Posts by jholland1964

I would also like to mention here that you have said that you installed Trendmicro and then removed it...how did you remove it? Did you actually UNINSTALL it or just delete? Make sure it was uninstalled. One should never have more than one antivirus program running on the computer.
Then you said you installed avira antivirus and it DID find 34 infections. So it IS working. Keep it. It is an excellent FREE program, no need to install another.
Follow caperjack's instructions. You can also download Malwarebytes' Anti-Malware directly from their website also.
Be sure to reboot the computer AFTER running MBA-M and removing everything found.

Also download and run HiJackThis and post that log here once you have finished all other instructions

Hi b1977 welcome to daniweb. Sorry this response has been so long in coming.
For now let's work from this older version of HJT.
One thing you MUST turn off is the AdAware Service. It can interfere with fixes tried. It isn't needed really.
Close ALL OTHER OPEN WINDOWS
Run HJT again and place check marks next to the following entries;
O2 - BHO: (no name) - {420959A7-1B3F-49EE-848E-6DE631A39223} - (no file)
O16 - DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} (InSPECS3_0 Control) - http://www.powerleap.com/cab_files/InSPECS3_0.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: tuvVLcdC - tuvVLcdC.dll (file missing)
O20 - Winlogon Notify: xxywUkiI - xxywUkiI.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

Once you have placed the check marks click the Fix Checked button
Exit HJT.
Now one thing you have installed is BOONTY Games. Actually should be considered dangerous. Here is why from their own privacy policy;

"We also may share payment information with third parties who provide payment services and share aggregate data regarding the type and number of videogames you download, your age, gender, occupation, education level, geographic location, computer equipment data and on-line and video game interests, activities and practices to game publishers. In addition, we share e-mail addresses with third party e-mail carriers who assist us in sending out our e-mails …

Hi gr8yt74 and welcome to daniweb. Sorry for the delay, I have been away. I am somewhat confused here by your statement here;

I checked for virus numerous times & still was not able to fix this

You do not show an installed antivirus program or a firewall so how can you check for a virus if you don't have an antivirus program installed?
You need to install one. There are many good, FREE ones available AVAST or AVG are both good. Choose one, download, install, update and run a full system scan. Remove everything found.
Reboot the computer.

Also do the following;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.
Then run a new HJT scan and place a check …

Hi Dragewood, have been away for a few days but wonder, when you get this blue screen with this message

"A problem has been detected and windows has been shut down to prevent damage to your computer.

The video driver failed to initialize

Do you also get an error code? It would read something like
***STOP: 0x0000000A (0x13F4100, 0x00000002, 0x0000001, 0x804FEB8F)
Judy

Now for my 2cents. I agree with trinitybrown with the exception of one item

One should not try experiment with registry keys until one is master in it, well your system is infected with somesort of virus or worms but now it seems your registry settings also have some problem, so don't experiment with your PC and hire some professional

If the poster would return hopefully we will be able to help without poster having to hire a professional.
I disagree with evstevemd on several points.

Download and Install revo uninstaller, and It should help with uninstalling issues.

Install avast, register and enter key (All free)!
Run it,and right click, and schedule boot time scanning.

Then download and Install wise registry cleaner (free/pro if you have $ for it) and scan and fix invalid registry

BEFORE installing ANYTHING new we need to see at least a HiJackThis log. It is not advisable to install any other antivirus program before others are totally UNINSTALLED. Symantec has it's own uninstaller which can be used to remove Symantec/Norton products and this is where the poster should begin, not by downloading another program.
It is not advisable at this time, or quite possibly ever, to use any registry cleaner or fixer. It is certainly something I rarely, if ever, recommend. If it is a recommendation it would certainly be towards the end of the cleanup, not in the middle or before the two programs I recommended had been run. …

I will be away for the next four days. Crunchie will be checking on threads. Please follow any instructions he may give you.
Judy

I will be away for the next four days. Crunchie will be checking on threads. Please follow any instructions he may give you.
Judy

I will be away for the next four days. Crunchie will be checking on threads. Please follow any instructions he may give you.
Judy

Your logs look pretty good.
You should run CCleaner to empty all temp files. If you don't have it download it and install. Open the program. When it opens it will open on the Windows Tab with checkmarks all ready in place. Don't change anything. Click the Analyze button. It will scan the computer for items which can be removed. When it completes it will show items marked for removal. Click the Run Cleaner button. Close the program when it is finished.
You need to uninstall combofix now.
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
When shown the disclaimer, Select "2"

Delete SDFix from your desktop, also delete this folder C:\SDFix

Empty the Quarantine files from MBA-M

You also need to set a new, clean restore point.
Right Click My Computer, Choose Properties.
Then click the System Restore Tab.
When that opens put a check mark in Turn Off System Restore.
You will get a warning that you are turning it off, click OK
System Restore will now turn off.
Wait until it is off.
Then go back in and Remove that Check mark. System Restore will turn back on.
Is the computer running ok now?
Please post back with that answer. I will be away for several days but …

Thanks crunchie for weighing in. Brianjs I am going to be away for four days beginning this afternoon. If you get logs posted before then I will take a look, but after that follow crunchie's advice as he will take over my threads until my return.
Judy

The combofix log is a bit unusual looking to me and I have asked Crunchie to take a look too. Plus your HJT log still shows some infections so I hesitate to make final recommendations until Crunchie can take a look also.
Judy

Whew! You have a huge number of infections on this system. Did you reboot the computer after running the MBA-M program and also the ESET Scanner?

Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

*Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.

Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your …

Try and let me know by christmas LOL

Thanks

If you want to you can read the log yourself. These take awhile, each entry must be researched.

Give me a bit to go through this and I will get back with you.
Judy

I have to ask that you ONLY run the programs requested here until told otherwise. Spybot is a great program but right now let's work with the two requested.
Judy

Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.

Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen …

This IS considered to be malware from the information I could find. I would recommend that you do the following;
Please Download ATF-Cleaner.exe by Atribune (Windows XP, 2K, 2003 & Vista ONLY)

• You can put ATF-Cleaner on your Desktop for easy access.
RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Next:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can …

BTW while i was writing the last post (i am using my desktop - this computer), my problem computer - the laptop - seemed fixed on restart but fifteen minutes later, while i was trying to find the ESET link, the problems all came back. If that means anything.

It may but run the ESET scanner, reboot, run HJT and post both logs. We'll see.
Judy

It is scanning now - i had to restart it because i had to leave the office for a meeting. Anyway, what is the ESET scanner?

ESET Scanner is an online virus and removal program. Sorry I didn't include the link for it. I would like you to run that too. Follow these instructions for running;

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

WOW, ok this sounds more serious than i thought.

I am running the malware scan as we speak now, then i will restart and run online scan. Then i will restart and run hijackthis and post the log as well as the other logs also.
Is there a chance malware program will remove it?
If not, you mentioned IS-MBAM i really dont know what it stands for....but it seems good. Would that remove it?

Thanks alot...
will post logs soon..:)

MBA-M stands for Malwarebytes' Anti-Malware
That is the first program I noted that you should run. When I capitalized the IS I meant it "IS" one of the best, didn't mean to make it part of the name. It takes care of hundreds of nasty items now and hopefully will do the trick for you. It is a super program and you should keep it and use it, updating before each scan, at least once a week. Remember though, it is not the "end all and be all" of removal programs, just one of the better ones out there today and it DOES remove many of the trojans out there now. You would still need a good, onboard anti-virus program and firewall too.
I will wait for you to post the three logs requested and we can better see where things stand.
Judy

Continue following the steps you are using. Post back here after completing those steps with the MBA-M log, be sure to FIX or REMOVE with it.
Do the ESET Scanner. Then do the HiJackThis scan. Post all logs back here in this thread and we will take a look.
Judy

A little update.

The computer is getting slower and slower to boot up in normal mode and slower and slower to shut down as well.

Safe mode with networking still boots up quickly and shuts down quickly.

Then this tells me there are a lot of programs starting unnecessarily at boot up which can easily be run manually when needed and then also shut down manually.
When you boot in Safe Mode with or without networking only those programs necessary for the actual running of the computer are started up at boot time. This is why the computer boots and also shuts down fast when using the Safe Mode with networking but is very slow in normal mode.
I compiled a list of auto start programs showing in your HJT log which are NOT required to run at boot up and can easily be run manually when needed. Some of these you may still want to start automatically at boot time, you will have to stop all from auto starting and then re-enable one at a time to see which ones are causing the slow down. For most of these it is advised that you disable the program so that it does not take up necessary resources. which of course would cause slow downs.
To make this easier I recommend using a program called CodeStuff Starter
With this program you can control Start up programs you don't need, Services which start that you don't …

Think you have to look at the numbers involved here. You said you have a 160GB hard drive and you recently reformatted, if I read it right you say

i hardly used around 70gb

which says really, unless I am wrong, that more than half the drive was full before you reformatted. You created a 30GB partition and everything you had installed is there. I am not certain why you put everything in that partition. If you have 30GB in that partition that means you have another partition with about 130GB that is not being used. But then you say you

i left 6gb space in my hard disk which is free now

...do you mean you actually have three partitions? One with 30GB, one with 6GB and then another with 124GB? Or do you mean that you have two partitions, one with 30GB and you are saving 6GB of that to install Linux and then you have the second partition with 130GB empty? Sorry if I sound confused, but I am.
Was the hard drive previously partitioned or was it just a 160GB unpartitioned drive?
If it was previously partitioned did you reformat the entire hard drive or just one partition?
I have to be totally honest I know virtually nothing about drive partitioning but it sounds to me like you partitioned the drive incorrectly or are using this partition incorrectly. From what you have said it sounds like the rest of this hard drive isn't …

Obviously something is stopping these updates and now also stopping the running of ESET Scanner. Are you certain you turned off all your antivirus program, your firewall and your pop-up stopper when trying to do both?
You should also check your sun java program. Only reference to java I see is in these entries in your HJT log.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_06) -
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_06) -
These would indicate an out of date java.
First of all go to SunJava Downloads
Download the latest version which is version 6 update 7. Be sure to download the OFFLINE install and save it to the desktop.
Once you have done this close out all browsers. Go to Add/Remove and uninstall ALL older versions of java you find there.
Reboot the computer.
Once you have rebooted then double click that Java install icon on the desktop and install the new version. When the install is complete then go back to that download page and on the right side you should see Verify Now. Click that to verify the install was successful.
Once you have done that then see if you can run ESET Scanner again. If you cannot then try the Panda Active Scan Let it clean what it finds.

Once other thing on the update problem with MBA-M. On that update page you will see …

There is definitely signs of infection of, for the moment, unknown malware in your logs.
You will need to do the following;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program …

No, we would need a new HJT log done AFTER the computer is cleaned or, we hope will be cleaned, those other two scans.
With these infections today it is very rare that only one program will remove them. Right now there are only two programs you need to run and HOPEFULLY that will be all, but I cannot make promises on that either.
virtumonde is a trojan not a virus. Probably one reason the two programs you have run will not remove it though they CAN detect it, which is good because hopefully it was found early enough that no permanent damage has been done. Trojans usually are NOT removed by an antivirus program, why? because it is not a virus. Virtumonde usually comes onto a computer because of outdated java programs, though there can also be other reasons too. Trojans usually need specialized tools for removal, one of these IS MBA-M, which right now seems to be the best program available for removal of trojans and malware. Take a look at the majority of threads here right now, the bulk of them have had MBA-M as one of the tools we recommend most because it does a superior job of removal today. We request the ESET online antivirus scanner or several others also because if there is one infection on a computer then chances become more likely there are others too, because the system defenses are weakened which can allow viruses onto the computer too. We …

Really happy all has worked out so well.
Judy

Appears to be clean. Are all things running all right?
Judy

Hi computerguy, do the following;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Reboot the computer

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program. AND Spybot TeaTimer if it is running.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.
Reboot the computer

For some unknown reason you ran a program I am not familiar with called Runscanner instead of the ESET Online antivirus scanner. Can you please run the ESET Scanner please, fix anything found by it and then post back here with that log and a NEW HiJackThis log.

i have a ccleaner installed in my computer so, all the temp files will be deleted and the computer has became slow after the internet connection i have installed wamp and text editors software like stuff this may be the reason? and my cousine always installs some wiered stuff like games, style xp and many others
the system is getting slow down all the time
thank u

If the slow down began with the install of all those items then I think you can probably narrow it down to that.
If games and other items have also been added then you can probably add those to the cause also.
How big is the hard drive? How much space is remaining"
How much RAM do you have installed on the machine.
It may very well be just too much in too small a space but give me that info ok?

Did you reboot the computer after doing the MBA-M cleaning? If not, please do so now and then run a new HiJackThis scan and post that log.

Looks as if ESET scanner removed some adware but other than that nothing was found.
You do have some unnecessary auto starting programs which can and really should be run just manually when needed. Don't know if this would be the cause of your slow down on the system.
All of those InCD listings are not necessry to run at start up and therefore run all the time in the background.
These three were all running when you did your HiJackThis scan;
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
You also had two instances of Internet Explorer and one Firefox open and running when the scan was done.
How long has this slow down been happening? Have you done a general clean up of the computer lately? Empty temp files and internet temp files lately? Have you done a defrag?
Is the computer slow all the time or just when it is online? If it is only when it is online then this could be the fault of your ISP and not the computer.
How are you connected to the internet?

Hi yurec123,
Please do the following;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer

Next;
Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

Reboot the computer

Well I see several things here, first of all I see a PORTION of an old Norton program still running along with AVG 8. This is definitely a no-no. ONE antivirus program running on a computer is the rule. Run more than one at a time and you can actually lessen your protection.

You are going to have to search for this file, but first use Task Manager to turn it off.
The file is named SSDK02.exe so you will have to stop it from running and then do a search by clicking Start, Search, Files and Folders and search first for all things named Symantec. Once those are located delete them Then do the same things for Norton. If you find any of those delete them.

You also show Spybot TeaTimer running on the computer. This MUST BE turned off and KEEP IT TURNED OFF as it can interfere with fixes we many do with HiJackThis or other programs.
Open Spybot. Click Mode, choose Advanced. Then at the bottom choose Tools. When that opens you will see a row of buttons on the left. Click Resident. When Resident opens REMOVE the check mark from TeaTimer. Close the program.
Reboot.

Now there are several things showing in the log which must be removed. One is a LOP infection this is also evidenced by the program Messenger Plus! Live & Sponsor (CiD) showing in your Uninstall list.
You should remove this using Add/Remove.

Now …

Hi and welcome to daniweb,
I don't see the prjsrv" in your running processes during the scan, did you turn it off before the scan? Next time leave it there so we can see the location. I couldn't find any process by that name when searching.
Now you said this;

I've got the virus that won't let me change my background, so I ran the registry and enabled desktop under properties again, etc.

but you don't state any other things you have done in order to remove the virus. Doing a registry edit won't necessarily remove the virus, it just removes a "symptom" of the virus and doing a registry edit before eliminating the virus isn't advisable, especially when the removal of the virus may edit the registry again. Plus you say "the" virus that won't let you change your background...there are MANY DIFFERENT viruses or trojans that exhibit this symptom, not just one, so assuming it is just one virus is something you shouldn't do. Some infections require special tools for removal, we don't know that this isn't one of them because we don't even know the name of the virus.
What steps have you taken? Have you done any of the steps given by PhilliePhan HERE
With the exception of the Deckard Scanner, which can't be used so that step should be ignored until further notice, all of the other steps there should be completed followed by a fresh HJT scan. Also …

Be sure not to do any fixes yet with the HJT full scan, just post the log.
I would advise your niece not download anything new right now, unless directed to do so here. She needs to have a clean computer before installing new programs, which would be needed to download the iPod music.
Judy

There is iPod music available on the internet at very legal sites. My grandchildren and daughter's all upload music to their iPods but they PAY for each song. It is not expensive, around $1.00 a song I believe.
Sorry that she paid for this program, from what I have read, that is a scam itself and the chance of getting your money back is very slim. Why is it scam? For the very reason you said your sister bought it... because she thought that it was then "legal" for her children to download all the music they wanted because she had paid the fee. But the thing is, P2P file sharing is "free" because whatever is being shared is pirated generally so she paid a fee to do something that is essentially free. It is dangerous of course because as you see, you can very well get a lot more than you bargained for, namely, an infected computer.

I found this interesting little note at the very bottom of the 360Share Pro website

The purchase of a membership, however, is not a license to upload or download copyrighted material. We urge you to respect copyright and share responsibly.

See, this is how they get around the legalities and it also probably releases them from having to return the fee charged. Each and every program which is included in this "membership" is FREE, there is no reason a person should have to pay, that doesn't make P2P legal or …

Did you Reboot the computer after running MBA-M? Many of these won't be removed until you reboot the computer

while i was running the online scan it came up the windows loading piture then a blue screen of death but when i hit the space bar it went straight back to the online scan, do you know why this might have happened?.

I do not know why this happened, have not heard of anyone having this happen either, unless maybe you forgot to turn off your antivirus program.

the scan found a few things but at the moment i don't have the money to buy it so could not remove them, but here is the log off all 3

You don't have to pay to remove with that ESET scanner. It is FREE. Just go back there, turn off your antivirus program first, and do the scan again, this time have it clean or remove everything it finds.
Then reboot and when you do run a New HiJackThis scan and post the ESET log and the new HJT log back here.
Judy

Hello and welcome to daniweb,
Begin by doing these three steps;

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Next:
Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at …

Hi Ecila5200 and welcome to daniweb.
We will need to see an actual HiJackThis scan log not just their uninstall list so please do a full system scan and post that log also.
You said

They have 3 teenage children and I guess one of them visited a page that loaded this nasty to their computer.

Well we know absolutely where ONE of these trojans came from, P2P file sharing. That shows in the ESET Log. The infected file was an mp3 file, a downloaded music file, and Limewire, a P2P program was used to do so, though that program doesn't appear on the Uninstall list. It shows here in the ESET log;
C:\Documents and Settings\Acer\My Documents\LimeWire\Saved\Adele - Tired.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 3B35E5CADDBB84E255FF8534F078A0ED
That said, on the uninstall list I see 360Share Pro this IS a P2P file sharing program. This program should be removed from the computer.
While all I have found and read about this program the info "intimates" that it is legal to use this program to search for and download music. But I MUST state this;
The program itself is LEGAL BUT....in order to download music you must have PERMISSION to do so from the copyright owner. Having or paying for the software DOESN'T give you permission. If you are the copyright owner, meaning you wrote the music and/or are the artist, you can upload the songs on 360 Share Pro (or Limewire) and give permission to others …

First of all, I would remove Spynomore all together. It was, at one time, listed as a Rogue application because of excessive False Positives, among other things. It has been removed from that list but that does not mean it is a good program now and personally it is not one I would recommend. Uninstall it is my advice.

Is SpywareBlaster (Please note the spelling, it is all one word with S & B in caps, there are some rogue applications out there using similar names but the spelling is different. Be certain you get the correct one from javacool software.) better?

Honestly I would say yes. Remember SpywareBlaster does not do any scanning or removal it is a protection program. SpywareBlaster "inoculates" your Internet Explorer browser against the installation of unwanted spyware and adware from the internet. For your situation especially a MUST HAVE.
SUPERAntiSpyware and Spyware Doctor are both excellent programs, though I don't know whether you are using the FREE or Paid versions. Both versions of each are excellent, the paid versions of each just offer an "extra" but really are not required to purchase to be sufficient. Continue to update them daily and scan with them daily if you feel it is necessary. Remember, the FREE trial version of Spyware Doctor will protect and can be used for scanning but does not remove, in order to do so with it then you must purchase the Spyware Doctor license.
SUPERAntiSpyware Free Edition and will …

The MBA-M scan you just posted was done with an out of date database. The scan you posted shows the database version as 1226 and the database version on the date you did your scan was 1257 and today it is database version 1264 so there were a lot of new items added since you updated yours. You should have updated the program prior to this scan, in fact you should update it prior to EVERY scan you run with it as it has updates frequently, sometimes twice a day.

Your HJT log is still showing infections on the computer. You are showing at least one piece of malware, Mysee Alert and at least one worm. These show in the HJT log, there may be others which do not show. All infections DO NOT show in an HJT log but if some do show the likelyhood of others on the computer increases.

Now, I must caution you, the worm on the computer is known to come from P2P file sharing. It is very evident from the references to BitComet(a P2P program) your HJT log that this is something you do quite often. Since you have this worm on your computer it is very likely that you have also infected other's computer with the P2P file sharing also.
This is just one reason we do not condone or encourage this activity here at daniweb. The other reason is that it can be illegal by sharing copyrighted material, this is a …

Hi pulley412, welcome to daniweb. Sorry a reply was so long in coming.
Please do the following;
Delete that old HiJackThis and download the newest version
Next do this;
Please Download ATF-Cleaner.exe by Atribune save it to the desktop.
RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can …

Uninstall MBA-M via Add/Remove. Reboot the computer.
Then try a new download of MBA-M
Download, install and see if you can update it.
Also run HJT and place a check mark next to the following entries;
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
Once you have placed the check marks then click the Fix Checked button.
Exit HJT
Reboot the computer.
Try again to run the ESET scanner. Remember TURN OFF ALL antivirus programs and firewall and also turn off that Popup stopper too.
Let me know if you can then run the program.

Looks pretty good, couple of things you can fix with HiJackThis. Run the program and place check marks next to the following entries:

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (file missing)
O2 - BHO: ohb - {E8888041-B24A-4B0B-911B-12B018E43F21} - (no file)
O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe (file missing)
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe (file missing)
O23 - Service: Windows Management Updater (WinManUpdater) - Unknown owner - C:\WINDOWS\smss.exe (file missing)

Once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Reboot.

Just keep us posted ok? We want to know how your new RAM works. Happy to help.
Judy

The list is in alphabetical order. Double click on the item you want and I would suggest that you stop the service if it is running and then change the start up to manual.
After you have done all that then reboot the computer.
Judy

it runs ok. my only problem that im left with is my device manager is still empty

Is your Plug and Play service turned off (disabled)?

1. Click Start, click Run, type services.msc, and then click OK.
2. Double-click Plug and Play.

If you receive a Configuration Manager message, click OK.

3. In the Startup Type list, click Automatic, and then click OK.
4. Close Services.
5. Reboot

Just noticed, you are using an out of date version of HijackThis. Can you delete this one and download the newest version which is version 2.0.2
Then do a full system scan with it and post the log.
Sorry, just wasn't paying attention.
Judy