.

Now you need to uninstall, in addition to the Spyware Terminator and AdAware, AskBar. This is looked upon by most sites as adware because if often is installed without your permission and can bring in some things you really don't want. Look in Add/Remove and see …

Look, what other conclusion should people come to? The main reason this is SO maddening is that we deal with people daily who come in with poorly updated computers, badly infected computers, kids, older people who have no clue as to why their computers are infected, not working, working slowly, etc. and who are just plain amateurs, they maybe have an excuse. But for somebody who has the knowledge you have to go online with a non-updated, totally unprotected computer and then doubt or refuse any suggestion given here, there is just no excuse. I am sorry.

People come here quite often to learn, and they do learn, they have told us so. I hope and pray others HAVE learned from this action you have done and will learn they should NEVER, EVER go online without adequately protecting their computers and the valuable programs they may have on them.

It's important to me that you understand that assumptions, however derived, can be wrong.

They certainly can.

I'm almost 60, and began computer work (programming), well before IBM-PCs were developed. Cobol, Fortran, Assembler Language, data punch cards!, mainframes, IBM-360s.

By this, I MAY be wrong but I get the "feeling" that you think I am a "kid" or somebody who knows nothing of these old systems...I am 63 years old. And yes I do know of these systems, I have done some minimal work on a few of them also. No I am not a programmer, never claimed to …

I have Desktop(installed XP Professional) with no internet connection.Which anti virus i installed i download it's updated virus database and update it.Peronally i use AVAST 4.8 HOME Edition.Yesterday i installed Avast then Malwarebyte's Anti-Malware and then Spyware Teminator then Threat Fire.

When i scanned using Avast it found Malware win32 virus.
I am confused After installing Avast Home Edition which can detect malware so why iam going to install Malwarebyte's Anti-Malware
If No then Any need to install S/W like Spyware Teminator or Spyware Doctor and Threat fire thereafrer ?

First of all, how did you get a virus on the computer if it has not internet hook up?
Because none of the programs look for the same things. All are specialized as to what they can look for and what they can remove.
Personally, if it were MY computer, I would get rid of Spyware Terminator, it never ranks with the best. The VERY best at this time is Malwarebytes' Anti-malware. Avast is an EXCELLENT anti-virus program. Spybot is also excellent.
Add to the list of MUST HAVES, SpywareBlaster. It is superb in its ability to block bad items BEFORE they get onto the computer. No, it is not a firewall. It is a specialized program that, when installed, updated and enabled and then CLOSED, will protect the computer from unwanted active x programs, tracking cookies and the like AND it has an excellent Restricted Sites portion which will stop the user …

Just posting the log, while it may reveal "something" tells us nothing about what problems you are having and WHEN? We need more than just

Please see all the details from hijackthis:

We don't KNOW the other necessary details unless you tell us.

Whew! For one thing this computer has so many toolbars installed I don't know how the user even sees the webpages she visits! I see at least 15 toolbars, though I lost count several times, and as near as I can tell only 3 of them are NOT malware related, all the rest are. This doesn't count the various "browser helpers" which are meant to increase the functionality of the browser. Most of those on this computer are also malware related. No wonder MSN shuts down, it is being choked to death!

Is there a way we can work with the owner directly in this thread? It makes the work more difficult trying to work "second hand". If you can give her the address here, have her register and post directly in this thread, just have her identify herself as the owner of this infected computer.

Here are the first steps she should take if that isn't possible, though I do hope it is;

First, uninstall the My Web Search option from Add/Remove Programs

Find "My Web Search" in the list of installed programs and click on Change/Remove to uninstall it. You may also want to uninstall any of the following items associated with FunWebProducts.

* My Web Search (Smiley Central or FWP product as applicable)
* My Way Speedbar (Smiley Central or other FWP as applicable)
* My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
* My Way Speedbar …

I'm in mid-project with this system;

Well obviously the final choice has to be yours...but WHY are you even going online with this system? You have not explained that AT ALL.

As I said, the choice is yours but you say above, you are in mid-project with this system, yet you went online with a totally uprotected system and were infected. Thankfully your project was not damaged or ruined, THIS TIME. But it very well could have been and very, very easily. The trojans, rootkits, worms, etc., out there today can be injected into a protected system with just the simple click of the mouse and with some of these things today cleaning can be a total nightmare. On an unprotected system, frankly it would quite possibly be impossible. You can be thankful that what you had on the system evidently was fairly benign, many of the infections today are not. They are like a cancer, and especially on an unprotected, non-updated system they can eat the key system files up and spit them out, rendering the computer 100% unusable, along with anything else that happens to be on it, like big, important, long standing projects.

Now I have been giving this a lot of thought and finally I have come to these conclusions...

You are running XP just as it was when it was released 9 years ago...period, no updates, NOTHING and supposedly you are, from reading your posts, a video editor of some …

Frankly most require the use of IE...and to be very honest I would never risk going online with this computer but if you want to take a chance then Trend Micro House Call would be the one.

Ironic that it would be the first one to have gotten a nasty.

No it is NOT ironic. Note what you say about all the other machines....

I have at least a dozen other systems, all running with the required protections.

That is why THIS one got the infection and not the others it is not updated and totally unprotected and because of this it SHOULD NEVER go online, EVER. If it is never ever going online then no I would say forget doing anything else BUT...don't be transferring files from this computer to others either because IF there is remaining infection there would be a chance it could transfer to another computer via flash drive, cd, dvd, or just computer to computer if they are connected.
If transfers are done, the receiving computer should first SCAN whatever media is used for the transfer...DVD, CD, Flash Drive, whatever to be certain any files coming from this computer are not also carrying an infection with them.

Im having the same problem. Did you ever resolve???

dtapster, you need to begin your OWN thread. This thread you posted in is 3 years old.
We need more information on YOUR problem, what steps you have taken, what operating system, anti-virus, etc...AND if you note the original poster was running IE7 BETA version, this was a test version of IE7. IE7 has been out a very long time now. Are you having problems with IE7 or another version of IE?

Try Crunchie's suggestion

Consulted with Crunchie, System Restore is an option to try. One thing he said and I absolutely agree that update to XP SP1 at least, along with all security updates is an absolute must.

Not sure what to advise here, but if it were MY computer since there is definitely malware showing there and the fact that you are fairly certain this back up DVD you have used has infection on it I think I would wipe EVERYTHING and begin at the beginning only this time follow correct procedure, ME, XP Upgrade, XP Updates, All Driver updates and THEN install programs you want, but sorry to say, NOT using that infected DVD.
This way you will know the computer is clean and updated fully. Leaving that ME on there and just redoing XP doesn't assure that the infection also isn't there. I would hate to get clear to the end and find out that the system is fully infected and I have to start over again.
One of the main requirements for upgrading and then updating the newly upgraded system is absolute assurance the computer is fully clean and has NO infection anywhere. I cannot say positively there is or is not infection on there but I CAN say positively there IS malware showing in your HJT log.

You asked earlier about installing MBA-M in safe mode, this really isn't recommended unless there are absolutely no other options. Honestly don't know the reason for asking this, unless it wouldn't download. I is supposed to be run in NORMAL as that is the way the program is configured. In and "emergency" it can be run in safe mode but because of it's …

What you have attached is NOT an HJT scan, frankly I have no idea what it is.
Take a look at other posts to see what an HJT scan log should look like.
Be sure she has a copy of the correct program from HERE
She should do a Full System Scan and save the log. That is the first button when the program opens. The log will open in a Notepad. Save it and copy/paste it back here, do NOT attach it. We prefer not to open attached files from possibly infected computers.

Is this a FULL LEGAL copy of XP or is it an Upgrade?

As you see I have plenty of steps to do without putting back the programs on the computer.

Sorry, but this doesn't appear to be the case. You have installed XP but NOT updated it. You should FULLY update XP before putting anything else, including the printer on the computer but I see many programs running on the machine which have nothing to do with Windows, so this tells me you HAVE installed other programs...and you say so pretty much by saying this:

I made a s master dvd with all the programs and made it easier to put it all back on--There must be a virus on that disk.

In addition to the printer and all of it's software I see the following:
QuickTime
iTunes
Real Player
iPod (and all of it's software)
Southwest Airlines\Ding (whatever that is)
Nero Burning Software
Adobe Reader
and at least a portion of a Norton Anti-virus program.
NONE of those should be on the computer until the computer is fully updated to XP SP3. Then ALL drivers should be updated also.
AFTER the computer is Fully Up to Date THEN is when you would install additional programs and items like printers, iPods, burning software, etc.

If you KNOW this DVD is infected then throw it away. You shouldn't take a chance with it.
But one reason for easy infection is the fact that the os is not updated and therefore very …

Could the brevity of the HJThis post indicate a bug still lurking, covering its tracks?

Honestly, I don't know. I have never encountered a totally "non-updated" machine, don't know if that is even a word but you know what I mean. Could also be due to the fact this machine is essentially never online and what we normally see here are logs from machines that are online machines which do require more than one such as this one, I really cannot say. I am an amateur not a trained tech or anything like that, what little I know I learned from places like this forum and from the really knowledgeable techs from "way back" who were willing to sit on the phone with you for hours to help keep your computer running as it should...those days are gone now pretty much. I will ask Crunchie to take a look here and see what he thinks of all of this.
Do try the ESET scan and see if anything else shows and let us know.
Judy

Hey, I did this before posting into this forum.

Is IE uninstall and re install would help? not sure how to uninstall IE from Vista basic?

You cannot Uninstall IE, it is part of the operating system and will not uninstall. I believe you can roll back IE8 to IE7
To uninstall Internet Explorer 8, go to Control Panel, and click on Uninstall Programs link or Programs and Features icon. Then on Tasks pane on the left, click on View installed updates link. Locate and select Windows Internet Explorer 8 in the list of installed updates, and then click on Uninstall button. Click on Yes when asked that are you sure want to uninstall the update.

Also try starting IE WITHOUT Add-ins:
Click the Start button button, click All Programs, click Accessories, click System Tools, and then click Internet Explorer (No Add-ons).

Reset Internet Explorer settings

If disabling add-ons doesn't solve the problem, try resetting Internet Explorer back to its default settings. This removes all changes that have been made to Internet Explorer since it was installed, but it does not delete your favorites or feeds.

1. Close all Internet Explorer or Windows Explorer windows.
2. Open Internet Explorer by clicking the Start button, and then clicking Internet Explorer.
3. Click the Tools button, and then click Internet Options.
4. Click the Advanced tab, and then click Reset.
5. Click Reset.
6. When …

Go to your original thread I posted to you there.

Hi and welcome to daniweb,
Where in the world did the title for your thread come from? I seen nothing like that in your logs.
Your computer is woefully out of date. You have NO Windows XP updates showing at all, your java is also way, way out of date and you are showing NO antivirus program at all, nor a firewall.
Have you EVER updated this computer? If not then there are FOUR good reasons for an infection:
No Windows Updates, No Java Updates, No Anti-virus program, No Firewall
In fact the only current programs I see are the HiJackThis program and the Malwarebytes' Anti-malware program.
Are you certain this scan was run in normal mode? I know it says it was but it is extremely small.
From what I can see in the log I don't see anything else and if that is the case I have to say you are lucky. You have every door open for infection there and extremely BAD infections.
You should run the ESET Online scanner also. Have it fix whatever it finds and post back with the log.

Hi, Sorry we missed your other post. If you look around you'll see there are only two of us helping here much of the time, Crunchie and myself.
Is this the same computer we worked on earlier in this thread?
I am going to ask Crunchie to take a look here and see what he thinks.
Judy

Just wanted to check your geographic location before I had you fix something that wasn't needed...it wasn't. The logs look so-so...EXCEPT...you are not running an anti-virus program, nor do I see a firewall on the machine. These are ABSOLUTE MUSTS otherwise all this fixing is for absolutely nothing.
There are many good, FREE anti-virus programs and FREE firewalls out there;
Pick one of each, download, install, update, enable...AND USE THEM...
Avira Free Anti-virus

Avast Free Anti-virus

Online Armor Free Firewall

Comodo Free Firewall

then do a new HJT scan and post back here with that log.

If all is well you can mark this one solved.
Judy

Where are you located?

Hi and welcome to daniweb,
Please do the following:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Reboot the computer

Once you have rebooted download and run a Full Scan with HiJackThis, save the log.
Copy/paste back here with the MBA-M log and the HJT log.
Judy

Did you run the programs requested?
Where are the other logs requested? The MBA-M log and the ESET log?
Did you run the ATF-Cleaner? Now there are at least TRIPLE the number of temp files showing in the HJT log.
You have got to run these programs. You have MULTIPLE trojans on the computer along with at least one mass mailing worm, meaning EVERYBODY in your address book is highly at risk. You very likely are infecting other computers by not following through with these instructions.
This is what happens when people don't run anti-virus programs or firewalls on their computers.
You really need to find a way, not online, to inform all the people in your address book that it is very likely YOU have infected their computers and quite possibly now THEY are infecting others computers because of this mass mailing worm coming from YOUR computer. This worm sends emails with itself as an attachment to addresses found in the address book.
If you had an updated and fully anti-virus program on your computer this probably would not have happened.

We are at a REAL disadvantage here. You have done steps prior to coming here, we cannot see those logs, the info you have given me is basically incomplete. The two O16 items you say you removed were not necessarily infected files, both refer to the AMI Picture Viewer when just searching for the NAME of the file. But that is not all we use to research, we use the full entry from the log. You have no logs.
The infected files you say were created by the virus don't show in the combofix log at all, they should have shown there. Is this the only run of combofix you did?
You have not posted a MBA-M log.
I am very hesitant to offer any suggestions, what with the registry edits and various tools you have run.

We would prefer that you copy/paste logs, not upload them. By not having to open an attached file this protects the helper or others reading the post from possibly opening an infected file.
FYI,
Your infected O16 files are legitmate files and not infections.
Your Unknown O10 listing is also legitimate Microsoft Client Services for Netware

May I ask where you got the information on the various files you list?
Qoobox is NOT created by your virus, it is the quarantine file created by Combofix. Who told you to run Combofix? It was run incorrectly by the way.
Also created by Combofix: NIRCMD.exe
You obviously have run a multitude of programs and attempted registry fixes that we know nothing about or how or why you did them.
One reason fixes won't work is you are running Spybot TeaTimer which INTERFERES with fixes attempted on many items.
I would like to see the MBA-M log and also the log containing the O16 infected files you mention since the ones in the log you have attached are NOT infections.

Turn off or Uninstall that Counterspy program and try again with the MBA-M. Reboot the computer and see if you can get MBA-M to install. The install file IS showing in your Start Up programs.

Did you try Right Clicking the MBA-M program and choosing Run as Administrator?

Run HiJackThis and save the log and post it here.

Hi and welcome to daniweb, first of all the version of HJT you are using is several years out of date, UNINSTALL it and download the newest version.
Secondly, HJT should NOT be considered a "fixer" tool. While some fixes "may be" done at the end using it, it does NOT remove infections or trojans. It mainly is used to give somewhat of a snapshot of what may be running on a computer at any given time.
Please follow these instructions. Turn off that Trojan scanner, AdAware(this isn't going to remove a trojan or a virus), Registry Booster (better yet, uninstall that one, those types of programs are generally worthless), Game Booster, don't know what this is but isn't used for infection clean up anyway.
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log …

That is a direct link to the executable file. Don't you get a box like that shown in my attachment? You have to give it time to pop up, then click save and it will download to your desktop or where ever you tell it to save. Desktop is the easiest. All the download pages available are going to give you the same thing, the executable file.
Try here and here.
If that doesn't work then try CCleaner though it too is going to pop up the executable file.

Hi welcome to daniweb;
begin with this:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer

Next do this:
Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

Hi and welcome to daniweb. Can't really comment on the Autorun Eater program as I have never used it. Please turn it off for now.

You are running a several years out of date version of HiJackThis, you need to uninstall it and download the newest version from HERE

BEFORE you run HiJackThis again you need to do the following:
You are NOT running an anti-virus program, at least there is none showing in your log. This is a MUST.
Two of the best available are FREE. Pick ONE, download, install, update and run a FULL scan with it. Fix/remove or Quarantine EVERYTHING it finds.

Avira Free

OR

Avast

Download ATF-Cleaner.exe by Atribune(Windows XP, 2K, 2003 & Vista ONLY)

• You can put ATF-Cleaner on your Desktop for easy access.
RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.

SORRY, lost my connection here before I could edit my post, what I meant was run a new HJT scan and post the log.

Now run MBA-M

Just saying "ole illegal operation for just about everything" doesn't really tell us much. Can you give us some of the exact messages including the files noted in these illegal operation warnings?

Do you have the system disks for the computer?

Have you run scandisk to check for errors?

What is the hard drive size and how much space is remaining? How much RAM is installed?

[QUOTE]I have tried to remove the registry entry of
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)[/QUOTE]
Nothing wrong with this entry:
[B]NCO 2.0 IE BHO[/B]>Norton Confidential" online identity theft protection, now incorporated into other Norton products

You might try this fix I found at another forum:
Control Panel>Network & Internet>Internet Options>Advanced>,security settings
UNCHECK
these 3 boxes:

• check for publisher's certificate revocations
• check for server certificate revocations
• enable intergrated Windows authentication

try noobkiller which is searcheable on google.

I would advise against this. The program is flagged as malware at some sites. Go with conventional programs and those most commonly recommended here and most other well known and reputable computer help sites.

Do NOT use combofix unless you are given instructions on it's use.

Please do the following:
Please Download ATF-Cleaner.exe by Atribune(Windows XP, 2K, 2003 & Vista ONLY)

• You can put ATF-Cleaner on your Desktop for easy access.
RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > …

You have multiple trojans on the system for certain and that is what can be seen on the log, there are likely other infections not shown. But I also see you are NOT running ANY protection programs whatsoever, which is why you have a very badly infected computer.

Please do these steps EXACTLY:
Please Download ATF-Cleaner.exe by Atribune(Windows XP, 2K, 2003 & Vista ONLY)

• You can put ATF-Cleaner on your Desktop for easy access.
RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.
Click Exit on the Main menu to close the program.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, …

I recommended removing it because many times this is indicative of browser hijacking. If you personally have set this yourself leave it alone.

For now don't worry about the ESET scanner, I may have you try another. For now post the MBA-M log so maybe I can see what we are working on here.
Judy

Do as crunchie said and re-enable your start up for your digital camera if you want it to auto run. It can be run manually of course but no problem if you prefer it autorun.

Now run HJT again and put a check mark next to this one;

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

Then click the Fix Checked button and Exit HJT.

Your Java is way out of date so you do need to update that.
First go HERE and download the offline install and save it to the desktop.
Once that has downloaded close ALL browsers and go to Add/Remove and UNINSTALL ALL old versions of Java you find there.
Once the uninstalls are finished then double click that new java install icon on the desktop to install the newest version. Once the new install is complete go back to the download page and on the right side you will see Verify Now. Click that to go to the verification page to verify that the install was successful.

You should remove HiJackThis, you don't need it any more.

You also should uninstall combofix. It basically is a "one time" fix. If a person is told to use it again some other time then a new copy would be needed.

* Click START then RUN
* Now type Combofix /u in the runbox and click OK. The space between the combofix and the /u, it …

BTW Trend keeps finding the virus in the SYSTEM VOLUME\Restore files

We will take care of that shortly. It isn't a problem.
I am going through your logs and will get back with you ASAP.
How is the computer working now? Other than the finding by Trend are you having other problems?

Please give me a new HJT scan.

jholland1964
thanks for your help but i get stuck on the second step malwarebytes installed but it wont open i doubl click and the user account control comes up but nothing happens afterwards

Since I don't run Vista I am not certain what the problem is. Are you running as Administrator?

Download ComboFix, You will get a prompt asking if you want to run or save the file. Choose SAVE and save it to the desk top. DO NOT RUN it YET

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Windows may issue a prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
ComboFix is now preparing to run and when it has finished you will see the Disclaimer screen you should press the number 1 key and then press the enter key to continue.
ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry.
Once the Windows Registry has finished being backed up, …

Run HJT again and place check marks next to the following:
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.121.97.18 mininova.org
O1 - Hosts: 91.121.97.18 www.mininova.org
O1 - Hosts: 91.121.97.18 www.thepiratebay.org
O1 - Hosts: 91.121.97.18 demonoid.com
O1 - Hosts: 91.121.97.18 www.demonoid.com

When you have placed those check marks click the Fix Checked button.
Exit HJT and Reboot.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.

Next Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* …

I didn't miss anything in your post. What does that have to do with what I asked you to do?
You will find the log Malwarebytes' Anti-Malware > Logs > log-date.txt.