Posts by jholland1964

Ok, thanks for the quick responses.

You should run HiJackThis again, system scan only this time, no log yet, and put check marks next to the following entries if they remain:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (file missing)
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://aolsvc.aol.com/onlinegames/fr...ouseplayer.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbi...20/McGDMgr.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BMC.local
O17 - HKLM\Software\..\Telephony: DomainName = BMC.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{1658BB73-B14B-4A2F-B915-8578C24715F0}: NameServer = 192.168.16.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BMC.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{1658BB73-B14B-4A2F-B915-8578C24715F0}: NameServer = 192.168.16.2

Once you have the check marks placed click the Fix Checked button. Exit HJT, reboot the computer and run a NEW HJT …

Do you use the Yahoo items? Are you still using AOL Mail?

Is Pearson your school and MyITlab part of that instructional program?
Do you still use AOL mail?

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
Click on the Save list. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into a reply back here.
Judy

*****The HIjack prgm had generated the Uninstall list by itself*****

I asked you to do that in post #12, I would like you to follow those same steps again and post that list.
I see the AOL listings in the HJT log now show as File Missing, have you removed this from the computer? Who is BMC? Is this your internet provider? Are you on dial up, wireless, high speed like cable or dsl?

Now update MBA-M and do another Full Scan with it. Allow it to remove everything found. Reboot and do a new HJT scan and save the log. Post back with both logs.
Also give me a NEW Uninstall list generated with HJT like you did earlier.

First, am I finished with the cleaning ? Have you reveiwed my last logs yet?

Second, After I had used the Microsoft free trial for the Office suite for Word, etc. and I uninstalled it, my Word 2003 program is now giving me an error message:

An error occurrred and this feature is no longer working proerly. Please run Setup and select Repair to restore this application.

I have no clue of what it's talking about. Can you help with this?

ccoker, I am sorry to have been delayed in replying to this last post. I have been away for the last three days.
No, I am sorry to say I do NOT believe the computer is clean. There are still multiple instances of infection showing in your HJT log.
I would like you to do the following:
First of all TURN OFF Windows Defender. To do this follow these steps:
Go to Start, Programs, Windows Defender. Open it, click on Click Tools, and then click Options.
Uncheck the box that says "Use Windows Defender" and click "Save." A confirmation box will pop up so click "Continue" to move past it. One last box will appear telling you that Defender is turned off (and that it doesn't think that was a good idea). Ignore it.
Next do the following:
download ComboFix from one of the following URLs
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
Save it ON the desktop.

* Close …

Yes, obviously look at the files removed using ESET, all are via Limewire, and all contained Trojans:
C:\Documents and Settings\candace\My Documents\LimeWire\Saved\another again john legend 11 - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\candace\My Documents\LimeWire\Saved\crank dat spongebob 2009.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\candace\My Documents\LimeWire\Saved\another again john legend 11 - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\candace\My Documents\LimeWire\Saved\crank dat spongebob 2009.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\candace\My Documents\LimeWire\Saved\Goapelle First Love.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\candace\My Documents\LimeWire\Saved\gucci-photo shoot-clean song.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\candace\My Documents\LimeWire\Saved\guccie mane- jewlery.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\candace\My Documents\LimeWire\Saved\livin on a prayre.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\candace\My Documents\LimeWire\Saved\tpain-aint trickin.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C

That checkmark to avoid downloading anything illegal is for THEIR protection, not yours. Gives them the option to claim the "user chose to download...whatever...we have no control".

If you are downloading music, videos and games which normally would be PAID for but are getting them for FREE via Limewire and other sources then Yes, that IS ILLEGAL.
AND illegal downloaders can be traced and yes, can and have been prosecuted and found guilty.

Others …

hey bro ill give u some advice because it happend to me alot.
all u gotta do is pop in the boot cd and format drive than instal windows clean install u should be all set from there....wish u luck.

alex this is NOT required and there is NO REASON TO DO SO. I have given steps to clean the computer, that and safer surfing habits will keep the computer clean, once we are complete.

The following programs should be Uninstalled via Add/Remove.
Limewire IS a legal program, however, with the amount of infection found thus far on your system it is obvious that illegal file sharing IS taking place with this computer. Many, many of the infected files WERE the result of P2P file sharing. One of the easiest ways to get massively infected...as this computer is.
This program MUST be remove immediately along with ANY OTHER games you have installed by getting a shared copy via Limewire.
I see there are quite a few games installed, all legal IF they were paid for, but if they were obtained via Limewire then they should also be uninstalled.
These also MUST be uninstalled:
LiveUpdate 3.0 (Symantec Corporation) this is part of an old installation of Norton and it is still running. Since you have another antivirus program installed and working you must remove this remaining piece of teh Norton program.
The rest of these on this list are KNOWN malware and must be removed:
BytePro
Coupon Printer for Windows
CouponBar

I reiterate my statement about the various games and Limewire. If ANY were obtained via Limewire then they need to go. This also holds true for ANY music obtained via Limewire and anything labeled VideoEgg. There were MANY Adware.VideoEgg files removed.
After all these removals are done, reboot the computer. Update MBA-M and run a new Full Scan with it. When complete Remove everything …

Whew! You had/have a very infected computer. What I need to see now is an Uninstall List generate by HiJackThis. To do this here is what you need to do:
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
Click on the Save list. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into a reply back here.
Judy

Are you on a dial-up connection?

How do I temporarily disable my Anti-virus program? I don't see an option do this. I'm ready to run the ESET scan.

To disable the Resident Shield, please:

* Open AVG User Interface.
* Double-click on the Resident Shield.
* Un-tick the option Resident Shield active.
* Save the changes.

To disable the Personal E-mail Scanner (if it is installed), please:

* Ppen AVG User Interface.
* In menu Tools select Advanced settings.
* Go to E-mail Scanner - Servers - POP3, and click on the POP3 server (usually AutoPOP3:10110).
* Un-tick the option Activate this server and use it for receiving e-mails.
* Repeat the same for SMTP server.

You have a LOT of malware on the computer. Please follow these instructions:
Please Download ATF-Cleaner.exe by Atribune

• You can put ATF-Cleaner on your Desktop for easy access.
RUN ATF-Cleaner.exe.

• Click on ATF-Cleaner to run it
• Where it says Select Files To Delete, Check the Select All Option
• Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs …

I am on Windows Xp, and i connect by cable modem.
How do I run Hijack this? Where do i find this program

Download from HERE to your Desktop
Open the program and do a System Scan and Save the log.
When it is complete, which is just a few moments you will see the log in Notepad, be sure that Wordwrap is OFF. Copy/Paste the log back here.

We know nothing about the computer, need the operating system, how you are connected to the internet in order to give information. Run HiJackThis, tell it to save the log. The log should open when the scan is done, just copy/paste it here.

Alright I'll check out that av program. Right now I'm running Firefox 3.5.7 and Java 1.6.0_15. It's not only firefox, like for example if I want to run microsoft word or any other program right when its fully booted, it takes a while to load. Might just be normal though but I just wanted to make sure.

This wouldn't have anything to do with Word but your Java is out of date. Go HERE and download the Offline Install to your Desktop.
After it is downloaded close your browser and go to Add/Remove and Uninstall all old versions of Java you find there. Once those are all uninstalled then double click that install file on the desktop and install the new version. When the install is complete go to the Download page again and click Verify Now to verify the install was successful.
The slow loading of the various programs "might" be due to the Bitdefender program scanning them before they open.

If you want to try another av program the one I use and am pleased with is Avira Free. It does the job without consuming resources.
Before you would install another anti-virus you would need to totally uninstall BitDefender. If you want to do that here is the Uninstall Program for BitDefender

Don't really think the SP3 would do a lot to slow the computer, maybe a bit, but it IS necessary to have.
What version of Firefox are you running? What version of Java do you have on the computer?

Hey, I have the exact same thing.. I was wondering if you guys could help me out. I don't know what I/someone else on the laptop downloaded, but it is the exact same thing as tony's. IE adds keep popping up every munite or so. I was wondering if you could help out.

Kevin, this thread is 2 years old and solved. You need to begin your own thread, stating all problems exactly and also give us the following information; operating system, security programs, what steps have you attempted to fix your problems.
Also please follow the steps given in the link below and post those results to your own NEW thread. Somebody will be happy to help you.

http://www.daniweb.com/forums/thread134865.html

Also I'm not sure if this also has to do with my computer running slow, but can it also be that my antivirus, Bitdefender, is hogging all the memory?

Well that could be possible. It has four processes running along with several others possibly. Is it new or have you had it awhile? If you have noticed the slow down since installing it then the slowness could point to that but if you have had it awhile then probably not.
To control these auto starts you can use a program like CodeStuff Starter, it is free, works well and does make it easier to control auto starting programs and also auto starting services.
Install CodeStuff Starter and then begin with the Start up Tab. Remove check marks from the following items. Now these are all safe to stop, easy to run manually if needed. I won't give any that would cause problems with the computer if they don't auto start:

DiscUpdateManager
HPBootOp
HP Software Update
ISUSPM Startup
ISUSScheduler
RegShave
AppleSyncNotifier
SunJavaUpdateSched
QuickTime Task
TkBellExe
UVS10 Preload
Window Washer

These below will be found under the Services Tab. Double click each item, if it is running, first Stop the Service then change it's start up type to Manual instead of automatic.

Apple Mobile Device
Bonjour Service
iPod Service
LightScribeService Direct Disc Labeling Service
Ulead Burning Helper
…

Hi SeeJay, Your logs look ok, however you have a large number of unnecessary auto starting programs, which would slow your boot time and then some would slow the computer by running all the time in the background.
Have you done a regular clean up...temp files and the like? Have you done a defrag lately?
How long have you had all the iPod programs on the computer? I only ask this because those DID slow my computer considerably after install. Unless you use the iPod all the time there really is no reason all of these have to run at boot time and then run all the time. They can be turned on when you want to connect the iPod.
If you wish I can give you a list of the programs that you can turn off from auto start and see if that makes a difference.
Judy

Looks ok to me. Are all the problems solved? If so you can mark this one solved.
Judy

Run HiJackThis again and place check marks next to the following entries:
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FreecycleMemberBHO - {C3E5E149-27B7-49D1-8420-B02AC52AF663} - C:\Program Files\Freecycle\FreecycleMember.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll

O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Ronnie\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

Once you have placed the check marks click the Fix Checked button.
Exit HJT.
Reboot the computer and run one more HJT scan and post back with that log.
Judy

Before I give you the final HJT fixes I need to know, you have a lot of extra tool bars on your Internet Explorer, do you use them all?

hey i have the same problem i got a virus im sure is a virus turning my sound off and changing taskbar to grey also stop connectig to the local area network i had the last update of nod32 but whatever didnt find something i wounder how to solve this problem i had reinstall many computers but i still have the same problem can u aid me plz

anchom, this thread is nearly 3 years old. You need to create your OWN new thread rather than hijack an unsolved thread. Begin your own thread, state all your problems, give pertinent info...operating system, anti-virus program, steps you have taken in an attempt to correct the problems and somebody will offer to help.

Download Mike Lin's Startup Control panel and install it. Once it is installed you will find it in the Control Panel with a little computer icon labeled Start up.
Open that program and navigating through the various Tabs take the check marks out of the following items:
HPDJ Taskbar Utility
Ad-Watch
IMEKRMIG6.1
HP Software Update
QuickTime Task
Adobe Reader Speed Launcher
UserFaultCheck
SunJavaUpdateSched
RunNarrator* this one may be listed more than once, remove check marks from all listings.
Microsoft Office
Once you have removed the check marks exit the program and reboot the computer. Run a new HJT scan and come back and post that new log.
Judy

Hello Ronnie, PP has to be away for several days and he has asked me to help finish up your clean up.
First thing you need to do is Uninstall HiJackThis via Add/Remove.
Next you need to download a new copy but please do it this way:
First of all right click on your desktop and choose New Folder. When the New Folder appears on your desk top Right Click it and choose Rename. In that small box which will show there name the folder HiJackthis.
Now download a new copy of HiJackThis and save it to this new folder on your desktop. You had it running from a temporary file and it must be run from a permanent file.

Next thing you will need to do is remove the rest of that old Norton Program. To do this you will need to download and run the Norton Uninstall Tool Click the link and then download the correct tool for whatever version you were running. Run the tool to remove the remainder of Norton.

Now I need the answer to this question;
Do you use Korean input on the computer?

Follow the instructions I just gave you and then come back here and let me know when you have completed those steps. Also answer my question.
I am going to help you stop some of the unneeded auto starts and also hopefully do a few removals using …

Looks good! If you feel everything is ok then you can mark this thread solved.
Judy

m-bam found 7 new threats on the system but the system rebooted afterwards so no log this time.

There is ALWAYS a log. Open the program, go to the Logs Tab. Go to the one before this latest scan and post it back here.

That HiJackThis log is incomplete.

I will say that currently, the only symptom that I'm getting - not that this means anything - is when I reboot my winlogon.exe file is creating 2 folders

How do you know that is what is creating the folders??? WHY are you looking through folders? Is that in the instructions given? Where are you seeing these folders?

I am going to say here Matt, this is becoming more and more difficult for me to deal with, I have no idea what you are doing, why you are doing it and if you ever complete steps exactly as given. Thus far I have not seen any evidence of that.

The good news is that this time the software actually let me update it...

Scan running now.

I do have currently none of the symptoms I had last night after manually deleting the helper32.dll file and installing a fresh download of Internet Explorer 8 for XP.

But as you said, that doesn't mean I'm completely clean, hence why I came straight to this site today upon getting home from work.

I appreciate that you're taking the time to help me through this, and I will post the results when the scan finishes.

Oh Matt, Matt, Matt...why in the world would you download new software when you don't know if your computer is clean or not? If it is NOT then the IE 8 could possibly be damaged too. The cardinal rule when dealing with an infected computer is to be absolutely certain that it is 100% clean before installing ANYTHING other than the security programs needed to clean it up.
Post your MBA-M log when complete and also a NEW HJT log. By the way you were using a beta version of HiJackThis so I would like to see a log from the current version of HiJackThis which you can get from HERE
You will have to UNINSTALL the other one from Add/Remove before downloading the new one.
Judy

Ok Matt, let's step back here. First of all I DO apologize but I was not previously aware that you were unable to update the program via the normal ways since you had not mentioned that. Also because you were running multiple manual removals I was not certain which steps you had been able to complete and which ones you had done fully or the exact order they were done.
Now you never posted a new HJT log AFTER the original cleaning, the only one you posted was the original.
One of the problems here, I believe anyway, is that you had at least two different infections; one was or is a worm and the other one was that Internet Security 2010. The other thing was at first you had no anti-virus program on the computer but sometime you did install the Microsoft Security Essentials, but failed to inform me that you had done so. No anti-virus program showed in the original HJT log but it does show in the DDS log.
The only mention that you attempted to install "something" was this comment:

An error has prevented the installation process from completing. Please reboot and try again

That's pretty much the message I get whenever I try to install anything atm. It starts, but it won't complete.

Did the other bit with msconfig, and still got the same problems upon reboot

Now while the Miscrosoft Security Essentials DOES show as running in the DDS log I …

That's because when I try to update it I get this:

An error occurred. Please report the following code to the Malwarebytes' Anti-Malware support team.
Error Code: 732 (12029, 0)

And I get that code on every fresh install. And yes, I'm downloading the replacement exe file

And did you read the original instructions I gave you?

If you receive a code 2 error while installing Malwarebytes's, please press the OK button to close these errors as we will resolve them in future steps.
This infection can and often does delete a core executable of Malwarebytes' you will need to download a new copy of it and put it in the C:\program files\Malwarebytes' Anti-Malware\ folder.
Malwarebytes EXE

You must use that file noted in the instructions. It has a random name and helps to "fool" the infection. Bleepingcomputer's instructions are very specific and DO work if followed to the letter from beginning to end. I said earlier, I personally have used these steps cleaning a computer with exactly the same infection and exactly the same symptoms you are experiencing and they do work if followed exactly, without any deviation.

We are familiar with this infection here. It is a very common one at this time.
I see one problem with your MBA-M...it was never updated. You obviously didn't follow all the instructions given originally concerning the use of MBA-M.

click on the Update tab and update the program.

The instructions also make it very clear that it is likely the infection will damage MBA-M during the cleaning and it should be uninstalled and reinistalled.
Did you do this?

Now if you want to continue using MBA-M and it is strongly suggested that you do as it is an excellent program it is suggested that you Uninstall the one you have on your computer, just in case it is still damaged, and download, install and update a new copy.

The original was not updated and the scan done this evening was not done with an updated version as the current database is 3506...several days newer than the one you originally installed. This is one absolute must with MBA-M update before each and every scan. This program sometimes has updates multiple times a day so there are times if a person runs MBA-M more than one time in one day there program could have more than one update during this period of time.
If you did not uninstall MBA-M after the clean up and download a new copy, not just reinstall using the original install file, then you must uninstall it now, delete the install files and download …

Please do as PP has requested:

You should probably post a DDS log as per the "Read Me" sticky post because it looks like MBAM missed this.....

Download DDS by sUBs and save it to your Desktop.

Be sure follow the instructions below carefully!

• If your AV has a script blocker, please disable it
• DoubleClick on dds.scr to run the tool

* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).

• Copy&Paste the DDS.txt into your post for assistance.
• Please post Attach.txt as an attachment to your post - there is no need to Zip it. If you don’t know how to post an attachment, please Copy&Paste it along with the DDS.txt scanlog.

Whew! You really had me worried there that you were still having the problems with those pop-ups.
Depending on whether you have things on this portable hard drive that you want to save you could either wipe it entirely or go through the same steps we did on the main computer but do them on that portable drive. That would be scanning the drive with MBA-M to begin with. You would hook the drive up, then open MBA-M, update it and choose Full Scan. When you do that you should get the option of what drives to scan, of course choose "C" drive, your main drive but also choose that portable drive. Let it do the scan, which will take longer than before because more than one drive will be scanned and when the scan is finished Remove All items found. The scanning with HiJackThis wouldn't be needed as it doesn't scan portable drives.

My desktop is completely locked atm with a big huge message on the front of it that says "YOUR SYSTEM IS INFECTED"

I somehow got Internet Protector 2010 malware and it also came with the free bonus of smss32.exe - which reappears on every reboot after I delete the file.

As of right now, every time I reboot my computer my registry is changed and my Ctrl-Alt-Delete function is disabled. I go into the regedit program and delete the entry and can gain access to it, but my desktop is still locked and the virus/malware is obviously still present because everything I "fix" becomes an issue again immediately when I reboot.

Follow these instructions found at bleepingcomputer. This method DEFINITELY DOES work as I used it just a few days ago to rid another computer of this same infection.
Definitely use the rkill.com

double-click on the rkill.com in order to automatically attempt to stop any processes associated with Internet Security 2010 and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Internet Security 2010 when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a …

Just saying you "tried a lot of things" tells us nothing. What EXACTLY have you done? We need logs from programs that you have run. How do you know you have this specific infection?

is there anything else i need to do in regards to the wscntfy.exe alert?

also, when i was getting this virus a portable hard drive was connected to the laptop. is there a need to scan the portable drive?

Well now you have me very confused. You said the computer was running ok, now you are saying you are still getting the pop up notifications with the red badge and white X? What do the notifications say?
There is a good chance yes, that the portable hard drive may be infected so it would have to be cleaned also using the same steps. I wish you had told me all this earlier, I thought the security alert pop ups had stopped and there was no more problem, you didn't say anything about still receiving these.
What exactly do these pop up alerts say...word for word please.

If you feel all is ok then you can mark this one solved.
Judy

So, IE is now connecting ok?

Run HiJackThis again and put check marks next to the following entries:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

O18 - Filter hijack: text/html - {ec59f84c-6e56-434a-aa39-ed4b1c8df63a} - (no file)

Then click the Fix Checked button. Exit HJT. Reboot the computer.
Do you use AOL Instant Messaging?

Download this Norton Removal Tool to your desktop and run it. Symantec/Norton items should be removed.

http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

Exactly what happens when you try to run Internet Explorer? Have you checked to be certain it is not set to Offline Mode?
Open IE, go to File and be sure there is NO check mark in Work Offline.
Please run a new HJT scan and post back with the new log.
Judy

What you will need to do after updating and running MBA-M again is of course Remove All items found. Reboot. Then run a new HJT scan. Post back here with both of those logs.
Judy.

Good! I see you posted the log while I was typing my other reply, I removed that because of the log showing. Do the following:

Run HiJackThis again. Place check marks next to the following entries:
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 winsecure2009.microsoft.com
O1 - Hosts: 91.212.127.227 winsecure2009.com
O1 - Hosts: 91.212.127.227 www.winsecure2009.com
O18 - Filter hijack: text/html - {ec59f84c-6e56-434a-aa39-ed4b1c8df63a} - (no file)

After you have placed the checkmarks click the Fix Checked button. Exit HJT.

Reboot, then see if you can use Internet Explorer.
You do need to update MBA-M and run it again.
I also see you have both McAfee and Symantec on the computer....you should only have ONE antivirus program on the computer. This can be a good reason for the infections in the first place. Please Uninstall one of them immediately.

then why did anybody tell me when i first got the viruse back in july 09 ???

Probably because your post back then gave no information except that you had the infection. You didn't come back and post again.
You had ONE post and this was it:

i keep getting win32trojontdss every time i turn on my pc ,ADAWARE cleans it up and get rid of it and then the next ttime i start it up ADAWARE IS CLEANING IT UP AGAIN and again each time

We are not to blame if you didn't return.

If you didn't reboot the computer then MBA-M has not finished cleaning. Look at the log....

C:\WINDOWS\default32.dll (Trojan.Downloader) -> Delete on reboot.

If you are not rebooting the computer then the infection will not be removed.
The choice is yours. Since you won't follow instructions then the computer will not be cleaned.
You can easily download HJT to the other computer and install it on the infected one. Each instruction given must be followed to the letter. Instructions for MBA-M are very clear....Remove all found and REBOOT the computer. If you have not done so then the infection will continue to download onto the computer. MBA-M needs to remove some infected files BEFORE all other files are loaded or it cannot remove the infection.
You didn't complete instructions on your earlier thread and you seem not to want to do it now. If you will not follow instructions exactly then we cannot help clean the computer.

Thank you for the information. SAS is a well known program.

Have you been able to reboot the computer? If so can you now download, install and run HiJackThis. Save the log and post it back here.

I turned off the firewall and tried to open up Explorer again. no luck. still getting invalid address page

You mean Internet Explorer I assume. Explorer isn't a browser.
You obviously have another computer since you are posting here. Can you download MBA-M install file to that computer, put it on a flash drive or cd and bring it to the infected computer and run it?

Try turning off the firewall.
Since this is the same computer as the one with the AntivirusPro infection and you never completed that one I would say there is a chance the computer was not fully cleaned or the updates completed at that time if they all were done then you should have posted back one more time with at least a new HJT log so PP could have absolutely said the computer was clean and safely protected.

Try running your anti-virus in Safe Mode.

You know you all ready have two threads which are not complete:

http://www.daniweb.com/forums/thread237635-2.html

http://www.daniweb.com/forums/thread242629.html

Is this the same computer? If so you absolutely MUST complete all steps given to you, post back with results and then wait for the computer to be deemed clean and the thread marked solved. This problem you are experiencing now could be a result of the infections shown in the first thread above. I would recommend that you go back through the steps in that first thread and post the results of the newest scans here and plan to stick with this until you are told that the computer is showing clean.