0

Unfortunately, Windows Defender isn't easy to remove. Personally...I don't like it and never recommend it's use. You can turn it off and keep it off however by going to Services and stopping it there and then change it's start up type to Disabled. Then it "shouldn't" restart. I said should because as you and I have found out this may not be the case.

I would like you to manually update MBA-M by downloading the manual update file to the flash drive, take it to the computer and install the updates from the flash drive. Then do a full scan with MBA-M and of course have it remove everything found, REBOOT the computer with your newly purchased spam boots :icon_lol:, sorry, couldn't resist,
Ahem...sericously, reboot the computer and come back here with the new log.

Here's the link for the manual update for MBA-M. It ususally is slightly behind the regular downloaded updates but hopefully an update with a higher database than you have.
http://malwarebytes.gt500.org/

The last one you showed was 5173 and as of just now the latest one is 5194. Hopefully you will get something in between. If it is older than the one you have, don't use it.

0

The update I got for MalwareBytes is 5184. So as I was getting ready to run it, I went into services to see if W-Defender was running. It shows "disabled". While there I saw...
#1 AT&T Security Suite......Disabled
#2 AT&T Internet Security Suite AT&T Firewall...AUTOMATIC
#3 AT&T Internet Security Suite Service......Manual
How do I " BOOT " :) that program off my computer ?

0

http://tinyurl.com/ylsyx24 worked better than any "boots" I've ever seen !!!
OK.....I'll drop the "boot" thing :)
AT&T is no longer in the "SERVICES" list ! COOL !
Here is the MB log.....
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5184

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

11/26/2010 2:27:33 PM
mbam-log-2010-11-26 (14-27-33).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 268799
Time elapsed: 52 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

0

Pardon me while I pick myself off the floor!!!!!!!!!!!! Ok, make sure that Windows Defender is OFF and Disabled in the Services.

Download Avast from here to the flash drive
http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button

put it onto the affected computer. See if you can install it. Of course it won't update. Then turn off the affected computer, plug the ethernet cord back in, wait about two minutes and then power up the computer. Open Avast and update it.

Now here is a page where you can download a .zip file for with pictures for the correct settings you need to use with Avast. Download and open it so you can see the pictures on correct settings.

http://www.mediafire.com/?qfjnl0n4q46kot5

After that update MBA-M again and run a new scan with the updated database. Come back with that log and hopefully you won't need to wear your new boots.:icon_lol:

0

If you find that Avast won't allow you to install without being online then of course stop the install and follow the steps for going back online. Then download from the link and install.

0

Here is the latest MalwareBytes log.......
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5195

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

11/26/2010 5:38:25 PM
mbam-log-2010-11-26 (17-38-25).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 269805
Time elapsed: 1 hour(s), 15 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

0

Here is ya a new HijackThis scan log......
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:09:24 PM, on 11/26/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Client Virtualization Handler (cvhsvc) - Unknown owner - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Intel Corporation - (no file)
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - (no file)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 3558 bytes

0

Ok now you need to Uninstall Combofix. Follow THESE instructions EXACTLY which are slightly different from the last ones I gave you:
Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

0

Another program you MUST install is SPYWAREBLASTER from Javacool. SpywareBlaster doesn't scan for and clean spyware--it prevents it from being installed in the first place. SpywareBlaster prevents the installation of ActiveX-based spyware, adware, dialers, browser hijackers, and other potentially unwanted programs. It can also block spyware/tracking cookies in IE, Mozilla Firefox, Netscape, and many other browsers, and restrict the actions of spyware/ad/tracking sites.
Truly a MUST HAVE PROGRAM and I wouldn't run any computer without it.
Download it, install, update and then click Enable All Protection. Close the program, that's it. It doesn't run in the background but offers superb protection.

http://download.cnet.com/SpywareBlaster/3000-8022_4-10196637.html

Edited by jholland1964: n/a

0

Do you have system restore turned on? If so, do the following:
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.

0

According to your original Uninstall list you posted from HiJackThis it showed your java was way out of date. You need to update it. To do this do the following:
Go to http://www.java.com/en/download/manual.jsp

Download the Offline Install and save it to your desktop for easy locating.

Next close all browsers. Go to Add/Remove and Uninstall All older versions of Java you find there.
Once they are all Uninstalled then double click the install file on your desktop.

WATCH the install VERY CAREFULLY as the installs now often include extra toolbars like yahoo or others, you ARE given the option to NOT take these by removing the check mark next to them, take the check mark out and continue with the install. Once it is complete then go back to the download page above and click Verify now on the right side of the page to go to the verification page where you can check to be sure the install was successful.

0

I have tried to Uninstall all 3 Java installs in Add/Remove. Each time I try to uninstall one I get the same error message:
Internal error 2753.RegUtils.dll
What do ya want me to do ?

0

The "SNAPFILES TOOL" just wouldn't boot those old Java files out so I used Revo Uninstaller and cleaned them out good ! I have installed the lastest and greatest Java so whats next ?

0

Good. Forgot about the Revo program. Do you have System Restore turned on? If so you need to do this:
You also need to set a new, clean Restore point.

Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.

I see you have SUPERAntispyware, update that weekly and scan with it.
Same goes for SpyBot, but keep the TeaTimer portion of it turned off, it interferes with fixes done by other programs.
Keep MBA-M, update and run a QuickScan weekly. If QuickScan finds something have it remove it, reboot and update again and run a Full Scan following same procedure.

Keep the cookie settings as I showed you earlier. Those are the BEST and Safest Settings to use.
Remember what I told you earlier, those files you were seeing enter your cookie folder WERE NOT cookies but infected files brought in by the trojans on there. Cookies are shown by a simple .txt icon but so are many other things on the computer. But that doesn't mean they are cookies. Get rid of that shortcut to your cookie folder you have on there, it is of no use. There really is no reason to keep watching those so stay out of there and count on the Disk Cleanup utility or CCleaner to clean out cookies...occasionally, certainly not daily. Just clean them out, before you do your scans so they don't have to go through all the cookies. Also remember, cookies take up very little space on the computer. AND 1st party cookies are usually considered good, it is the 3rd party cookies that are or can be bad.

Unless you are having other problems then I would say you are clean and can mark this thread solved. You did a fine job...once you followed directions as given :icon_biggrin:
Key is when you have problems, close out all unnecessary progams, update all your scanners, run the scanners, let them clean and be patient....and don't forget your boots!:icon_lol:

Judy

Edited by jholland1964: n/a

0

When you had me cleanout all the old RESTORE POINTS earlier, I hit the " MAKE NEW RESTORE button and made a fresh one. I will continue with your instructions and I will wear my boots proudly !
Judy, this boot scoot has been a journey that I will never forget. I thank you for walking with me even when the boots seemed uncomfortable ! If ya ever end up in TN.....look me up :)
I thank you for all your wisdom and patience ! You and Crunchie are great !
Take care !

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.