Posts by jholland1964

You have me confused here:

Hey im back had to buy a 30$ real slow p4 256mb ram pc of craigslist for now.

Are you saying you added more RAM to the computer with the problems or you bought another computer?

Pc specs
AMD athalon (tm) XP 2600+
1.91 ghz 768 of ram
2 80 gig hitachi hardrives
windows xp service pack 3

These are the specs of the problem computer? This isn't much RAM. How many ram card slots are on the computer?
I honestly don't believe this is a virus/infection problem. I think you would be better off posting all this hardware info in the HARDWARE Section of daniweb. I certainly am out of my element in that and there are experts there who can certainly advise you. But include ALL of your computer specs. You can tell them we have pretty much ruled out infection over here. I just don't think that is your problem, especially since this has been going on since 2007. Just the time frame alone makes me feel this isn't an infection issue, you would have had many more symptoms than just random shut downs.
Judy

O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Unknown owner - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe (file missing)

Go to Start, Control Panel, Administrative Tools, Services. Scroll down through the list that opens until you see that one. Double Click on it to open it's properties. Change it's start up type to Disabled.

Now for this one

...ending program message with "hpcmpmgr.exe"

that is the HP Component Manager which causes this very common problem on HP computers it is unnecessary to have it run at start up. It checks the internet for updated drivers/utilities for HP products. This can be done manually so there is no reason to have this auto starting.
Now you can stop a LOT of unnecessary auto starting programs with Mike Lin's Startup Control Panel. A Free program which you download and install. Once installed it will be located in the Control Panel with a little computer icon labeled Startup.
I would recommend that you install this program and when it is installed open it up and you will see various tabs there. Just go through each Tab and take the check mark OUT of the following programs, none need to run at start up all can be run manually very easily:
HP Software Update
HP Component Manager
TkBellExe
QuickTime Task
SunJavaUpdateSched
MSMSGS
Adobe Reader Speed Launch
Microsoft Office
Remove the check marks next to all of those, close the Startup Control Panel and …

Looks good. Time to get rid of the remaining Verizon entries so run HJT again and put check marks next to the following entries:
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL

O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL

O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN

O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Unknown owner - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe (file missing)

Once you have placed those check marks then click the Fix Checked button. Exit HJT and reboot.
Run one more HJT scan and post that log.
How are things running?
Judy

OK...finally caught up to this computers owner. She does not use verizon.
Do i need to get rid of anything that says verizon.
Again, thanks.

Absolutely. There is no need for this to be on the computer.
Once you have done that then do another HJT log and post it here.
Judy

Sorry if I sounded like I was in a bad mood, I apologize, I really am sorry and I certainly never meant to imply that you are stupid, because I certainly do not believe that you are. I guess I get frustrated when I read a log and then people doubt what I say. I sincerely hope you will accept my apology.

Now I have done some searching on the entries I noted from the combofix log. CNET Network and CBS Interactive are pretty much one and the same company as CNET Network was acquired by CBS Interactive in 2008. So this is why both of those entries show in the combofix log AND also in your latest HJT logs;
C:\Documents and Settings\Michelle\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
Now, that takes care of two of the items noted. Doesn't explain that OpenCandy, but since is gets awful ratings it may very well have come in with something else and I am still leaning towards that CNET TechTracker since it is listed with the other three items at the same time. Note also one of those Xobini listings also seems to be listed in that OpenCandy folder. If you can find that OpenCandy again yes delete it.
I also went back through many of your previous threads here containing HJT logs over the last several months and have noted that Xobni shows in NONE of the HJT logs until you installed that CNET TechTracker on November 17th. So this …

Ok, have done some research here, it appears your friend has installed the Verizon Security Suite. This is a PAID program from Verizon but has a 30 day free trial. You are going to have to find out if your friend PAID for the Suite or only installed the trial, and when. If the 30 days are up then it needs to be uninstalled. If your friend is paying for it then costs vary from $5.99 per month to $15.97 per month, depending on which version of the Security Suite is installed. Unless your friend has more than three computers I am presuming it is the $5.99 suite IF your friend is paying for it. The Uninstall List doesn't say if it is the paid version or the 30 day trial version, only says that it is installed. The Verizon Security Suite has an anti-virus program (Authentium Antivirus), an anti-spy program and a firewall.
IF your friend is paying monthly for this then the Avast anti-virus program needs to go as it isn't needed and more than on av program is a no-no. So before we go further you need to find this out.

Yeh I had webtrust installed b4 I deleted my bloody profile. It's not always accurate I just want you to know.

I have absolutely no idea what program you are talking about but the add-on I am talking about ISN'T something called webtrust (I have never heard of that) it is Web Of Trust W.O.T. there is NO profile required for Web Of Trust, there is no registration, nothing, it is simply a browser add on that warns you before you interact with a risky website, period. It doesn't stop you from going there, it just tells you if the site is risky, you can read the reasons why on the scorecard for the website and make your own decision to go there or not.

Click Tale got on there & they have a great program. I told them about it & they were shocked.

If you mean this web site http://www.clicktale.com/, why would they be shocked or concerned, their web site gets a favorable rating.

I saw that Xobni & didn't know what that was either although it looks interesting, but I don't use Outlook anymore, so why would I install it?

I don't know Why you would install it, I frankly don't care, but it can't install itself. I don't care who installed something, you asked the question and I am giving you the answer according to your logs. I didn't say this Xobini program was a bad program I am just telling you what …

I NEVER installed this candy software.

Well, it may have come in with something else, not sure.
Take a look at these entries from your combofix log...

2009-11-17 18:58 . 2009-11-17 18:58 -------- d-----w- c:\program files\Xobni
2009-11-17 18:57 . 2009-11-17 18:57 5021168 ----a-w- c:\documents and settings\Michelle\Application Data\OpenCandy\Xobni_OC16.exe
2009-11-17 18:57 . 2009-11-17 18:57 -------- d-----w- c:\documents and settings\Michelle\Application Data\OpenCandy
2009-11-17 18:57 . 2009-11-17 18:57 100113 ----a-w- c:\documents and settings\Michelle\Application Data\CBS Interactive\CNET TechTracker\uninst.exe
2009-11-17 18:57 . 2009-11-17 18:57 -------- d-----w- c:\documents and settings\Michelle\Application Data\CBS Interactive

There is where the OpenCandy shows...all four of those items were run at exactly the same time...if those are all new then it is one of the other programs running at the same time I believe...either Xobni or that CBS Interactive. I may be wrong but none of those show any other time in the log.

What site should I be using to investigate a software's reputation b4 DLing it?

google is your best bet. Look for Reviews from legitimate PC sites...
Also, Install Web Of Trust which is a browser add-on for both IE and Firefox which gives information about the website you are visiting. If you are considering installing a new piece of software go to their OWN web site to get it. If the "parent" website itself gets a bad rating from Web Of Trust then DON'T download the software from ANYWHERE. If their own web site gets a bad rating then don't trust the program …

Java on this machine is WAY out of date. Do the following, go HERE and download the Offline Install and save it to the desk top.
Next do the following, go to Add/Remove and UNINSTALL the following programs:

Authentium AntiVirus SDK - 2 (I don't see this running in the log but the computer has Avast running and should only have ONE anti-virus program so this should go)
DesktopFun Toolbar
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
If you are required to reboot during ANY of the installs please do so and continue forward with the rest of them. After all those Uninstalls are complete then go to that Java Install file on the desktop and install the newest version. Keep an eye out during the install, occasionally these java installs add an extra toolbar or something...take the check mark out of the box next to it if you are offered something extra and continue on with the install. Once it is complete go back to that download page and on the right side is Verify Now, click that to go to the verification page to assure the install was successful.
When all that is complete come back here and let me know how things are running.
Judy

Run HJT again and place a check mark next to the following entries:
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 antiviraprof2009.microsoft.com
O1 - Hosts: 91.212.127.227 antiviraprof2009.com
O1 - Hosts: 91.212.127.227 www.antiviraprof2009.com
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
When you have placed the check marks then click the Fix Checked button.
Exit HJT
Reboot and run a new HJT scan and post the log.
There are several programs which definitely need to be Uninstalled, I will give you those once you do the newest HJT scan.
Judy

No, the computer would not be clean yet since there was No action taken. on any of the items found. Update MBA-M again and run a Full Scan with it, please this time have it REMOVE items found.
Look for the ESET log at C:\Program Files\EsetOnlineScanner\log.txt anything found by it should also be fixed. If you didn't do any fixing with it and things were found then run it again and fix them.
Reboot the computer after doing each of the above.
Then run a Full Scan with HiJackThis and save the log. Post back with all those logs.
Judy

First thing I note is that you have continued to add new programs even though the computer is not cleaned. If you really want your computer cleaned you need to stop adding software unless directed to do so. Installing new software is never a good idea on a dirty machine, especially OpenCandy whose very own website is listed by Web Of Trust as having a very poor reputation. The program is noted on many links given by a simple google search as spyware, adware, malware, here is just one example

Please do the following:
Open HijackThis and choose Misc. Tools. When that opens choose Uninstall Manager button.
Then click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into a reply

Think it is time for a big gun.
Do the following:

The first thing you should do is print out this guide, as we will close all the open windows and programs, including your web browser, before starting the ComboFix program.
Download ComboFix
Click on the Save button, and when it asks you where to save it, make sure you save it directly to your Windows Desktop. It MUST be saved there. DO NOT RUN it YET

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Windows may issue a prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
ComboFix is now preparing to run and when it has finished you will see the Disclaimer screen you should press the number 1 key and then press the enter key to continue.
ComboFix …

I do need a new HJT log. What makes you think Anti-Vir isn't working? The last item found was a Trojan. Normally anti-virus programs are not geared to protect against Trojans, viruses yes, Trojans no. They WILL catch them occasionally in a scan but this is why it is always recommended to use more than one program for scanning at all times. Personally, I have used Anti-vir for over two years, I use MBA-M for my other scanner program. You need a firewall to help protect against Trojans and other malware along with proper browser settings and SpywareBlaster, a MUST have protection program, and it is FREE.
Judy

The only reason the Windows Genuine Advantage tool would be attempting to install, I think, would be if it failed to install the last time. This could be the fault of your McAfee because it blocked the tool.
If this is telling you at boot time it needs to install then that is probably the case and you should allow it to install. There are many updates which require a reboot in order for the update to be fully installed.

We can get that "nag" to stop easily. Do the ESET scan and post back this that log and a new HJT and I can then better tell you what you need to do.
Judy

When the Windows Genuine tool pops up what is it telling you?

I would recommend that you run at least one online scan to be certain that the computer is clean, the
ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log.

Removing those Host Files was just step one really. You never stated WHAT problems you were having, just submitted the log.
What is the reason you want to remove the Windows Genuine Advantage validation tool?

Ok, let's try this a different way, maybe be able to figure out if this is a false positive or not.
Go to http://virusscan.jotti.org/en
There you and upload each of these files singly and allow them to be scanned by 20+ different scanners and see if they come up with the same findings.
It is very simple to do. You will enter the name of each on in the window you see there and have it scanned. You will be presented with a report on each one. Come back here with those reports. These are the files you need to upload:

E:\E-mails\HackersSpammers.dbx
E:\E-mails\Inbox.dbx
E:\E-mails\Poly_amory Yahoo Group.dbx

Don't give up, we will get this "licked" yet!
Judy

EDIT: for now don't worry about the defragging. For one thing, you can see it obviously had no affect on speeding the computer. That is minor at this time but we will discuss it once we get the computer cleaned up.

I am a bit confused here. You say you don't have a different hard drive. But these infected files show clearly as being on a different drive that where your operating system is located, which is "C" drive. The Folder is found on "E" drive, meaning the drive is on your computer. Is this a flash drive or something like that?
What IS "E" drive?
Open My Computer and see how many drives are listed. The infected folder is on "E" drive and it is named E-mails.
You also still have an IObit program on the computer, I thought you said you removed it. It clearly shows as running when the HJT scan was done:C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
There is absolutely no reason a defrag program should be running all the time on the computer. As noted before the IObit programs are really VERY questionable...ALL of them.

The scan is not going to tell you the subject line of the email or who it was from. It is only going to tell you what the infection is.
Here they are again as shown in that ESET scan. It is quite possible the entire FOLDER shown is infected. I know I wouldn't want to take the chance.

E:\E-mails\HackersSpammers.dbx Win32/Badtrans.29020.A worm unable to clean
E:\E-mails\Inbox.dbx Win32/Bagle.J worm unable to clean
E:\E-mails\Poly_amory Yahoo Group.dbxWin32/Klez.J worm unable to clean

ALL of those infections found are particularly nasty.

Try updating and running a scan on "E" …

You most definitely have malware on the computer.
Run HiJackThis again and put check marks next to the following entries;
O1 - Hosts: 91.212.127.227 winsecurepro2009.microsoft.com
O1 - Hosts: 91.212.127.227 winsecurepro2009.com
O1 - Hosts: 91.212.127.227 www.winsecurepro2009.com

Once you have placed the check marks click the Fix Checked button. Exit HJT.

Reboot the computer.

Update your MBA-M program and run a Full Scan with it.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.

Reboot the computer
Run a NEW HJT scan and save the log. Post back here with the MBA-M log and the HJT log.
Judy

You left the wordwrap on for your HJT log. Can you post it again with wordwrap off? It is very difficult, if not impossible, to read.
Is the E drive an internal or external drive used for storage maybe?
All of the infected items found by the ESET scanner are in the same folder on this drive:
E:\E-mails\

You didn't have MBA-M fix the items found. Update it again, run another Full Scan and have it remove whatever is found.
Reboot, then do the following:
Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

Reboot.
Run a new HJT scan and save the log. Please be certain that wordwrap is NOT on.
Post back with all three logs.

Really happy to have helped. I am marking this one as solved. If you see the problems are not corrected just come back and ask for the thread to be reopened.
Judy

u didnt say anything about the image i posted why did that come up?

Sorry, Vista wouldn't allow write access to the Host File and if fixes with HJT had been needed you would have had to do it manually. No need to worry about that.
Your logs look good to me. Is everything working ok? If so you can uninstall HJT. If you would ever need it again a new copy should be used.
Judy

The program starts and prompts to update the version. I click no and then it tells me to stop my virus scan software, which I can't and then runs like normal.

The uninstall only works if you installed it directly onto your desktop which I assume you did. You can try manually to just delete the file from your desktop.
The combofix quarantine files are normally found in C:\Qoobox, and you can manually delete those.
It isn't going to hurt anything if it remains but don't ever use it again. If you would ever be directed to use it again then you would have to remove it.

When you said the program begins to run, do you get the Disclaimer Box? If so if you click No this hopefully should uninstall it.

no more adverts opening up any more :)
shall i still run MBA-M and HJT again then or not?

Yes, do both. We need to be certain everything is cleaned up. Then I will give you the final steps.
Judy

Looks pretty good. If you feel your problems are solved then you should do the following:
You should remove HiJackThis, you don't need it any more.
You also should uninstall combofix. It basically is a "one time" fix. If a person is told to use it again some other time then a new copy would be needed.

* Click START then RUN
* Now type Combofix /u in the runbox and click OK. The space between the combofix and the /u, it must be there.
When shown the disclaimer, Select "2"

You also need to set a new, clean Restore point.
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.

Judy

Looks pretty good. Update MBA-M and do one more Full Scan with it. Have it remove anything found.
Reboot the computer and do another HJT scan. Post back with both logs.
Are you still having the problems with IE 7 opening on it's own?
Judy

Give me one more HiJackThis scan and then I will give you the Final Steps...very simple.
Judy

Go to Control Panel and look in Program, Installed Programs for AskBar. If you see it remove it.

Update MBA-M and run a Full Scan. Have it remove all items found.
Reboot and post back with that new log.

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.
Reboot the computer.
Run a new HJT scan. Post back with both logs.
Judy

Download Combofix and run it:

http://www.bleepingcomputer.com/comb...o-use-combofix

Download it to your Desktop as that and follow the instructions in the link very carefully to run it and then post the combofix log.
Be sure to install Recovery Console if you don't all ready have it on the system and disable any other security programs or Anti-Virus programs as noted in the link before running Combofix!

Post back with that log.
Judy

Waiting six days between posts isn't going to help the machine. Hopefully you can stick with this and maybe we can sort it out.

You need to only have the drivers on there from the current card, not the old one. So you have to uninstall the wrong driver and leave the driver for the card that you have in there now. Probably what you did during the reformat was to install the driver for the old card by mistake.
One item that can cause problems is Spybot TeaTimer. You should TURN it OFF and leave it off.
Here is how to do that:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

I had problems w/ Malware (Anti Vir noticed this

)
I am not certain what you mean by that statement. Do you mean that Avira FOUND malware or that there was a problem with the Malwarebytes' Anti-Malware program. There is no reason for Avira to do anything or note anything about that program.

What firewall are you running? Now of course this could be some sort of infection, but since I have seen no logs I …

Do you know this website? wardleonard.com

Hi and welcome to Daniweb,
Do the following:
First of all run Disk Cleanup.
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Reboot the computer

Download and run HiJackThis. Do a full system scan and save the log.
Post back here with both the MBA-M log and the HiJackThis log.
Judy

Cases, Fans and Powersupply forum, if the problem arrose when you upgraded or altered your hardware then most likely a virus wouldn't be the culprit.

The poster clearly stated in his first post

i have a strange virus that boots off an on my pc consistantly every 10 secs.. ill try to type this short since it might shut off while im writing thisnow ..

ive replaced the heat sink fan and power unit which got my pc to work for 4 dys before it started to do the whole loop on an off thing again

This says the problem was happening BEFORE the replacements were made and then continued AFTER the replacements were done so it is likely the problem is not hardware related.
Have you tried safe mode with networking? If this works without these shutdown/restarts then chances are the problem is not hardware related.

How did you uninstall the Adobe Flash player? In order to uninstall the most recent versions of Adobe Flash player you must use their Uninstaller to do so.
http://download.macromedia.com/pub/flashplayer/current/uninstall_flash_player.exe

Save the file to the desk top for easy locating.
Once it is downloaded and on the desk top close ALL running applications, including all Internet Explorer or other browser windows, AOL Instant Messenger, Yahoo Messenger, MSN Messenger, or other Messengers. Check the Windows system tray carefully to make certain no applications are still in memory which might possibly use Flash Player. This is VERY important to do this because the uninstaller cannot remove files currently in use.
Once all applications are closed then run the Uninstaller.
Once it is uninstalled, reboot the computer.

The reason I asked is there are some programs there I am unfamiliar with, all perfectly legal but I am hesitant to have you make any changes regarding those so I won't.
Run HJT again and put check marks next to the following entries:
O1 - Hosts: ::1 localhost
O2 - BHO: Charter Toolbar - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\PROGRA~1\CHARTE~1\CHARTE~1.DLL
O3 - Toolbar: Charter Toolbar - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\PROGRA~1\CHARTE~1\CHARTE~1.DLL

Once you have placed the check marks click the Fix Checked button.
Exit HJT and reboot the computer.
Your Java program is way out of date and must be updated.
Go to http://www.java.com/en/download/manual.jsp
Download the Offline Install and save it to the desk top.
Then close all browsers.
Go to Add/Remove and Uninstall ALL old versions of Java showing there.
Once you have done this then double click that Java install file on the desktop and install the newest version. Be sure and watch closely on the install windows, they often times offer the Yahoo Tool bar and if you don't take out the check mark when it comes up it will also automatically install. When you see it take out the check mark so you don't get that too.
Once the install is complete then go back to the Download page and click Verify Now to check to be certain the install was successful.
Do a few searches then and see if you are still redirected.

Can I ask is this a work computer?

Yes why ?

is there anythng in there thats a threat? i dont know what else to do.. where can i post about cpu fans and atx power supply issues on here?

I asked the question because you didn't say whether things were better or not. No, I don't see anything in the log except a huge amount of programs running needlessly. But I don't see infections.
How much RAM is installed on the computer?

Please do the following:
Run HiJackThis again and place check marks next to the following entries:
O1 - Hosts: 91.212.127.227 awareremover2009.microsoft.com
O1 - Hosts: 91.212.127.227 awareremover2009.com
O1 - Hosts: 91.212.127.227 www.awareremover2009.com

Once you have placed the check marks then click the Fix Checked button.
Exit HJT and reboot.
Then do the following:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. VERY IMPORTANT
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer
Run a new HJT scan and then post back here with the MBA-M log and the new HJT log.

Are you still having problems?

I really don't see anything in the logs. Are you still getting the Firefox tabs opening?

Well, in response to your comments about the Advanced System Care by IObits...you may want to take a look at this info and think about whether you DO want to keep this program at all.

http://www.malwarebytes.org/forums/index.php?showtopic=29681

With these two below please note that both links received "This site has a poor reputation" or Ethical Issues problems. Do you want a program on your computer whose own website is questionable?

http://blog.iobit.com/archives/95.html

http://www.iobit.com/avg-com.html

You have CCleaner running at start up, totally unnecessary, along with a LOT of other unnecesary auto starts. Your Java program is out of date. You have software running for two different graphics cards...which do you have?

Sorry, we're a bit short handed these days.

Uninstall IObit Security 360 using Add/Remove. This company is not a very reputable company and it is not recommended.
After that do the following:

Update MBA-M
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer

Then run a NEW HiJackThis scan and save the log. Post back here with both the MBA-M log and the HJT log.

That MBA-M program is WAY out of date. The current database version is 3131 and your version is 2775. Can you update again and do another scan?

pimpwack, you need to be sure the program you installed was the Malwarebytes' Anti-Malware (MBA-M) program. Update that program, do a full system scan with it and have it REMOVE all items found.
Reboot the computer. Run a new HiJackThis scan and then post back here with the MBA-M log and the HiJackThis log.