Posts by jholland1964

Intel 82845G/GL/GE/PE/GV Graphics Controller

You might check here for the latest driver.

Run HJT again and place a check mark next to the following entries;
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O20 - AppInit_DLLs: karna.dat
Once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Reboot the computer.
Run HJT again and post that new log.
Judy

What video card is installed on the system?

Hi Dragewood, have been away for a few days but wonder, when you get this blue screen with this message

"A problem has been detected and windows has been shut down to prevent damage to your computer.

The video driver failed to initialize

Do you also get an error code? It would read something like
***STOP: 0x0000000A (0x13F4100, 0x00000002, 0x0000001, 0x804FEB8F)
Judy

Now for my 2cents. I agree with trinitybrown with the exception of one item

One should not try experiment with registry keys until one is master in it, well your system is infected with somesort of virus or worms but now it seems your registry settings also have some problem, so don't experiment with your PC and hire some professional

If the poster would return hopefully we will be able to help without poster having to hire a professional.
I disagree with evstevemd on several points.

Download and Install revo uninstaller, and It should help with uninstalling issues.

Install avast, register and enter key (All free)!
Run it,and right click, and schedule boot time scanning.

Then download and Install wise registry cleaner (free/pro if you have $ for it) and scan and fix invalid registry

BEFORE installing ANYTHING new we need to see at least a HiJackThis log. It is not advisable to install any other antivirus program before others are totally UNINSTALLED. Symantec has it's own uninstaller which can be used to remove Symantec/Norton products and this is where the poster should begin, not by downloading another program.
It is not advisable at this time, or quite possibly ever, to use any registry cleaner or fixer. It is certainly something I rarely, if ever, recommend. If it is a recommendation it would certainly be towards the end of the cleanup, not in the middle or before the two programs I recommended had been run. …

I will be away for the next four days. Crunchie will be checking on threads. Please follow any instructions he may give you.
Judy

Thanks crunchie for weighing in. Brianjs I am going to be away for four days beginning this afternoon. If you get logs posted before then I will take a look, but after that follow crunchie's advice as he will take over my threads until my return.
Judy

The combofix log is a bit unusual looking to me and I have asked Crunchie to take a look too. Plus your HJT log still shows some infections so I hesitate to make final recommendations until Crunchie can take a look also.
Judy

Try and let me know by christmas LOL

Thanks

If you want to you can read the log yourself. These take awhile, each entry must be researched.

Give me a bit to go through this and I will get back with you.
Judy

Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.

Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen …

This IS considered to be malware from the information I could find. I would recommend that you do the following;
Please Download ATF-Cleaner.exe by Atribune (Windows XP, 2K, 2003 & Vista ONLY)

• You can put ATF-Cleaner on your Desktop for easy access.
RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Next:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can …

Obviously something is stopping these updates and now also stopping the running of ESET Scanner. Are you certain you turned off all your antivirus program, your firewall and your pop-up stopper when trying to do both?
You should also check your sun java program. Only reference to java I see is in these entries in your HJT log.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_06) -
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_06) -
These would indicate an out of date java.
First of all go to SunJava Downloads
Download the latest version which is version 6 update 7. Be sure to download the OFFLINE install and save it to the desktop.
Once you have done this close out all browsers. Go to Add/Remove and uninstall ALL older versions of java you find there.
Reboot the computer.
Once you have rebooted then double click that Java install icon on the desktop and install the new version. When the install is complete then go back to that download page and on the right side you should see Verify Now. Click that to verify the install was successful.
Once you have done that then see if you can run ESET Scanner again. If you cannot then try the Panda Active Scan Let it clean what it finds.

Once other thing on the update problem with MBA-M. On that update page you will see …

There is definitely signs of infection of, for the moment, unknown malware in your logs.
You will need to do the following;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program …

Uninstall MBA-M via Add/Remove. Reboot the computer.
Then try a new download of MBA-M
Download, install and see if you can update it.
Also run HJT and place a check mark next to the following entries;
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
Once you have placed the check marks then click the Fix Checked button.
Exit HJT
Reboot the computer.
Try again to run the ESET scanner. Remember TURN OFF ALL antivirus programs and firewall and also turn off that Popup stopper too.
Let me know if you can then run the program.

The list is in alphabetical order. Double click on the item you want and I would suggest that you stop the service if it is running and then change the start up to manual.
After you have done all that then reboot the computer.
Judy

The reason all items I noted were not in the latest HJT log is because you uninstalled them, that is what is supposed to happen.
Now for memory and hard drive size;
You stated the RAM at 768...I am assuming this is 768MB, not very much.
You don't have enough RAM installed really for the computer to run quickly. Usually running out of virtual memory means that you are running to many programs at the same time for your system or one of them is attempting to use too much memory. I think that TOO many programs running at once and your small amount of RAM are the main reasons for your problems.

I would recommend that you purchase additional RAM which is not very expensive and easy to install. Go to Crucial and their page will do a scan of your computer and give recommendations for how much additional RAM you can install. Their prices are very reasonable.

The operating system tracks the programs running and how much memory is needed to run each one. Some take more than others. If you are working with photos, videos, music or a large word document that will take more memory than others so the operating system ends up taking from one running program and giving it to another. If you have too many running or too many large programs running then this will slow things down because the os will have to keep …

One reason for your memory problems is you have an excessive number of programs running at start up and therefore running all the time in the back ground.
All of these programs are auto starting and therefore running in the background consuming a huge amount of system resources. NONE of these need to auto start or run all the time. All can be started manually WHEN NEEDED.
AdaptecDirectCD
Microsoft Works Update Detection
MimBoot
QuickTime Task
MediaFace Integration
NBKeyScan
NeroFilterCheck
ISTray
SunJavaUpdateSched
My Web Search Bar
MyWebSearch Email Plugin
Corel Photo Downloader
MoneyAgent
BgMonitor_
Pando
Yahoo! Pager

You also show malware on the computer, mywebsearch is a known malware program.
You need to get this off the computer immediately. To do so do the following:
First, uninstall the My Web Search option from Add/Remove Programs

1) Click on Start, Settings, Control Panel

2) Double click on Add/Remove Programs

3) Find "My Web Search" in the list of installed programs and click on Change/Remove to uninstall it. You may also want to uninstall any of the following items associated with FunWebProducts.

* My Web Search (Smiley Central or FWP product as applicable)
* My Way Speedbar (Smiley Central or other FWP as applicable)
* My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
* My Way Speedbar (Outlook, Outlook Express, and IncrediMail)
* …

You should not be installing new programs while trying to clean the computer.
Update that MBA-M program and do a new scan and fix everything found and post the log.

Hi Dragewood and welcome to daniweb.
Sorry for the delay in a reply.
Run the ESET scanner again and this time allow it to fix everything found.
Then UPDATE Malwarebytes' Anti-Malware, the version you used for the scan was out of date. Todays version is version 1253. You should ALWAYS update MBA-M before each scan as this program has updates very often, sometimes more than once a day, and scan again, and have it fix everything found. Save the log.
Then after doing both of the above reboot. Run a new HJT scan and post back here with all three logs.
Judy

Hi deepesh911 welcome to daniweb. Sorry it took so long to get a reply, remember we are all volunteers here and there aren't many of us. We can only work on so much at any given time.
The best place to begin is to try to run these programs;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

9 – Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is Un-checked at …

Looks good but that Spybot TeaTimer is running. Believe me, it is more trouble than it is worth. Disable that from running automatically at start up by opening the program.
Choose Mode, Advanced. Then you should click Tools at the bottom. When Tools opens you will see a row of buttons on the left. Click Resident. When Resident opens take the check mark OUT of TeaTimer.
Click ok and close the program.

SpywareBlaster will do a much better protection job and it does NOT run in the background. Download, install and update. Then enable all protection including the Restricted sites portion.
Manually update it once a week and enable all the new protection.
If you feel all is corrected and the computer is running well then click the Solved button.
Judy

Ok looks better the Symantec listings are gone.
Now run HJT again and place a check mark next to the following entries;
O15 - Trusted Zone: http://*.sbs.co.kr
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://img.yahoo.co.kr/multi/2005/to.../SVPorsche.cab
O16 - DPF: {9DA9609B-9237-40D3-A66D-24FE73CE3CD0} (IB_SiteSigning.IBSiteSigning) - http://img.sbs.co.kr/vobos/site/IB_SiteSigning.CAB
O16 - DPF: {A5F3B5CF-A05F-479E-B684-13AA512A7B93} (YGLauncher Control) - http://kr.pubbase.yahoo.com/gamesetup/YGLauncher2.cab
O16 - DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} (SBSWebPlayer Class) - http://netv.sbs.co.kr/object/player/SBSWebPlayer.cab
O16 - DPF: {C9F2C949-1D30-43BF-A712-2D21048EFE1B} (SBSWebStudio Class) - http://netv.sbs.co.kr/object/editor/SBSWebStudio.cab
O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - http://muzic.sbs.co.kr/player/aod/dll/p3sbsset.cab

When you have the check marks in place then click the Fix Checked button.
Exit HJT.
Reboot the computer and run one more HJT scan so we can be certain everything is cleaned up.
Judy

P.S. Google does not redirect anymore but my laptop is alot slower than what it use to be before this infection.

Ok, hopefully we can speed this up somewhat. Several things could be causing this.
First of all you need to go into Spybot and TURN OFF TeaTimer. It can interfere with any fixes we may choose to do with HJT.
To do this open the program. Click Mode at the top and choose Advanced.
Then at the bottom click Tools. When the list of tools opens on the left side click the Resident Button. When that opens take the Check Mark OUT of TeaTimer. Close the program and Reboot the computer.

One thing I see is you have at least a portion of Part of Norton AntiVirus 2004 running on the computer, did you use this at one time?
In Running Processes, which were the processes running at the time of the last HJT scan I see this entry;
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe>>>this is Part of Norton AntiVirus 2004
and it is starting as a service as shown by this entry;
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Services are programs that are loaded automatically by Windows on startup.
This portion of the Norton program could be part of the cause for the slowdown.
Did you have Norton Anti-virus on the computer at one time in the past? How did you …

Yea that was the one. How are things running? Ok?
If so you can mark this one solved.
Judy

Then things look good to me. How do you think things are going? Ok? If so you can mark this solved.
Judy

Happy to help Jim. I will do some research on the Antivir working ok with other AV's
Though wonder, IT may work ok but what about the other AV?
If you feel all is corrected then you can mark this as solved.
Judy

P.S. sorry, two more fixes needed with HJT.:icon_redface:

Put check marks next to these and then click the Fix Checked Button and exit HJT.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.myidentitydefender.com/smallsearch.html
O3 - Toolbar: (no name) - {BAB8F6DC-41B1-440F-A066-AAC224906880} - (no file)

Happy to help Jim. I will do some research on the Antivir working ok with other AV's
Though wonder, IT may work ok but what about the other AV?
If you feel all is corrected then you can mark this as solved.
Judy

Looks good Mike, were you able to locate that file?
Judy

Mike,
Go into Safe Mode and look for the following;
C:\Program Files\Internet Cleaner\
If you find that entry, delete it.

Reboot to normal mode and then can you run HJT again and put a check mark next to the following entries;

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\Program Files\Internet Cleaner\ICleaner.exe (HKCU)
O9 - Extra 'Tools' menuitem: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\Program Files\Internet Cleaner\ICleaner.exe (HKCU)
O23 - Service: Window Image Worker (windownetpker) - Unknown owner - C:\Program Files\Internet Explorer\svchost.exe (file missing)

Once you have place the check mark click the Fix Checked button.
Exit HJT.
Reboot and run a new HJT scan and post that log here.
Judy

Ok Jim, here is what I think. First of all Antivir IS starting as a service on the computer as are portions of AVG8...BAD idea. You absolutely MUST make a decision on which one you are going to use, AVG 8 or Antivir, you just should not run two real tune monitoring av's at the same time.

When you install most anti-virus programs they often automatically install and enable their real-time monitors.
Now you have attempted to turn off Antivir but as you see, one place you didn't turn it off was Services. Services are programs that are loaded automatically by Windows on startup. These services are loaded regardless of whether or not a user logs on to the the computer and tend to be used to handle system wide tasks such as Windows operating system features, antivirus software, or application servers.

Running two or more real-time anti-virus monitors at the same time is very likely to cause a conflict. That conflict could result in error messages, crashes of the anti-virus programs, or other types of failure....one being allowing infection into a computer. I have seen it happen time and time again. They conflict with each other and then miss something coming into the computer.
It is ok to have more than one anti-virus program installed, and it makes sense to run a scan using a different program from time to time, but you must make sure you only have one real-time monitor enabled at a …

Judy:
I see ZONE ALARM and WINDOWS FIREWALL is turned off. Does it mention what the other one is?
Jim

System Mechanic also has a firewall and an antivirus program with it.
I am going through the Uninstall list and will get back with you after I research some of these listings.

Not a problem we would rather not have to open attachments anyway.
Can you run a new MBA-M scan and fix anything found and then post that log?
Judy

Do another scan with MBA-M. Be sure to update first then do the scan and have it fix everything it finds. Save that log. Reboot.
Then run HJT again and post that log along with the MBA-M log
Judy

After you run that Smitfraudfix, post me a new HJT scan log too please.
Judy

HOLY COW Jim! I don't honestly know how you are even able to surf at all!
Well, this log presents an entirely different picture than we have seen before.
I notice several things that really should go.
First of all I see Cyber Defender. This program at one time was listed as a Rogue anti-virus/anti-spy process because of it's false positives and the fact when something was found you would be prompted to download another pay for application for removal of these items. In checking recent reviews it still doesn't get good reviews, plus now it also adds the Ask.com site to search the web. Ask.com "may be"ok for searches, I don't use it myself, but by having this added by a program without your permission this is considered foist wear.
Second item I see is the ZoneAlarm SpyBlocker, included with the Zone Alarm Firewall which ALSO adds the Ask.com site, foist wear again.
I also see System Mechanic Popup Blocker with also says it is part of System Mechanic Pro v.6
The pro version of this program also includes an anti-virus program, a firewall some anti-spy portions and a registry cleaner.
EVERYTHING ABOVE THIS LINE NEEDS TO BE UNINSTALLED IMMEDIATELY
**********************************************************************
Besides all those I also see, running on the computer, AVG 8, an anti-virus program and also AntiVir PersonalEdition Classic another anti-virus program
So....I see at least portions of 4 antivirus programs running on …

Ok Mike, there is obviously more working here than shows in any of the logs.
There are a couple "odd" entries, that supposedly are legit listings but I have never seen before in any log that I do question.

Did you place the restrictions shown in this entry? This isn't one of the odd ones, I have seen this before but need to know if YOU did this.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Did you reboot the system IMMEDIATELY after running MBA-M?
Where are you located?
Are you familiar with the following;
Tax Administration of the Republic of Slovenia. ?

I DO need the answers to those questions.

Download Smitfraudfix to the desktop.
* Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
* Double-click SmitfraudFix.exe
* Select 2 and hit Enter to delete infect files.
* You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
* The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
* A reboot may be needed to finish the cleaning process. Go ahead and allow the system to reboot. The …

Looks pretty good Mike.
Did you set the restrictions shown here in your HJT log?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

I would advise that you download and run ATF-Cleaner by atribune to remove all your temp files.
Download it to your desktop for easy access.
-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.
Your Java is out of date and definitely should be updated.
Download the OFFLINE install from HERE and save it to the desktop.
Once you have it downloaded then go to Add/Remove and Uninstall ALL previous versions of Java found there.
Reboot your computer.
Then click that Java install icon on the desktop to install the newest version.
Once the install is complete then go back to the Java Download page and on the right side you will see Verify Now. Click that to verify that the installation was complete.
I would recommend that you also download and install a MUST have security program called SpywareBlaster from javacoolsoftware. An EXCELLENT and FREE program …

Hi, I need to see that HiJackThis log. Make sure it is a NEW scan and that it is run with the newest version available. You can obtain that newest version HERE
Be sure that you DELETE or Uninstall ALL older versions of HiJackThis from your computer before using this new one.
Judy

If that is what you choose to do then that is fine. Be sure you have all the disks which came with the computer as you will also need to re-install all drivers.
Judy

No problem Mike, I will check back here tomorrow.
Judy

Hello SerbOz and welcome to daniweb.
Your HJT log show a huge number of programs running in the background during the time of this scan which could certainly be part of the problem of the slowness of the computer. It also shows 4 entries named Adobelm_Cleanup.0001 which are also known to decrease system performance significantly.
Also running is Azureus which is a file sharing program, this tells me that you do this probably on a regular basis. P2P file sharing can be very dangerous because you really don't know where or who these files are coming from which pose a risk to the system.
I am going to ask you to TURN off this program for the duration of this clean up.

I would like you to take the following steps;
Please Download ATF-Cleaner.exe by Atribune
You can put ATF-Cleaner on your Desktop for easy access. Leave it for now.

Please look in Add or Remove Programs (Start > Control Panel > Add/Remove Programs) for any suspicious items and note them for us in the event you need to post back for further assistance.
Please Enable the Viewing of Hidden Files. Be sure to uncheck the Hide Protected Operating System Files option! This should be done in the event that we need to track down and manually remove some baddies.
Please Download Malwarebytes'Anti-Malware but don't run it yet, just update and close the program.

Hi BigMike and welcome to daniweb.
You need to first do the following;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at …

Hi DaniWeb4Jim,
As you said in your thread you have covered the steps noted in Dr. Inferno's link.
I would like to see a HJT log though if you don't mind.

Try this portion of the instructions on the link the Dr gave and see if it works.
Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.
Judy

jsong, I hope you will continue to follow my recommendations and post the combofix log.
Judy

The simple answer is No. This McAfee product is no longer available, therefore this must the the one included on the install disk which came with your computer. I searched the McAfee site for information on this version and this is the page I got, see attached. If it is no longer available then very likely this also means updates either are no longer available or will end shortly.
As for Kaspersky, it gets very good reviews and it worked for you so am not certain of why you are questioning it. I have not seen anywhere, in any reviews that it slows the computer. You said that

avg 8 was already installed it wasnt able to kill that virus..so i switched to kaspersky AV 2009.

Now Kaspersky cleaned the machine, but you question whether it will slow the machine. If you installed that Kaspersky program with AVG 8 still running on the machine, then yes, it possibly would slow the machine. Not because of that actual program but because that would mean you had two anti-virus programs running on one machine. That is a No-No. Rule is ONE anti-virus program running on a computer. More than one and the computer can be slowed AND protection can most definitely be lessened.

For one thing Dan, I don't see a firewall and you DO NEED a Firewall. Lots of good free ones out there take a look HERE for recommendations. About half way down the page you will see links for several good ones.

A MUST HAVE program, Highly Recommended is SpywareBlaster from javacool software. I wouldn't run a computer without it, truly.
It is a FREE program, DOESN'T run in the background and protects the computer from, to quote their website;

* Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
* Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
* Restrict the actions of potentially unwanted sites in Internet Explorer.

It DOES WORK.

Simply download, install, update and enable. Be sure to use also the Restricted Sites portion of the program.
Keep the Malwarebytes' Anti-Malware program and run it at least weekly, updating first. Follow the same procedures with it that you have in this thread.
Set your browser to only accept 1st party cookies and block 3rd party ones.
Keep Spybot updated and scan with it regularly.
If you feel everything is ok then click the solved button ok?
Judy

Really looks pretty good I think. Do you feel problems are corrected or are things still not quite right?

Well then let's not worry about it. ESET came up clean as did MBA-M
To get rid of the combofix program and it's quarantine do the following;
o uninstall ComboFix.exe And all Backups of files that it deleted

* Click START then RUN
* Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
When shown the disclaimer, Select "2"

Reboot...keep your fingers crossed.

Run a new HJT scan and post the log.

Do you have Java enabled in your Internet Explorer?
Go up to Tools, Internet Options. When that opens then go to the Advanced Tab. Make sure there is a checkmark in Use Java SRE 1.6.0_7