Posts by jholland1964

You're welcome. Just hated the idea of folks reading this "running" through their computers deleting all the .dat files they found when that wouldn't always be necessary or even successful, as you found.
Glad all is working well.
Judy

It most cases, dat files are very bad, and Anti Virus software picks them up and always removes them.....

Cohen

This is not true. They are NOT all bad and an anti-virus program will NOT always pick them up and NOT always remove them, especially if it is associated with a Trojan since anti-virus programs very often will not pick up a Trojan and remove it. Some Trojans yes, but most no, because they are not viruses. This is why specialized programs usually must be used in Trojan removal.
Virtually all applications create ".dat" files that don't really tell you anything about the file, what it contains, or what program it belongs to. There is no standard format, and there is no standard way to interpret the contents. ".dat" is only a name indicating that the file contains data nothing more. Lot's of IM programs use .dat files to keep a message history file. many anti-virus programs create thier own .dat file. This shows that not all .dat files are bad and not all .dat files will be picked up and removed by and anti-virus program.

Problem with .dat files is that they can only be opened with the program which created it and much of the time there is no discernible indication of what program created the file.
You very often times CAN delete a .dat file, but if the program that created it is still on the computer then it will create a new .dat …

We would prefer that you copy/paste logs rather than attach them.
Since you are not running an anti-virus program and I see several entries for Bitcomet you are taking a real chance not running an anti-virus program.
Please do the following;
Please Download ATF-Cleaner.exe by Atribune

RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The …

The log appears that you have ended multiple running processes. There are only 4 showing as running. If this is the case then reboot the system and run a new scan. We need to see all of what may be running all the time on the computer.
Were you previously able to view pictures online?
Check your settings in Internet Explorer to be certain it is allowing pictures to be shown.
To do this do the following;
At the top of Internet Explorer go to Tools, When that opens go to the Advanced Tab. Scroll down through the list there to Multimedia and be certain there is a check mark in Show Pictures.
Your java program is out of date. You should be running uversion 6 update 10.
Go HERE and download the OFFLINE install of the program and save it to the DESKTOP.
Go to Add/Remove and uninstall ALL previous versions of java shown there.
Once you have done that then go to the install file on the desktop and double click to install.
Once it is installed go back to the download page and on the right side you will see Verify Now.
Click there to verify the installation was successful.
Post back with that new HJT log.

If all is running well you can mark this one solved.
Judy

Looks all right.
You can uninstall combofix this way IF you downloaded it to the desktop as directed;
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
When shown the disclaimer, Select "2"

The delself Icon is a shortcut icon created on the desktop of computers contaminated with potentially unwanted program.
When executed, it will perform system modifications including internet redirection to the fake security website. This was the Trojan.FakeAlert which was removed by MBA-M.
So you should be able to just manually delete that icon.

I believe that those spuninst entries you noted are are Windows Service Pack Uninstaller information.
To see if you can remove those remaining Norton entries which you couldn't delete try looking in the task manager and see if they are running. If so, end those processes and then try to delete them.

Download ComboFix Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop
Do NOT open any unnecessary programs at this time. If you have IM programs which open automatically when booting, please close them completely. Make sure all browsers are closed completely.

Double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
When you double click this combofix icon you may receive a warning note asking if you are sure you want to run the program. This is because combofix doesn't have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
Combofix will then show a screen stating it is preparing to run, ending with a disclaimer screen. You must accept this disclaimer by pressing "1". Then ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry.
ComboFix will now start scanning your computer for known …

If you feel all is running well then certainly, mark it solved.
Judy

Check again in the Add/Remove for anything Norton. If you don't find anything there then you definitely should do a file search on the computer for anything Norton related and delete them
Go to Start, Search, Files and Folders, also be sure to click Advanced Options and put checkmarks in Search System Files and Folders, Search Hidden Files and Folders and also in Search Sub Folders.
Have it search in "C" drive first for Norton. If anything is found, delete it. Then do the same for Symantec and delete all that is found. If you like AVG8 that is fine.
Judy

Looks better BUT....you are running two anti-virus programs AVG8 and Symantec/Norton. Both are showing as running in your log and this is an absolute No-No. The rule is ONE anti-virus program on a system. You must uninstall one of these. Choice is yours but one absolutely must go. You also must do this via Add/Remove and then UNINSTALL. You never just delete a program.
Judy

Hi Tracey33 and welcome to daniweb. Yes you are in the right place. Your log shows at least one Trojan, maybe more. Please do the following;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.

Run a new HJT scan and post back here with both the MBA-M log and the new HJT log.
Judy

I was wondering about this entry O2 - BHO: WormRadar.com IESiteBlocker.NavFilter
im not sure if it was there previously looks odd Thanks

That is part of your AVG8 Anti-virus program.
Judy

Looks pretty good. How are things working?
If you feel all is solved you can mark this thread solved, unless there is something else.
Judy

Things look much better. You said that you "deleted" Spybot. I hope you mean you UNINSTALLED it. You just don't delete a program, unless it is a stand alone program. Spybot is one which actually comes with an installer and therefore must actually be UNINSTALLED.
Spybot is really an excellent program, just the TeaTimer portion causes problems. There is the option NOT to run TeaTimer as I noted in my previous instructions to you. Be sure to check Add/Remove and see if Spybot is listed there, if so then click Remove. If it is NOT listed there check in Start, All Programs to see if it is there. There IS an Uninstall option in there if you find it there. If it is not listed there then go to C:\Program Files\Spybot - Search & Destroy\
If you find that file there click on it to open it and see if Uninstall is listed there. If not just Delete the Spybot - Search & Destroy folder.

Go to SunJava Downloads
download the Offline Install for the latest version of java, yours is WAY out of date.
Save it to your Desktop so that you can find it easily.
Then go to Add/Remove and Uninstall ALL the old version of java showing there.
After Uninstalling all old versions then close all browsers and double click that Java install residing on your desktop to install the newest version of Java.
Once the install …

There wasn't a log file for ESET...I seem to have a lot of processes running and I'm not quite sure what most of them are.

Did ESET do any removal?
There are a lot of processes running, many are for your anti-virus program, quite a few for your wireless connection. Some unnecessary ones also;
like iTunes Helper, iPod, RealUpdate and a few others but for now they are ok.
There is one that shouldn't be there;
C:\DOCUME~1\Aubrie\LOCALS~1\Temp\clclean.0001
Go into that folder and empty the Temp files if possible.
Also go into Task Manager and end THIS process if you see it; TeaTimer.exe
This is Spybot TeaTimer and shouldn't be running as it will interfere with fixes.
You really should turn this off entirely and keep it off. It really is more trouble than it is worth.
To stop it from running at start up do the following:
Open Spybot. At the top click Mode. Choose Advanced Mode. Then at the bottom click Tools.
When that opens on the left click on Resident. When that opens REMOVE the check mark from TeaTimer.

Next close all unnecessary programs, including IM's and browsers and run HJT again.
Place check marks next to the following entry;
O20 - AppInit_DLLs: fmqxuy.dll
Click the Fix Checked button.
Exit HJT.
Reboot the computer.
Update MBA-M and run it once more allowing it to fix whatever is found.
Reboot …

Maybe it is stupid,
but when I was resolving virus problems I created new windows account and try to log into the new one...

After this I made all the scans with antivirus and and spayware removal softs.

But don't forget backup your files ...

No need to do this. Just continue as you said you would Aubsrie and report back with the requested logs.

Do exactly as you have determined to do. Post those logs back here and we will take a look. Be sure to have both MBA-M and the Eset Scanner fix whatever is found.
Judy

Onmy C drive i have movies, music videos and counter strike.
I used to have na OS before like one year ago but now i deleted it but still have the Documnets and settings folder.

What do you mean you deleted it? I don't believe that you can really just delete an operating system, the drive would have to be reformatted in order to completely remove it.

i think it could be because of registry and this software detected at least 14 errors from registry

MBA-M also cleaned the registry of 27 different items.
Really sounds to me like a rootkit is on there but since you say your computer is now totally clean since running superantispysweeper.
You will need to run a new HJT scan and post that log so we can complete the fixes in there before downloading the new Firefox version but go ahead and completely uninstall Firefox. It is running from "C" drive so you are going to have to go in there and uninstall it.

You never answered, exactly what IS on "C" drive other than Firefox?

Try uninstalling MBA-M, delete the install file and and downloading a new copy from HERE

You do have multiple trojans on the system, at least your first HJT log showed them. You have not posted another log since Crunchie asked you to do some fixing with it. It would help to see a new one.
TURN OFF that AdAwareService. It can interfere with fixes. If you have to disable it via Task Manager.
Also what is this? LarcApplication. I can find no information about it at all.
The following items in your auto starting programs are all trojans, in addition to those two Crunchie asked you to fix;

O4 - HKLM\..\Run: [Antivirus Pro 2009] "C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe" /hide
O4 - HKCU\..\Run: [Gool] "C:\Documents and Settings\administrator\Application Data\Gool\Gool.exe"
O4 - HKCU\..\Run: [GetModule27] C:\Program Files\GetModule\GetModule27.exe
Plus this listing;
O20 - AppInit_DLLs: karna.dat

You also don't appear to be running and anti-virus program or a firewall.

Also I installed that Spyware program but sometimes programs that are alike say that the other program (their competition) is a spyware. If you run SpyBot and have Adaware 2008 it tells you that it may come up as a spyware and vice versa.

I have never had any of those tell me either of the other two was spyware. They do not compete with each other. Don't run all three at the same time. Use them for scanning only not as protective programs. In order to have any of those as protective programs you must purchase them. The free versions are used for scanning and removal only so they would not compete, because you cannot scan with all three at one time. The only time you may get a notation about one of the other programs is if one will note something in the Quarantine file of another. That would be perfectly fine because that is where it should be if removed by the program. The only times I have seen this is MBA-M will find something quarantined in Spybot, that is NOT competing both programs are doing their jobs. Frankly, since the change this past year with AdAware I have quit using it, mainly because it has a portion of the program that now loads as a service, which does nothing but run unless you actually pay for the program.
Today, for most of us anyway, MBA-M is THE program of choice. It has updates at a …

Were these pop-ups in Firefox? I still don't know why "C" drive is not being scanned. The latest MBA-M scan shows that "D" drive was scanned, not "C" even though you told it to scan "C" drive.
Can you tell me, what is on "C" drive? Firefox clearly showed it was running from "C" drive.

This log looks better. I know you requested that MBA-M scan all drives but it appears that it didn't scan "C" drive where your Firefox is located. Can you try it once more, click Full Scan but when the box opens just put a check mark in "C" and take it out of the others. Let's see if it WILL scan "C" by itself.
Judy

Hi DaniWeb4Jim, looking at the MBA-M log you obviously have infections on the machine. Update MBA-M and then run a Full System scan again, this time however follow the instructions given Make sure that everything found is checked, and click Remove Selected.
Reboot the machine. See if this makes a difference. It may not yet because there could actually be some application issues at work but for the amount of infection showing this could possibly be a part of the problem.
Judy
P.S. Whoops gerbil, didn't see you there.

Hello to all and welcome to daniweb.
ONLY one person should be posting problems in this thread and that is sarahlorrain.

lindsey482 you should create your OWN thread with problems stated and what steps you have done to correct them. By the way lindsey482, you CANNOT remove Internet Explorer from the system. It is an integral part of the operating system. You don't have to use it but you cannot remove it.

I recommend that you both do the following;

Update your anti-virus programs. Run Full System Scans with anti-virus programs and allow to fix all that is found.

Download the ATF-Cleaner.exe by Atribune

RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once …

Things look good to me. If you feel all is running well you can mark this thread solved.
Happy I have been of help.
Judy

Please recommend what to do withe the Firefox do i install the new version(I have downloaded it already).
Since the previous Firefox was actually not installed from the OS i am running now, what do i need to do to remove it completely (i.e registry,cookies etc...) as it is my default browser and IE is uninstall from the Add/Remove windows components

Firefox HAS to be installed or it would not be running. Looking at your logs it is running from "C" drive, in fact it is the only program I see running from "C" drive. This is why you cannot get anything to scan it, because you are not telling it to scan "C" drive.
Run that MBA-M again, updating it first and this time also have it scan "C" drive.
When you choose Full Scan you should get a box which allows you to tell the program which drives to scan. Be sure to put a check mark in BOTH "C" and "D" drives. Obviously Firefox cannot be the only thing on "C" drive so there are probably a lot of files never scanned with the MBA-M program. Run that and of course have it fix everything found. Post back here with that log before running any other program I have told you to run.
Judy

The log looks pretty good. Some unnecessary auto starts there many of which can be run manually when needed so as not to use up system resources by running all the time in the back ground.
There is a remainder of McAfee attempting to start from Services which can be fixed and I also am questioning this entry;
O23 - Service: ZDHNGI - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Penny\LOCALS~1\Temp\ZDHNGI.exe
I can find no information on this file AND it is running from the Temp folder so I believe this also should be fixed.
To do these fixes run HJT again and place checkmarks next to the following;

O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: ZDHNGI - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Penny\LOCALS~1\Temp\ZDHNGI.exe
Once you have placed the check marks then click the Fix Checked button.
Exit HJT
Then navigate HERE;
C:\Documents and Settings\Penny\Local Settings\Temp and Empty that Temp folder.
Next do the following;
Go HERE
Download the OFFLINE INSTALL file for sunjava version 6 update 10. Save it to the desktop.
Then go to Start, Control Panel, Add/Remove and UNINSTALL ALL versions of Java that you find there.
After all the old versions are uninstalled then double click that java install icon you have placed on the desktop.
Once the new version is installed go back to that download page …

You need to do the following;
Download SmitFraudFix and save it to your desktop.
Confirm that the file SmitfraudFix.exe now resides on your desktop, but do not double-click on the icon as of yet. We will use it in later steps.
Next, please reboot your computer into Safe Mode by doing the following:

1. Restart your computer

2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3. Instead of Windows loading as normal, a menu should appear

4. Select the first option, to run Windows in Safe Mode.

5. When you are at the logon prompt, log in as the same user that you had performed the previous steps as.

When your computer has started in safe mode, and you see the desktop, close all open Windows.

Now, double-click on the SmitFraudfix icon that should be residing on your desktop.

When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen.

You will now see a menu. Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).
The program will start cleaning your computer and go through a series of cleanup processes. When SmitFraudFix is done, it will automatically start the Disk Cleanup program

This program will remove all Temp, …

What happened when you tried to remove combofix?
Yes, you can just delete it though it will not remove any backups these multiple runnings have done.

First thing, the entry found and removed by MBA-M was in the System Restore, so it was obviously removed sometime earlier and this is the back-up. It is gone. The item removed was the Rogue.VirusHeat. This rogue does what other rogue "removers" do - plants malware and then pretends to detect it. It generates false positives and then makes you pay to remove them. As I said, this had obviously been removed earlier and what was removed with this run was the back-up from System Restore.

Secondly, the HiJackThis scan was done in Safe Mode, it should be done in Normal Mode so if possible I would like to see one done in Normal Mode. so I can see what is actually running during a normal boot.
The HJT log also shows that the java is out of date. It shows version 6 which is the correct version but the current version is version 6 update 10. So this needs to be updated.

Third, I am not well versed in Registry issues but it looks to me like the entries from the Rootkit Revealer are citing something installed on 11/8/2008 at 12:54 PM. Do you know what this was? The registry key points to the International Subkey in the Control Panel which is the subkey which stores options that are selected in Regional and Language Options in Control Panel. These entries determine how the system and programs display dates, times, currency, and other locale-specific notation. It shows …

To copy go to Edit, Select All, Copy, Paste.

Hi!
No, you don't leave MBA-M running. Just use it to scan and remove. If his surfing habits "stink" as you say then I would run it, at the very mimimum, weekly...maybe every three or four days even, always updating it first.
How about giving us some logs so we can maybe decide what might be "lurking" on the machine.
Run Avast, full system scan and let it remove whatever is found.
Then update MBA-M and also run it on a Full System scan and let it fix whatever is found.
Reboot the machine and then create a new folder on the desktop and name it HiJackThis.
Then download HiJackThis and save it to that new folder.
Then close all browsers, email programs, IM programs, music programs, etc., in other words everything unnecessary. Run a Full System scan with HJT and save the log.
Post back right here with the MBA-M log, the HJT log and, if you have it, the Rootkit Revealer log. Then we can maybe get a better idea of what is going on there.

Judy
P.S. Tell him just paying "big bucks" to hopefully protect a computer won't do a thing really if you don't watch where you surf. No security program is absolutely fool-proof, no matter how much you pay for it.....You know that old expression..."if you lie down with dogs you will get up with fleas" applies to computer usage too...;)
…

The two you noted are excellent and an absolute MUST ADD is Malwarebytes' Anti-Malware
To quote from their website;

Malwarebytes' Anti-Malware can detect and remove malware that even the most well known anti-virus and anti-malware applications fail to detect.

This is absolutely true. It is a top of the line program and if you will go through most threads here it is definitely the ONE program we all have recommended. There is a paid version but the free version is truly just fine. It has frequent updates so it is always up to date with the current threats out there. You can't do better than MBA-M as far as I am concerned.

I would also recommend using another FREE program, SpywareBlaster. I would absolutely not run a computer without it.
To quote from their website;

Multi-Angle Protection

* Prevent the installation of ActiveX-based spyware and other potentially unwanted programs.
* Block spying / tracking via cookies.
* Restrict the actions of potentially unwanted or dangerous web sites.

One truly does NOT need to pay for excellent protection, all of the above are FREE and all of the above are top of the line.
If one wants to pay then all of those do offer paid versions, with the exception of SpywareBlaster, but if you go with all the free versions a computer is well protected.
Judy

i can try any other software from eset like the nod32, if you want.

You have done this, that was the ESET Scanner.

You need to go in and UNINSTALL all those extra programs you used; Combofix, vundofix, Avenger, SmitFraudFix. KEEP Malwarebytes Anti-Malware and Spybot. Also keep the ATF-Cleaner. Don't worry about the Microsoft® Windows® Malicious Software Removal Tool, for whatever reasons many cannot run this tool.
To uninstall combofix do the following;
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
When shown the disclaimer, Select "2"
I cannot stress enough here again for others who may be reading this that Combofix is a powerful tool intended to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could adversely impact your system and prevent it from ever starting again.
One of the things that shouldn't be done is use this tool over and over, it should be used one time unless directed to do it again. When that is done it is usually recommended that the original be removed and a new copy downloaded if needed again.
Please remove it from your system.
VundoFix and SmitfraudFix are also infection specific tools, indicated when these two infections are present but not to be used for general cleaning of the computer.

These days Malwarebytes' Anti-Malware …

Hi and welcome to daniweb.
First of all I must caution all who may be reading this that several of the programs you have said that you ran should NOT have been run without FIRST being told to do so by a helper or somebody assisting you with problems. The main one I am concerned about is combofix. This is a very powerful tool which produces a very long and complicated log after doing it's work. It takes quite awhile to read and interpret one of these logs. Since you didn't post any of the logs from the programs you ran and you say "they have found many things but not solve this issue" we have absolutely no idea what was found or what was removed OR where they were located on the system. We really are not certain what programs you did run really except for combofix, smitfraud and AVG Anti-Spyware 7.5, which is no longer available as a stand alone product so it cannot be counted on as doing the work anymore, and than you say "antimalware etc..." What "antimalware"?
Your auto starting program and auto starting services list is extremely small showing only graphics card software, realplayer update, your McAfee program and Viewpoint Manager Service (which is actually considered to be malware and should be removed). The running processes list you posted shows exactly the same thing as the Running Processes list from the HiJackThis log so there is nothing different or unusual there. We …

Sorry I have taken so long to respond. I have been out of town. No, this is not a new virus, in fact it has been around for several years, since 2005.
It is actually a Polymorphic Win32 virus which hides its presence from antivirus software.
It is known by different names really, depending on the anti-virus program used, one of which is W32.Virut.A
The W32.Virut.A Opens a back door on TCP port 65520 by connecting to the Proxima.ircgalaxy.pl IRC server on channel &virtu.
The back door allows an attacker to download files onto the compromised computer.
You also obviously had a Trojan on the computer since one was discovered and removed by MBA-M in your System Restore.
I would recommend that you run HJT again and place a check mark next to the following entry;This entry refers to AVG 8. Did you Uninstall it? If so then place that check mark.
O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
Once you have placed the check mark then click the Fix Checked button.
Exit HJT

First, a very likely reason your computer may be slow is that you are running multiple anti-virus programs on it at the same time.
Your HJT logs show the following or parts of the following anti-virus programs running at the same time;
AntiVir PersonalEdition Classic
AVG8
McAfee
Symantec
Choose ONE and ONLY ONE and totally UNINSTALL the others. The absolute rule is only ONE anti-virus program should ever be running on a machine. By running more than one anti-virus program you are actually lessening your protection since multiple programs will conflict with each other and can then allow something to "sneak" onto the computer.
Second, you are running BigFix automatically at start up which means it is running all the time in the background. Should only be started manually as it's a resource hog. Turn it off and keep it from running at start up.
Third, you have a huge number of totally unnecessary programs running at start up, all of which can use necessary resources and can easily be run manually if needed.
Fourth, you have both AdAware Services and Spybot TeaTimer running. Neither are needed and both can interfere with any attempted fixes. These should be disabled.
Fifth, Your sunjava version is way out of date. Current version is update 6 version 10.
Sixth, You are running NapsterShell which is generally is considered to be malware related. It can cause definite system slowdowns and also connection difficulties.
Seventh, there are numerous instances …

Please follow crunchie's advice.

You are running two anti-virus programs on one computer. This is an absolute NO-NO. Please TOTALLY uninstall one of these.
What version of HiJackThis are you using? You didn't post that top line of the scan which tells us the version of HJT. Current version is 2.0.2 If you are running the older version then delete it and download the new one.
Also do the following;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Reboot the computer.

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* …

Happy to have helped Allan, even somewhat indirectly. You will definitely continue to be pleased with SpywareBlaster. Be sure to use the Restricted Sites portion of the program too.
Judy

We rarely recommend registry tools. Many of the fix tools we note do correct registry problems when fixing. If you will note your MBA-M log registry problems WERE fixed and removed.
The warning you received from AVG notes this tool was not a good one and you were wise to follow the warning from AVG. Unless specific problems are noted which have not been fixed it is wise to leave the registry alone. Playing with the registry can very often cause major problems.

Ok Dragewood, I have read through this entire thread from top to bottom tonight and see several things I either failed to notice or ignored.
First thing is the error and blue screen and stop error you reported in your second post.
This can be related to a hardware issue or some new software installed.
You stated you couldn't run ESET Scanner so you installed Chrome and tried to run it that way. ESET Instructions are VERY Explicit, you must use Internet Explorer to run it. This is why it wouldn't run.
I only warned you about installing new software during an attempted clean up, I should have told you to uninstall Chrome.
You ran MBA-M again and essentially found the same bad items, telling me NOW that I have finally read and re-read this thread that the "core" of this infection is not getting removed.
I apologize for not being more attentive to this.
I think, If you can do it, that you should try to do the following;

Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

*Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper …

Go ahead and do the HJT and post both logs here. Then install the AVG and attempt to update. Even if you cannot update please do a full scan with it and fix everything found. Please note name and location of anything found by the AVG scan.

Ok. I understand. You do need an anti-virus program on there. Go with either the Norton or one of those free ones. The McAfee is a paid program and she would have to pay to use it, even if you all ready have the disk the program on the computer would have to be licensed and in order to do that she would have to pay.
It would be very unusual for an anti virus program to start in Safe Mode except for scanning. It won't start for protection in Safe Mode so I must assume you mean it wouldn't scan in normal mode.

Zone Alarm is not an anti-virus program, it is a firewall.

But WHY did you Uninstall Norton?
Go ahead and run the MBA-M in safe mode WITHOUT networking. You DO NOT NEED to be ONLINE to run MBA-M or actually ANY cleaner unless it is an online antivirus program.
Fix everything found.
Reboot to NORMAL mode and then run a HJT scan and post both the MBA-M log and also the HJT log.
We really need to see HJT from Normal Mode.
Why did you Uninstall Norton I ask again.

Hi, can I ask why you removed the Norton Anti-virus program? This means you are no longer protected and since you all ready have infections this can mean that more will enter the computer as you are noting in this statement;

while i am in safe mode with networking some virus's still come out. like ex. a pornovid setup thing trying to get me to install it. i click cancel everytime though

I would advise that you immediately reinstall that Norton program. One thing you must realize is that NO anti-virus program will remove everything and many do not even touch trojans at all, this is why we recommend additional tools like MBA-M. You must either reinstall, update and enable the Norton program OR install another anti-virus program IMMEDIATELY.
If the Norton license is current I would recommend the reinstall of that one, if it is expired then install one of these;
Avast, Antivir and AVG are all good, all FREE. Pick one, download, install, update and enable. Update it often, scan with it weekly at least.

Stop the MBA-M scan. Turn off the computer. Disconnect the internet cord from the computer so that it cannot get online.
Reboot the computer in normal mode and then do the FULL SCAN with MBA-M.
Allow it to FIX EVERYTHING found.
Shut down the computer. Re-attach the internet cord. Reboot in normal mode and let us know what happens.

The log looks pretty good EXCEPT two things;
#1 you are not running an onboard antivirus program. This is an absolute MUST.
There are several very good FREE ones out there.
Avast, Antivir and AVG are all good, all FREE. Pick one, download, install, update and enable. Update it often, scan with it weekly at least.

#2 The other thing is your java program is way out of date and should definitely be updated.
First go HERE and download the Offline Install to your desktop. Once you have done that then go to Start, Control Panel, Add/Remove and Uninstall ALL past versions of Java showing in the list. A reboot may be necessary. Once you have uninstalled all old versions then double click that java install program on the desktop and install that newest version. Once it has installed then go back to that download page and on the right side you will see Verify now. Click that and verify that the install of the new version was successful. A note here; One thing that may be downloaded with this version of Java is a yahoo toolbar, it is included in the install UNLESS you REMOVE the checkmark which gives permission to do so. So if you DO NOT WANT the yahoo toolbar be sure to REMOVE that check mark during the java install.
Keep the MBA-M program and update it frequently. Scan with it at least …

Try downloading a new copy of the driver. Save it to the desktop, don't install it yet.
Then go into the Device Manager and Uninstall the card. Reboot the computer, it should find the card and then when it tries to install the driver have it install that new copy you downloaded.