Posts by jholland1964

Well you are showing infections. Evidence also of P2P file sharing which is an especially easy way to infect a computer, especially one not running an anti-virus program.
I hate to begin clean up this way but see no other option. Have not seen a log look like this with all these odd O1 entries.

Run HJT again and place a check mark next to all of the following entries;

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
O1 - Hosts: "http://www.w3.org/TR/html4/loose.dtd">
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <script LANGUAGE="JavaScript">
O1 - Hosts: <!--
O1 - Hosts: if (window != top)
O1 - Hosts: top.location.href = location.href;
O1 - Hosts: // -->
O1 - Hosts: </script>
O1 - Hosts: <title>Site Unavailable</title>
O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
O1 - Hosts: <style type="text/css">
O1 - Hosts: body{text-align:center;}
O1 - Hosts: .geohead {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;width:750px;margin:10px 0 10px 0;height:35px;}
O1 - Hosts: .geohead #geologo {width:270px;display:block; float:left; }
O1 - Hosts: .geohead #rightside {width:480px;display:block; float:right;border-bottom:1px solid #999999; height:27px;}
O1 - Hosts: .geohead #rightside #welcome {width:50%;display:block; float:left; text-align:left;}
O1 - Hosts: .geohead #rightside #wlinks {width:50%;display:block; float:right; text-align:right;}
O1 - Hosts: .ftr { margin:0px; color:#404040; font:x-small Arial,sans-serif; text-align:center; width:750px;}
O1 - Hosts: .bodywrap{display:block;height:470px;}
O1 - Hosts: .bodycnt{width:510px; display:block; float:left; background-color:#EEE9F5; height:auto; text-align:left; font-family:Arial, Helvetica, sans-serif;font-size:13px; color:#000000; padding:20px 20px 35px 20px;}
O1 - Hosts: .title { font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:24px; color:#7C56A9}
O1 - …

Looks better BUT....you are running two anti-virus programs AVG8 and Symantec/Norton. Both are showing as running in your log and this is an absolute No-No. The rule is ONE anti-virus program on a system. You must uninstall one of these. Choice is yours but one absolutely must go. You also must do this via Add/Remove and then UNINSTALL. You never just delete a program.
Judy

Hi and welcome to daniweb. What problems are you having? We need to know that before offering any suggestions.
You are not running an anti-virus program or at least none shows as running in your log.
Your log does show multiple infections but can you please let us know more about the problems you are having so we know which suggestions to make.
Judy

Hi Tracey33 and welcome to daniweb. Yes you are in the right place. Your log shows at least one Trojan, maybe more. Please do the following;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.

Run a new HJT scan and post back here with both the MBA-M log and the new HJT log.
Judy

I was wondering about this entry O2 - BHO: WormRadar.com IESiteBlocker.NavFilter
im not sure if it was there previously looks odd Thanks

That is part of your AVG8 Anti-virus program.
Judy

Never seen any ads for that on any site, especially here. Sounds like you have malware on your computer. Follow the steps given HERE except using DSS scanner as it is no longer available. Substitute instead with a finish with HiJackThis.
Before you download HJT create a new folder on the desktop and name it HJT. Then download HJT to that folder.
Especially be certain you use ATF-Cleaner before you begin running all the steps and be sure to install, update and run Malwarebytes' Anti-Malware and let it fix all it finds. Finish up with a Full System scan with HJT.
Post back here with all requested logs and we will see if other steps are required.
Judy

How did you get sdfix if you couldn't download anything?

Have you tried Safe Mode with Networking? This would load the minimal processes required but should allow you to download, install and update.

By the way, these listings
C:\Documents and Settings\ParkerM\Desktop\****you.exe
C:\Documents and Settings\ParkerM\Desktop\eatthis.exe
indicate the programs are running, can you use task manager and turn end their processes?
Judy

Looks pretty good. How are things working?
If you feel all is solved you can mark this thread solved, unless there is something else.
Judy

Turn off uTorrent and Turn off Spybot TeaTimer, Windows Defender. Leave them off.
Delete the MBA-M that you downloaded and try downloading it again. Try HERE or HERE

Save it to the desktop. Close ALL unnecessary programs, including those noted above plus all browsers, mail programs, IM programs, games, etc.
Then try to install and see what happens. If you get it to install then please update it and then run a Full System scan.
Once it is complete it will show you a list of items found. Be sure everything is checked and click REMOVE SELECTED.
Save the log and Reboot the computer.
Post back with the log.
Judy

Things look much better. You said that you "deleted" Spybot. I hope you mean you UNINSTALLED it. You just don't delete a program, unless it is a stand alone program. Spybot is one which actually comes with an installer and therefore must actually be UNINSTALLED.
Spybot is really an excellent program, just the TeaTimer portion causes problems. There is the option NOT to run TeaTimer as I noted in my previous instructions to you. Be sure to check Add/Remove and see if Spybot is listed there, if so then click Remove. If it is NOT listed there check in Start, All Programs to see if it is there. There IS an Uninstall option in there if you find it there. If it is not listed there then go to C:\Program Files\Spybot - Search & Destroy\
If you find that file there click on it to open it and see if Uninstall is listed there. If not just Delete the Spybot - Search & Destroy folder.

Go to SunJava Downloads
download the Offline Install for the latest version of java, yours is WAY out of date.
Save it to your Desktop so that you can find it easily.
Then go to Add/Remove and Uninstall ALL the old version of java showing there.
After Uninstalling all old versions then close all browsers and double click that Java install residing on your desktop to install the newest version of Java.
Once the install …

Use the services tab and make them Manual.

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

This is a legal file it is Client Service for NetWare

Run HJT again and place check marks next to the following entries;

R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll

These items are flagged for the following reason:

Freecorder Toolbar - a Conduit/EffectiveBrand "Free Community" toolbar - modifies the default IE SearchHook. Some Conduit toolbars are reputed to have a certain adware/trackware functionality.

Once check marks are placed click the Fix Checked button.
Exit HJT.
Reboot and run a new HJT scan and post back with that log.
Judy

Glad things are good. Thanks for the kind words about our forum.
Judy

Here are the programs you should NOT run at the moment; ComboFix, Registry Mechanic. (we rarely IF EVER recommend the use of registry fixers or cleaners, they can do more damage than they are worth) The registry is part of the computer that it is best to steer clear of unless you know absolutely, without a doubt, what you are doing.
ComboFix is also a program which NEVER should be run without being directed to do so by the helper you are working with as it is a very powerful program and is used for very specific reasons, NOT for all infections and most definitely NOT for general clean up.

As you have said, WinSockFix was a mistake. This too is a tool recommended for only specific problems and should not be run unless directed to do so.

These are the reasons we use specific steps to begin cleaning. Experimentation with various programs can lead to problems like you are having if the incorrect programs are run.
What operating system are you running? Do you have restore disks that came with the computer?
You say you have tried running with minimal start ups, did you do this by running in Safe Mode or did you just disable items via msconfig? If that was what you did then turn everything back on.

AdAware could not create a system restore point

Unless this is a new feature I don't believe it does this.
Do you have …

There wasn't a log file for ESET...I seem to have a lot of processes running and I'm not quite sure what most of them are.

Did ESET do any removal?
There are a lot of processes running, many are for your anti-virus program, quite a few for your wireless connection. Some unnecessary ones also;
like iTunes Helper, iPod, RealUpdate and a few others but for now they are ok.
There is one that shouldn't be there;
C:\DOCUME~1\Aubrie\LOCALS~1\Temp\clclean.0001
Go into that folder and empty the Temp files if possible.
Also go into Task Manager and end THIS process if you see it; TeaTimer.exe
This is Spybot TeaTimer and shouldn't be running as it will interfere with fixes.
You really should turn this off entirely and keep it off. It really is more trouble than it is worth.
To stop it from running at start up do the following:
Open Spybot. At the top click Mode. Choose Advanced Mode. Then at the bottom click Tools.
When that opens on the left click on Resident. When that opens REMOVE the check mark from TeaTimer.

Next close all unnecessary programs, including IM's and browsers and run HJT again.
Place check marks next to the following entry;
O20 - AppInit_DLLs: fmqxuy.dll
Click the Fix Checked button.
Exit HJT.
Reboot the computer.
Update MBA-M and run it once more allowing it to fix whatever is found.
Reboot …

Hi and welcome to daniweb.
Your HJT log shows multiple infections.

When MBA-M is running you should not be doing anything else. You should close all unnecessary programs and allow it to run. This scan WILL take a long time but doing other things, including running other scans or surfing the net, while the scan is running will increase that time considerably.

Turn OFF Spyware Doctor

The HiJackThis scan should be done AFTER MBA-M has completed it's scanning and removed infections found, not during the scanning with MBA-M.
Then reboot the system and run the HJT scan.
Post back here with both logs.
Judy

Hello and welcome to daniweb.
First of all you need to TURN OFF Spybot TeaTimer as it can interfere with any fixes attempted.
Open Spybot. At the top click Mode. Choose Advanced Mode. Then at the bottom click Tools.
When that opens on the left click on Resident. When that opens REMOVE the check mark from TeaTimer. Close the program and Reboot the computer.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
PLEASE ALLOW IT TO SCAN ALL DRIVES. You will have to place check marks in EACH drive you have on the computer.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Reboot the computer.

When you have rebooted then run a new Full System scan with HJT and save the log.
Post …

Please follow all of Judy's instructions. We are here to help, but a little dialogue from you would be nice :).

Thanks crunchie! It WOULD be nice to know if Uninstalls indicated were attempted and what was found.
You need to TURN OFF the following programs and LEAVE THEM TURNED OFF.
NapsterShell (you don't need to be downloading anything until this computer is clean, otherwise this defeats the purpose of trying to clean)
Windows Defender
iPodService.exe
Roxio Shared
iTunesHelper
RegistryCleanerProMFCT
InterVideo WinCinema Manager
LiveShare P2P Server
SoundMovieServer
P2P is very likely how you got infected to begin with. We do not condone this or recommend this. Please refrain from file sharing or we cannot help you.
Once you have turned off all those programs then reboot the computer.
Update MBA-M and once you have done that, with ALL UNNECESSARY programs CLOSED, including browsers, please run another Full System scan with MBA-M and allow it to remove everything found.
Reboot and run a new HJT scan and post both logs.
Judy

Ok, these two;

c:\program files\common files\microsoft shared\web folders\pkmres.dll
c:\program files\common files\microsoft shared\web folders\pkmres.dll

are Microsoft Office SharePoint Server 2007. It is a server program that is part of the 2007 Microsoft Office system.
You can read about it here;
http://www.microsoft.com/sharepoint/prodinfo/what.mspx
Now you said;

i can't find spybot

Well it isn't running in this latest log. So it has been stopped.
I would like you to stop some of the running services too using CodeStuff, NONE of these are required;

a-squared Anti-Malware Service
Bonjour Service
PC Tools Auxiliary Service (there should be two entries for this one, disable both)
Viewpoint Manager Service
Once you have removed the check marks from the listings above in CodeStuff Services Tab. Then Reboot the computer. Run a new HJT log and post that log here.
Judy

Please don't use a registry program unless directed to do so.
The entries you note are not registry listings. The first two are your scanner.
The file maxlink3.dll, contains program code used by the Visioneer 'PaperPort' program. It provides code required for the 'Paperport desktop' function. The other one is the ScanSoft PaperPort Page View Application. These two are fine, leave them alone. I say that because scanners seem to be notorious for not working properly if you play with their files. Leave them alone for now.
I am investigating the other two.

Hello, First of all a word of caution to ALL reading this thread, ComboFix is not a general purpose cleaning tool and should not be as such. ComboFix should only be used when asked by someone experienced in the use of this tool. Using this tool without supervision can cause problems with your computer. That is why Combofix is NOT listed in our Read me before posting a request for assistance sticky.
It also says that one of the tools the poster tried to use was

DSS (which won't run)

If you will note in the above linked sticky it clearly says;

Deckards System Scanner is currently unavailable. Please continue with the rest of PhilliePhan's recommendations.

It is also noted that Registry Mechanic, Rogue Remover were used. We rarely, IF EVER recommend the use of a Registry cleaner. MBA-M DOES fix registry entries made by infections.
The detective work here was pretty good, using Jotti. Essentially smitfraudfix usually removes this. Not certain about MBA-M.
Sounds like poster knew how to proceed but do want to caution ALL please don't be using Combofix unless directed to do so as it can do damage to a computer with a problem which does not require it's use.
I would recommend that poster should REMOVE combofix from the machine since it is such a specialized tool AND updates are issued for it on a fairly regular basis. This stand alone program itself cannot be updated but requires an …

I got rid of AOL which had a free scanner with it so now i need to replace it. Can someone give me the link to a completely free spyware and virus scanner and removal program? Thanks

The very best there is for spyware, malware, hijacker and trojan removal today is Malwarebytes' Anti-Malware. It has updates at least every two days, sometimes more often than that. It's removal ability right now is, at least I feel, is second to none.
Another continuing good one to add is Spybot Search & Destroy, just DON'T use the TeaTimer portion.
As for anti-virus programs there are several very good free ones out there that many of us here use;
Antivir, Avast, AVG8 just to name 3.
Another MUST HAVE program is SpywareBlaster. It too is FREE and a plus...it doesn't run all the time in the background but protects against spyware, adware, browser hijackers, and dialers. I would not run a computer without it.

Maybe it is stupid,
but when I was resolving virus problems I created new windows account and try to log into the new one...

After this I made all the scans with antivirus and and spayware removal softs.

But don't forget backup your files ...

No need to do this. Just continue as you said you would Aubsrie and report back with the requested logs.

To find the other two logs open MBA-M and click on the Logs Tab. They are there and are noted by date.

Do exactly as you have determined to do. Post those logs back here and we will take a look. Be sure to have both MBA-M and the Eset Scanner fix whatever is found.
Judy

ok how do i turn off some of thoseeee and which one i can turn it off

There are multiple programs running which have to do with your ThinkPad, since I frankly am not certain which of these are absolutely required I have left them off this list.

Here are those I see which are not needed or required for easy running of the computer;
EZEJMNAP>>>The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually". Available via Start -> Programs
ATIPTA>>>Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
QuickTime Task>>>
System Tray access to Apple's "Quick Time" viewer from version 5 onwards
a-squared>>> a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a² 'Background Guard' real time protection feature AND if you are running the PAID version. If you do not have the PAID version then this is doing nothing but running.
Spybot - Search & Destroy>>>no reason at all this should be running all the time. It is a scanner program.
SpybotDeletingA7947>
SpybotDeletingB5224>
SpybotDeletingD7717> have no idea in the world what these items are. They seem to be running in order to delete …

That's fine we don't need a log from ATF as long as you ran it.
You now need to go into Start, Control Panel, Add/Remove and look for anything with these names;
FunWebProducts
My Web Search
My Way Speedbar
Search Assistant - My Way
Smiley Central
Also look for Cyberdefender and My Identity Defender
Any of the above, Uninstall them.

Next, open My Computer, Drive C, and double-click on the Program Files folder

Right-click and delete the folders for:

FunWebProducts
MyWebSearch
Cyberdefender
My Identity Defender
Then go to Start, Search and look for items of the same name on the computer. Delete any found.
Reboot the computer.
Run a new HJT scan and post back here with that new log and also the result of your uninstall search.

Onmy C drive i have movies, music videos and counter strike.
I used to have na OS before like one year ago but now i deleted it but still have the Documnets and settings folder.

What do you mean you deleted it? I don't believe that you can really just delete an operating system, the drive would have to be reformatted in order to completely remove it.

You have an extremely large amount of programs running in the background and running at start up which certainly could slow the computer immensely. Turn off some of those and see if that makes a difference.

i think it could be because of registry and this software detected at least 14 errors from registry

MBA-M also cleaned the registry of 27 different items.
Really sounds to me like a rootkit is on there but since you say your computer is now totally clean since running superantispysweeper.
You will need to run a new HJT scan and post that log so we can complete the fixes in there before downloading the new Firefox version but go ahead and completely uninstall Firefox. It is running from "C" drive so you are going to have to go in there and uninstall it.

You never answered, exactly what IS on "C" drive other than Firefox?

Hi welcome to daniweb;
For heavens sake leave the reg cleaners alone. You can do more damage to the system.
Follow THESE instructions;
If you are able, RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Try uninstalling MBA-M, delete the install file and and downloading a new copy from HERE

You do have multiple trojans on the system, at least your first HJT log showed them. You have not posted another log since Crunchie asked you to do some fixing with it. It would help to see a new one.
TURN OFF that AdAwareService. It can interfere with fixes. If you have to disable it via Task Manager.
Also what is this? LarcApplication. I can find no information about it at all.
The following items in your auto starting programs are all trojans, in addition to those two Crunchie asked you to fix;

O4 - HKLM\..\Run: [Antivirus Pro 2009] "C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe" /hide
O4 - HKCU\..\Run: [Gool] "C:\Documents and Settings\administrator\Application Data\Gool\Gool.exe"
O4 - HKCU\..\Run: [GetModule27] C:\Program Files\GetModule\GetModule27.exe
Plus this listing;
O20 - AppInit_DLLs: karna.dat

You also don't appear to be running and anti-virus program or a firewall.

Also I installed that Spyware program but sometimes programs that are alike say that the other program (their competition) is a spyware. If you run SpyBot and have Adaware 2008 it tells you that it may come up as a spyware and vice versa.

I have never had any of those tell me either of the other two was spyware. They do not compete with each other. Don't run all three at the same time. Use them for scanning only not as protective programs. In order to have any of those as protective programs you must purchase them. The free versions are used for scanning and removal only so they would not compete, because you cannot scan with all three at one time. The only time you may get a notation about one of the other programs is if one will note something in the Quarantine file of another. That would be perfectly fine because that is where it should be if removed by the program. The only times I have seen this is MBA-M will find something quarantined in Spybot, that is NOT competing both programs are doing their jobs. Frankly, since the change this past year with AdAware I have quit using it, mainly because it has a portion of the program that now loads as a service, which does nothing but run unless you actually pay for the program.
Today, for most of us anyway, MBA-M is THE program of choice. It has updates at a …

Looking at your attachment it seems to me that svchost.exe is NOT consuming that much CPU's...You are showing 5 instances of svchost.exe, exactly what I am showing on my computer right now, and the total CPU amount for all 5 is 18,060.. Not much really.

Your big users are the following;
2 instances of Internet Explorer; 55,868K and 64,000K
Yahoo Pager at 15,876 K
MSNMessenger at 13,516K

What is svchost.exe And Why Is It Running?

If you've ever taken a look at the Services section in control panel you might notice that there are a Lot of services required by Windows. If every single service ran under a single svchost.exe instance, a failure in one might bring down all of Windows… so they are separated out.

Those services are organized into logical groups, and then a single svchost.exe instance is created for each group. For instance, one svchost.exe instance runs the 3 services related to the firewall. Another svchost.exe instance might run all the services related to the user interface, and so on.

So as crunchie said:It is normal activity. Shut it/them down at your own risk.

I would try shutting down some of those others first.

While this thread is very old, 2 years in fact, I see that folks continue to post here. I will totally agree with Dragonf1re on MBA-M. We have a link right HERE on this very forum for this program.
It can also be downloaded directly from HERE which is the link given on the website of Malwarebytes.org the developer of this program.

Were these pop-ups in Firefox? I still don't know why "C" drive is not being scanned. The latest MBA-M scan shows that "D" drive was scanned, not "C" even though you told it to scan "C" drive.
Can you tell me, what is on "C" drive? Firefox clearly showed it was running from "C" drive.

This log looks better. I know you requested that MBA-M scan all drives but it appears that it didn't scan "C" drive where your Firefox is located. Can you try it once more, click Full Scan but when the box opens just put a check mark in "C" and take it out of the others. Let's see if it WILL scan "C" by itself.
Judy

One reason I see which definitely would affect the running of the computer is that you have way, way, way too many programs starting up when the computer starts up, including some considered to be malware. This means then that these programs are all also running all the time in the background, even if you are not using them at the time. This consumes valuable resources. With all these running if you try to run a program which would consume lots of additional resources then the computer will freeze as you say because it doesn't have enough left to run something else.
You need to pare these down some. You have over 100 processes autostarting from the Start Menu when you boot the computer. This doesn't count those services also autostarting. Now some of these all have to do with the same program but the program number is not what I am speaking about, it is the processes then running all the time in the background. Many if not most of these things are totally unnecessary and can be run manually when you want to run them.
How big is your hard drive? How much RAM do you have installed?

I suggest though that you begin with a clean up with the following two programs.
Please Download ATF-Cleaner.exe by Atribune
• You can put ATF-Cleaner on your Desktop for easy access. Leave it for now.

Please download Malwarebytes' Anti-Malware (MBA-M) …

Hi DaniWeb4Jim, looking at the MBA-M log you obviously have infections on the machine. Update MBA-M and then run a Full System scan again, this time however follow the instructions given Make sure that everything found is checked, and click Remove Selected.
Reboot the machine. See if this makes a difference. It may not yet because there could actually be some application issues at work but for the amount of infection showing this could possibly be a part of the problem.
Judy
P.S. Whoops gerbil, didn't see you there.

Hello to all and welcome to daniweb.
ONLY one person should be posting problems in this thread and that is sarahlorrain.

lindsey482 you should create your OWN thread with problems stated and what steps you have done to correct them. By the way lindsey482, you CANNOT remove Internet Explorer from the system. It is an integral part of the operating system. You don't have to use it but you cannot remove it.

I recommend that you both do the following;

Update your anti-virus programs. Run Full System Scans with anti-virus programs and allow to fix all that is found.

Download the ATF-Cleaner.exe by Atribune

RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once …

Please download SDFix to your desktop
Now, double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.

A window will now open showing SDFix being extracted into the C:\SDFix folder. Once the installation program has finished extracting SDFix, it will open a Notepad with further instructions.
Next, please reboot your computer into Safe Mode by doing the following:

1. Restart your computer

2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3. Instead of Windows loading as normal, a menu should appear

4. Select the first option, to run Windows in Safe Mode.

When your computer has started in safe mode, and you see the desktop, close all open Windows.
Click on the Start button, click on the Run menu option, and type the following into the Open: field:

C:\SDFix\RunThis.bat
Then press the OK button.

The SDFix window will open containing some brief info and a disclaimer on the use of the tool.
If you want to continue, please press the Y key on your keyboard and then press enter.
SDFix will now start scanning your computer for known infections, this may take awhile so just sit back and wait.
When the scanning process has finished you will see a new screen stating that you need to …

Things look good to me. If you feel all is running well you can mark this thread solved.
Happy I have been of help.
Judy

Please recommend what to do withe the Firefox do i install the new version(I have downloaded it already).
Since the previous Firefox was actually not installed from the OS i am running now, what do i need to do to remove it completely (i.e registry,cookies etc...) as it is my default browser and IE is uninstall from the Add/Remove windows components

Firefox HAS to be installed or it would not be running. Looking at your logs it is running from "C" drive, in fact it is the only program I see running from "C" drive. This is why you cannot get anything to scan it, because you are not telling it to scan "C" drive.
Run that MBA-M again, updating it first and this time also have it scan "C" drive.
When you choose Full Scan you should get a box which allows you to tell the program which drives to scan. Be sure to put a check mark in BOTH "C" and "D" drives. Obviously Firefox cannot be the only thing on "C" drive so there are probably a lot of files never scanned with the MBA-M program. Run that and of course have it fix everything found. Post back here with that log before running any other program I have told you to run.
Judy

We need to see a NEW scan log from MBA-M run in NORMAL mode. Be sure to update the program first, run it and have it fix everything found.
Reboot the computer and run another HJT scan. Post back here with both of the new logs.
Judy

We really cannot advise unless we see some logs from the programs you have run.
I would like to see an MBA-M log and a HiJackThis log if possible.

The log looks pretty good. Some unnecessary auto starts there many of which can be run manually when needed so as not to use up system resources by running all the time in the back ground.
There is a remainder of McAfee attempting to start from Services which can be fixed and I also am questioning this entry;
O23 - Service: ZDHNGI - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Penny\LOCALS~1\Temp\ZDHNGI.exe
I can find no information on this file AND it is running from the Temp folder so I believe this also should be fixed.
To do these fixes run HJT again and place checkmarks next to the following;

O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: ZDHNGI - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Penny\LOCALS~1\Temp\ZDHNGI.exe
Once you have placed the check marks then click the Fix Checked button.
Exit HJT
Then navigate HERE;
C:\Documents and Settings\Penny\Local Settings\Temp and Empty that Temp folder.
Next do the following;
Go HERE
Download the OFFLINE INSTALL file for sunjava version 6 update 10. Save it to the desktop.
Then go to Start, Control Panel, Add/Remove and UNINSTALL ALL versions of Java that you find there.
After all the old versions are uninstalled then double click that java install icon you have placed on the desktop.
Once the new version is installed go back to that download page …

You need to do the following;
Download SmitFraudFix and save it to your desktop.
Confirm that the file SmitfraudFix.exe now resides on your desktop, but do not double-click on the icon as of yet. We will use it in later steps.
Next, please reboot your computer into Safe Mode by doing the following:

1. Restart your computer

2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3. Instead of Windows loading as normal, a menu should appear

4. Select the first option, to run Windows in Safe Mode.

5. When you are at the logon prompt, log in as the same user that you had performed the previous steps as.

When your computer has started in safe mode, and you see the desktop, close all open Windows.

Now, double-click on the SmitFraudfix icon that should be residing on your desktop.

When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen.

You will now see a menu. Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).
The program will start cleaning your computer and go through a series of cleanup processes. When SmitFraudFix is done, it will automatically start the Disk Cleanup program

This program will remove all Temp, …

What happened when you tried to remove combofix?
Yes, you can just delete it though it will not remove any backups these multiple runnings have done.

Madhusoftech, This thread is 2 years old. The original poster never returned. You need to begin your OWN NEW thread by clicking the Start A New Thread on the left of the page. (See my attachment) above the listings of threads.
Give it a Title which will indicate your problem.
State your problem clearly. Your HiJackThis version is way out of date. You need to delete this one and download the newest version.
Right Click on the desktop and choose New Folder. Name this folder HiJackThis.
Then go HERE and download the newest version of HJT. Save it in that new folder you just created. It must be run from it's own folder NOT a temp folder.

You also need to do some clean-up of the computer before running another HJT scan.
Do the following in NORMAL MODE;
Please Download ATF-Cleaner.exe by Atribune
You can put ATF-Cleaner on your Desktop for easy access.
RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Please download