Posts by jholland1964

You are not following instructions. You didn't FIX anything with MBA-M,'
Please update the program again and follow these instructions:
# If an update is found, it will download and install the latest version.
# Once the program has loaded, select Perform full scan, then click Scan.
# When the scan is complete, click OK, then Show Results to view the results.
# Be sure that everything is checked, and click Remove Selected.
# When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

REBOOT the Computer

Run a new HJT scan and save the log. Post back first with the MBA-M log and then the HJT log.

OK, thanks.

I'll do this as soon as I get home on Saturday.

You didn't answer my question regarding the RAID drive failure - I have a new drive on order anyway.

Somebody else will have to answer that, it is not in my area of knowledge and wouldn't want to give you incorrect information.

You know what, I am at the point of really not caring anymore one way or another whether you do whatever I say. You have questioned every suggestion, you have refused to follow instructions and because of this the thread has gone on for 18 days, 12 pages and now 114 posts. This all could have been complete in 1/3 of the time, pages and posts if you would have paid attention.
Use SpywareBlaster or not. Frankly at this point I don't care. It is HIGHLY RECOMMENDED on virtually EVERY Computer Help Site on the web. Whether you believe that or not, I don't care anymore.
SpywareBlaster Review: Blast Spyware For Free

One of the great features in SpywareBlaster is it does not need to be running all the time to be protected from spyware. SpywareBlaster does not require scanning to look for spyware. When you enable the protection, it sets the kill-bit of the bad or malicious CLSID as "1" to prevent installation of spyware or malicious software. SpywareBlaster currently protects 12,338 bad items and it is being updated often.

You obviously didn't read the instructions or information I posted. SpywareBlaster DOES NOT run in the background so it DOES NOT interfere with any other protection programs. Do you honestly think I would recommend something that would cause problems with other programs on the computer?

By the way, I note you said you DID NOT REMOVE Cookies. When removing temp internet files this ALSO INCLUDES ALL COOKIES. Please do so now.

Run HJT again and put a check mark next to the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net

O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute 2008\vrie.dll (file missing)
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute 2008\vrie.dll (file missing)

O16 - DPF: {B69F2A98-E470-11D3-AFA3-525400DB7692} (Actimage Pattern Control) - http://ib.dancik.com/ib/download/actimage40930.cab

Once you have the check marks placed then click the Fix Checked button.
Exit HJT.
Reboot the computer.
Update MBA-M and run a new Full System Scan with it. Remove all items found.
Reboot the computer.
Run a new HJT Full System scan and save the log. Please COPY/PASTE both new logs back here.
Judy

Since we prefer that logs be copy/pasted and not attached here are the logs as posted by rynd2it

Malwarebytes' Anti-Malware 1.36
Database version: 2069
Windows 5.1.2600 Service Pack 3

5/2/2009 5:35:23 PM
mbam-log-2009-05-02 (17-35-23).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 314477
Time elapsed: 31 minute(s), 23 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 4
Registry Keys Infected: 6
Registry Values Infected: 4
Registry Data Items Infected: 13
Folders Infected: 0
Files Infected: 16

Memory Processes Infected:
C:\WINDOWS\system32\frmwrk32.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\gurelido.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ririzaki.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\veseyusi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\Temp\ntdll64.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1299093e-cab1-410f-a642-91ab48920452} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1299093e-cab1-410f-a642-91ab48920452} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1299093e-cab1-410f-a642-91ab48920452} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
KHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vowakosivu (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\veseyusi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification …

Only other recommendation is that you download, install, update and enable SpywareBlaster
SPYWAREBLASTER Silently blocks malware,etc. Update it, enable protection for latest updates, close it out. It DOES NOT run in the background but provides superb protection on the computer. It is a MUST HAVE program. Just remember to manually check for updates weekly and if there are any, download and enable the new protection added. Then close the program.
Other than that I think you are good to go. If you feel things are good then you can mark this one solved. Safe surfing and REMEMBER READ everything before you do it.
Judy

Not to interfere but have you checked your Windows Security Center in Control Panel and see what it says?

i couldnt find the offline version so i downloaded the online version.
now the verify is correct.
however i still have not uninstalled the older version i have now appearing three:
J2SE Version5. update 14
Java 6 update 2
Java 6 update 14

Oh COME ON...this really is getting to be ridiculous. My instructions were VERY clear.

Once those are uninstalled then go to that new file on the desktop and double click to install the newest version.

What is so hard about following instructions? This thread has gone on for 16 days, 11 pages, and many of those days and pages would have been totally unnecessary IF YOU HAD FOLLOWED the intructions as given.

There was NOTHING difficult about locating the Offline Install IF you had looked at the download page carefully.
What is the address of the page where you downloaded this update? Current release I believe is Update 6 version 13 from THIS PAGE please click
I believe what you have downloaded is an early release version of the next update. That is NOT what I told you to install.

One thing I just noticed, your Java program is WAY out of date. You need to update that. First go HERE download the OFFLINE install file and Save it to the Desktop. Once you have that downloaded go to Add/Remove and Uninstall ALL old versions of Java you find there. Once those are uninstalled then go to that new file on the desktop and double click to install the newest version. Once that is complete then go back to the Install Link and on the Right side you will see Verify Now. Click there to verify that the Install was successful.
Judy

Hi jazzyjaz, glad crunchie helped with completion. The recovery console is there because it was installed when combofix was used. This is how Microsoft describes the Recovery Console:

If a Windows XP-based computer does not start correctly or if it does not start at all, you may be able to use the Windows Recovery Console to help you recover the system software.

That was installed prior to the running of combofix because it was not on your system. You said yourself you don't have the original XP disk which would be use to help you recover the system should there be a problem. Leave it. Hopefully you will never need it. The message is just telling you it is there.
Yes, you need a firewall. Either use the built in XP firewall or use one of the free ones available. Norton is your anti-virus program, not a firewall. Personally, I would recommend you try Online Armor It is free, fairly easy to use, not intrusive and since Norton is fairly large I would suggest you use Online Armor.

can i run superantispyware and do i need to run it along norton antivirus?

You certainly can run SuperANTISPYWARE. The free version DOES NOT work in the back ground, use it for scanning purposes weekly. I would strongly suggest you do the same with MBA-M. Frankly that is MY preference, MBA-M that is, that program is really top of the line today. You can have as many of the …

IF you are ABSOLUTELY certain then run HJT again and put check marks in those O17 entries and click the Fix Checked button. Exit HJT.
REBOOT and run another HJT scan and hopefully post it back here...FULL Log remember.
Judy

yes its running fine.
but how do i remove DE.BAYER.cnb

You have to be ABSOLUTELY certain this has nothing to do with your internet service.
After extensive searching what I have been able to find is that it possibly is an internet service. I don't know where you are located but this service "seems" to be based in Europe.
Before attempting to remove this I suggest you telephone your internet provider to be absolutely CERTAIN this doesn't have anything to do with your internet provider. Many times something like this will show on a log and the name isn't recognized, people will remove it and THEN have no service.
For a simple example, say your ISP is Jones.com but you see Smith.com listed in a log. But in checking with Jones.com you will find out they are owned by Smith.com so if you remove it then you would have no service. So call your provider tell them you see this Tcpip listing on the computer for DE.BAYER.cnb ask them if they feel it is safe to remove. Let me know what they say.

Is the computer running all right? I don't really know what to tell you about those DE.BAYER.cnb listings because I cannot find info on them

Try this:
Please Download ATF-Cleaner.exe by Atribune(Windows XP, 2K, 2003 & Vista ONLY) save it to the desktop for easy access.

RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked at , and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

Reboot the computer

Post back with the ESET log. Also, it is adviseable that you turn off Spybot TeaTimer as it can interfere with fixes attempted.
* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the …

I honestly don't see anything related to Clicksor in your log.
Did either of your scans find anything? They wouldn't say Clicksor, they would say something else.
Update MBA-M and do a Full Scan with it.
Remove everything found
Save the log.
Reboot

Post back with the log.

Your HJT log is incomplete. We need the FULL LOG. There still is one Landesk service enabled by the way.
Looks like This
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:45 PM, on 4/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
and then all the items listed below the heading

That's a good method to carry out the hijacking process
but one can always keep the pop-up blocker on
and avoid such fake pop-ups

On an infected computer a pop-up blocker will not stop the pop-ups from the infection.
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer

Run a new HJT scan and save the log. Post back here with the MBA-M log and the new HJT log.
Judy

My PC is infected with Clicksor and both Spybot S&D & Malwarebytes' AM have failed to detect it.

Probably because I can find no information on an infection called Clicksor. Clicksor is a marketing technology but I see no evidence of that on your log either. Can you explain more fully? Are you CERTAIN this is the name of the infections and if it isn't detected then how do you know you have it?

i have followed judy's instruction to the best of my ability & my computer is still slow, does not respond on shutdown & has some unknown dll on startup in msconfig. Any other ideas other than malwarebytes?

MBA-M was NOT run correctly it it had been the infection would be gone, it is NOT. How do we know it was NOT run correctly? Because the logs show it was not.
#1. As Crunchie noted, your scan was done with Database version: 1945, that is an OLD database. MBA-M has updates daily, at the very least, sometimes more than once a day. So you are at the very least more than 100 databases behind.
Instructions read as follows:

# DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
# Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
# If an update is found, it will download and install the latest version.

#2. Your log shows NO ACTION TAKEN. The instructions clearly read: Be sure that everything is checked, and click Remove Selected. You did not do this.
#3. The instructions next clearly say:

Reboot the Computer

IF you had rebooted the computer there would NOT have only been 1 minute between the start of MBA-M scan which was begun at 21:38:00 and the start of the HJT scan which was done at 21:39. Plus your MBA-M Full scan only took 12 minutes. Way …

Hi welcome to daniweb, don't have any idea how large a hard drive you have or how much RAM is on there but you are running and extraordinarily large amount of programs at one time. Many are unnecessary. Also your Java is WAY out of date.
But, you DO have a Vundo infection showing in the log. You need to do the following:

Run HJT again and put check marks in the following entries:

O15 - Trusted Zone: [url]http://game.gmgm.com.tw[/url]
O15 - Trusted Zone: [url]http://gamemenu.gmgm.com.tw[/url]
O15 - Trusted Zone: [url]http://gmback.gmgm.com.tw[/url]
O15 - Trusted Zone: [url]http://home.gmgm.com.tw[/url]
O15 - ESC Trusted Zone: [url]http://*.update.microsoft.com[/url]

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hiwumeku.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hiwumeku.dll

Once you have placed the check marks click the Fix Checked button. Exit HJT and reboot the computer.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

• DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
• Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be …

its just that i've tried nearly all of them & they seem like a waste of time. Some are rogues, others just drink up ur memory & others just don't detect anything. I'd rather fix problems they way you guys do, that way i learn a lot more & don't have to bother with programs & such.

will post logs now.
regards,
mimidog

IF you would bother to read PC Protection - How To Avoid Infections
You will NOT find Rogue programs. You will find LEGITIMATE, GOOD, TRUSTWORTHY protection programs.
You would rather fix problems the way we do...WE don't have any problems personally, we are helping others who have problems. Do you know why WE don't have any problems with computer infections? Because WE use anti-virus programs, we use firewalls, we use anti-malware applications to protect us from computer users like you That said.....
even if you wanted to "fix problems the way you guys do"...you HAVE NOT. You have not followed one bit of instruction we have given to you.
No, the way YOU try to fix a computer is to delete rundll32.exe...you ARE aware that RUNDLL32.EXE IS a legitimate Windows File and that not all instances of it are bad? Probably not.

crunchie
The problem with that, is that when you do get infected, you will spread the infection around the internet!

You are absolutely right Crunchie, but he doesn't care.

Dude... I posted the log that came up after I did it the first time.do you not see it? Is that not what you are looking for? And I know system restore doesn't cure everything, which is why I ran all of my virus scanning software after I was finally able to connect to the internet again. I appreicate the help as I said before, but I'm not 13... If the log that I copy and pasted isn't what you were looking for, or you legitamitely cant see it, id be happy to make any corrections. Thanks

My name is NOT Dude and neither is Crunchies. Nobody said you were 13, I actually thought you were an adult.
There is NO MBA-M log on this thread. The only logs posted are HiJackThis logs.
You obviously feel the help offered here is worthless. Sorry I wasted my time.
Mark this thread as CLOSED

I do not have any antivirus software as i have not found one that really works.

This by the way, is one of the silliest statements I have ever heard. There are numerous anti-virus programs available which work very well, some you have to pay for and some are FREE. What is the point of cleaning a computer if you don't use an anti-virus program?

well thats good to hear.

So the latest version of hijack is 2.02 & malwarebytes is 1.36?
(just making sure)
regards,
mimidog

Obviously those are the latest versions, why would we post links to OLD versions?

so all i have to do is run these and it will be fixed?

Not necessarily.

Yes do that and then REBOOT and run a new HJT scan and post the log.

And WHERE is the MBA-M log that two of us now have each asked for twice? There should have been NO reason for System Restore. Using System Restore WILL NOT remove infections. It may LOOK as if they are gone but basically all that does is roll back to a time before the infection may have entered the machine but it does NOT correct changes or remove additions done by the infection it will just make it harder to find and also can cause your system or programs to be unstable. It is NEVER recommended to use System Restore to remove infections.

What is so hard about running the scan and posting the log? We will NOT say the computer is clean UNTIL we see the logs done which REMOVED the infection and a NEW Full System Scan with MBA-M.

Ok, just wanted to be sure. Delete those folders.

Ok let me do some checking. Did you try to upload them?

Upload them anyway, even if they appear empty. Let us know what the scans find.

That's good. Give me a bit and I will get back with you.
Judy

How did you search? Did you do the search via the pages or look before you went to the pages?

Both Crunchie and myself requested that new MBA-M log. Everything may not be removed and other steps may be required.

It also may be of help to others if you post how you actually got it to work.

Please do the following:
Please go to Jotti's or VirusTotal and have these files scanned. Post the results back here.

c:\windows\system32a2.sys
c:\windows\system32\winsiscsi.sys
c:\windows\system32\fdzld.sys
c:\windows\system32\drivers\winsiscsi.sys
c:\windows\system32\drivers\pcidump.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\kjkiuiuo.sys
c:\windows\system32\drivers\DogKiller.sys
c:\windows\system32\drivers\winsawids.sys
c:\windows\system32\drivers\syskenuyt.sys
c:\windows\system32\drivers\jsphelp.sys
c:\windows\system32\drivers\EASYDOWNS.sys

Judy

Hi and welcome to daniweb,
Think people have a misconception about HiJackThis. It is NOT really a "fixer" program. It is a program used to get a "snapshot" of what may be running on a computer and that is the way it should be thought of, period. Yes, at times, fixes are done with HiJackThis but only AFTER all other clean-up steps are finished. Just fixing something with HJT doesn't usually remove an infected file from the computer, it just removes it from the log, maybe from auto starting and the like. But it DOESN'T fix anything really. Plus, by using HJT to attempt to fix can actually cause problems IF you remove the wrong program from auto starts or services.
Also, just because another thread sounds like what a person's computer is doing and then following those same steps could also lead to disaster. Many infections exhibit the same symptoms BUT require different solutions.
Please begin with these steps:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

Don't do anything else. There is a possibility there may be a rootkit on there, pointed out to me by Crunchie. We are conferring on this as to which step you should take next. Just "hold tight" for a bit while we decide the best course of action here.
Judy

You don't actually want to REMOVE them from the computer you want to stop them from running at Start up. To do this the easiest way is to use a Free program like CodeStuff Starter

Now when the program opens you will see three tabs:
Start ups, Processes (which is like Task Manager but gives more info), and Services.
Begin by clicking Start Ups
Take the check mark OUT of these:
AGRSMMSG
ATIModeChange
HP Software Update
HP Component Manager
ctfmon.exe

Next move to Services Tab:
Double click on each one of these. When it opens first Stop the service at the bottom of the box. Then go to Start Up Type and change Automatic to Manual. Do that with These:
Ati HotKey Poller.
InstallDriver Table Manager (IDriverT)
IviRegMgr - InterVideo
Close the program and reboot the computer.
The ones I haven't mentioned then leave alone. A couple have to do with your printer and for some reason if you get to fooling with printer files you end up having trouble with them.

You CAN also try this with those various LANDesk entries and see if the computer runs ok and goes online ok. If it does then leave them off. If it doesn't work ok then go back into CodeStuff and turn them back on at the next boot up and reboot.

Doesn't sound like a virus to me. Since the computer is so new it would still be under warranty. Try contacting HP Tech service. They generally will work very well with you to try to get things fixed and will do it online or on the phone.

Here is the info you requested:

spoolsv.exe>Print+Fax Spooler

AGRSMMSG>IBM AMR modem driver>required
ATIModeChange>System Tray icon to access ATI graphics card settings>not required
HP Software Update>HP software updates>not required can be done manually
HP Component Manager>Checks the internet for updated drivers/utilities for your HP product>not required. Do it manually
ctfmon.exe>CTFMon is involved with the language/alternative input services in Office XP
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL>Microsoft Office related. Removal is not needed perfectly legal isting
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll> Microsoft Client Services for Netware
Ati HotKey Poller>Part of the ATI video driver that allows you to specify hotkeys to change various display settings.
IBMPMSVC> Power management driver for IBM laptops
InstallDriver Table Manager (IDriverT) >Program associated with InstallShield. This startup should only be created when a software that uses installshield is being installed. If you are not in the middle of installing a program, you can disable this entry.
IviRegMgr - InterVideo>Related to InterVideo applications.
Pml Driver HPZ12 - HP >Used by HP Printer/Scanner/Copier printers to prevent Windows from entering hibernation mode.

I could find absolutely NO information about the entries below. Who is your Internet Provider?

O4 - Global Startup: PC Information.lnk = C:\Program Files\Bayer\Compi\compi.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DE.BAYER.cnb
O17 - HKLM\Software\..\Telephony: DomainName = DE.BAYER.cnb
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DE.BAYER.cnb
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = DE.BAYER.cnb

Judy

Also can i run a scan of SUPER AntiSpyware.

Sure, good program.
You can go to Add/Remove and Uninstall that Viewpoint Manager. It is considered foistware, not bad but you didn't ask for it. It is a media player added by some other program.
I will get back with you on those other entries you question.

Yes, run MBA-M in normal mode. Remove everything found. Reboot and then do the Full scan with HJT.
Post back with both logs.
Judy

Since you ran all the cleaning tools and uninstalled magicdisc and your problems seem corrected then maybe the problem was that program.
If you feel all is well you should mark this one as solved.

Ok, combofix removed a lot. How about trying another run of MBA-M. Updating first of course. Run a Full System scan and then allow it to remove all items found.
Save the log.
Reboot the computer and run a new HJT scan, save the log and post back here with both.

All right, I misunderstood you. Sorry.

Well your logs show clean. You might want to try the steps given here

I would do that but i think what u mentioned i only get the message that it was not found as i had mentioned earlier in a message

You know it would be really nice here if you would follow instructions.

In post #47 I asked you to DOWNLOAD combofix. I did NOT ask you to remove it. Obviously you don't pay attention. You said before that your mother could take this to her office and have it reformatted.
Take this to your mother's office and let them reformat it. You obviously cannot follow instructions.

You should post the MBA-M log and a NEW HJT log for Crunchie to take a look at. Everything may not be removed and other steps may be required.

Yes, this log is complete. Most of the processes showing are legitimate processes for the various things on the computer.
Not sure which ones you are questioning.
I honestly cannot say for sure the system is clean however.
This one in auto starting programs:
O4 - HKLM\..\Policies\Explorer\Run: [MPMKrnl] rundll32 "C:\WINDOWS\MKMKrnl.dll",KMainProc
this appears to be a trojan.
Now I want you to follow these instructions EXACTLY. No doing things on your own or running other programs except this one, PLEASE.

Download ComboFix from Here to your Desktop.

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results"

* Remember to re enable the protection again after combofix has finished

--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log

In doing some searches on your problem this seems to be a very common one with many suggestions given, some working and some not. Even though you have run Spybot let's try to eliminate, for sure, the possibility of malware being the cause. Please do the following:
First of all, Disable Bittorrent from running and leave it turned off until the problem is solved.
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your …

What is the exact FULL wording of the error message?
Have you done a clean up of temp files, emptied browser cache lately?
Try running the free program CCleaner and see if this helps.