This board has had problems the past few days. I've had to delete several duplicates of replies I made and I haven't gotten feedback on some when reply was made- yours is one of those.
You had McAfee running in your first HijackThis log- it's gone now except of an Active X entry for an online scan. Please get an antivirus program on the system before doing anything else. Here are two recommendations:
Avira Free
Avast Free
Choose either one. Once installed, run a full system scan. Save the log. Attach it with your next reply.
We need to get Combofix working- it looks like you might already have run it, so I want you to uninstall it:
To uninstall ComboFix.exe
- Click START then RUN
- Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
- When shown the disclaimer, Select "2"
Reboot the computer. Then>
Please download ComboFix
HERE:
- With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
- Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
- Run Combo-Fix.exe and follow the prompts.
(Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
- Wait for the scan to be completed.
- If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the ComoboFix window, as it may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
In the HijackThis log, some of the entries I had marked were removed, others weren't:
Please reopen HijackThis to 'do system scan only.'
Check each of the following if present. NOTE: do not click on 'Fix Checked" until all of the following have been checked:
C:\Program Files\Vongo\VongoService.exe
C:\Program Files\Vongo\Tray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O18 - Filter hijack: text/html - {b13c0e3d-95e0-4f9f-afe7-e30c28f7b125} - (no file)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
Close all Windows except HijackThis and click on
'Fix Checked.'
Boot into Safe Mode
[*] Restart your computer and start pressing the F8 key on your keyboard.
[*] Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Start> Run> type in
msconfig> enter> Selective Startup Startup tab> Uncheck the following:
All HP entries (including Digital Imaging)
All Vongo entries
AllAdobe reader entries (reader_sl.exe
AllJava entries
Start> Run> type in
services.msc> Right click on each of the following Services> Properties> reset Startup type as follows:
Java Quick Starter (jqs)> Change to Disabled
Vongo Service> change to Disabled
HP Port Resolver (HPR ) change to Disabled
hpqwmiex.exe> Manual Startup
LSSrvc.exe> Manual
HPZipm12.exe> Manual
Control Panel>
Add/Remove Programs> Uninstall Vongo
Control Panel>
Java> Update tab> UNCHECK 'check automatically for updates'> Apply> answer Yes when asked to confirm.
Right click on Start> Explore>
Programs> scroll to the Vongo folder> right click> Delete
Empty the Recycle Bin
Reboot into Normal Mode: NOTE: ignore the hag message and close after checking 'don't show this message again.' stay in Selective Startup
Please attach logs for AV scan, Combofix report and new HJ scan log.