jholland1964 650

I still would avoid putting anything liquid or anything that will soon become liquid, whether in a plastic bag and towel or not. Too risky if you ask me.

jholland1964 650

Boot to Safe mode and see if you can locate this Steam and stop it from auto starting. Sounds like it may be too much for your machine.

jholland1964 650

What anti-virus program told you this?

Sounds like an overheating problem to me also but frankly, I would avoid the snow on the laptop.
Here is a free program to test the temperature of the laptop

[url]http://www.almico.com/speedfan.php[/url]

jholland1964 650

something still there for sure.
Try this one:
Download the [URL="http://support.kaspersky.com/downloads/utils/tdsskiller.zip"]TDSSKiller.zip[/URL] archive and extract it into a folder on the infected (or possibly infected) computer with an archiver (WinZip, for example);
Run the TDSSKiller.exe file;
Wait until the scanning and disinfection completes. A reboot might require after the disinfection has been completed .
The utility starts scanning the system for malicious and suspicious objects when you click the button Start scan.
f the utility detects an infection with the MBR bootkit, it will report the it has detected an infected object type “Physical drive” and prompt for action:

Cure. This action is only available if the utility has identified the exact type of the bootkit. If it has detected an unknown bootkit, it will be reported as Rootkit.Win32.BackBoot.gen.
Skip.
Copy to quarantine. The utility quarantines the infected MBR.
Restore. The utility restores a standard MBR.

A reboot might require after the disinfection has been completed.
Post back with the log.

jholland1964 650

Ok, let's try this:
Please download [B]ComboFix by sUBs[/B] from

[url]http://www.bleepingcomputer.com/download/anti-virus/combofix[/url]

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and [B]run it from your Desktop[/B]
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
• Re-enable all the programs that were disabled during the running of ComboFix..

[B]Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.[/B]

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

[B]Run Combofix ONCE only!![/B]
Post back with the log.

jholland1964 650

Did you try to run MBA-M in Safe Mode?
HiJackThis is rarely used anymore. Please follow the steps given in our Read Me First sticky and post back here with all logs.
[url]http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865[/url]

jholland1964 650

[B][I][COLOR="Green"]I've managed to donwload ATF cleaner and ran before running DDS Scanlogs. Does it affect anything? should I restart from the beginning and run everything again in that specific recommended order? [/COLOR][/I][/B]
No worries. Doesn't matter when it was run.

Your log shows a rootkit on the computer, please do the following:

Please download the TDSSKiller following these instructions:
Download the [B][URL="http://support.kaspersky.com/downloads/utils/tdsskiller.zip"]TDSSKiller.zip [/URL][/B]archive and extract it into a folder on the infected (or possibly infected) computer with an archiver (WinZip, for example);

Run the TDSSKiller.exe file;

Wait until the scanning and disinfection completes. A reboot might require after the disinfection has been completed.

Post back here with the log.

jholland1964 650

Have absolutely no idea what it was you actually got when you were supposed to download the ATF Cleaner but that is not what you downloaded. When you got to the Majorgeeks download page what you should have seen was what shows in my print screen, then you should have chosen one of the 3 download links shown, 2 from Majorgeeks and one from Internode which is only for Australian users.Once you click one of those you receive the executable file to save to the computer.
Then you double click that file to install and it definitely IS called the ATF-Cleaner, not PC Cleaner

jholland1964 650

HiJackThis is rarely used today, please follow the instructions given in our Read Me First sticky and post back here with copy/pastes of the logs produced.
[url]http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865[/url]

jholland1964 650

Download a new copy of Combofix and run it again, we will see if it shows anything else.

jholland1964 650

Update MBA-M and do another Full Scan, have it remove everything it finds, reboot and post back with the log.

jholland1964 650

Please now do the following:
Download the [B][URL="http://support.kaspersky.com/downloads/utils/tdsskiller.zip"]TDSSKiller.zip[/URL][/B] archive and extract it into a folder on the infected (or possibly infected) computer with an archiver (WinZip, for example);
Run the [B]TDSSKiller.exe[/B] file;
Wait until the scanning and disinfection completes. A reboot might require after the disinfection has been completed .
Post back with that log, then continue with instructions below:

Please download [B]ComboFix by sUBs[/B] from

[url]http://www.bleepingcomputer.com/download/anti-virus/combofix[/url]

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and [B]run it from your Desktop[/B]
• Physically disconnect from the internet.
• Now [B]STOP[/B] all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click [B]combofix.exe[/B] & follow the prompts.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
• Re-enable all the programs that were disabled during the running of ComboFix..

[B]Note:
Do not mouse-click combofix's window while it is running. That ...

jholland1964 650

Have you tried Safe Mode with Networking?

jholland1964 650

Don't see much there. Can you get me the log from the SpyBot scan that found the trojans?
Do the following to access the logs:
Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Pervious reports. Look for the Checks with the correct date and double click to open it and then copy/paste it back here.

Also, have you tried resetting the modem and the router?
Turn off all computers, laptops and video game consoles that are using the Internet connection through the modem and router. Unplug the power cords from the modem and the wireless router.

Wait 30 seconds and plug the power cord into the modem. The modem will start up and the indicator lights will begin to flicker. Wait for the lights to remain steady.

Plug the power cord into the wireless router. The indicator lights will flicker as it establishes a connection to the modem. When the lights are steady, the Internet connection is reset.

Turn on the computers, one at a time, that are using the router. Allow each one to boot to the desktop.

jholland1964 650

There is nothing in the MBA-M scanner that would be causing power problems in the house. Sounds to me like you have more than a computer or router problem. The computer does not have to be online to do any of these scans, only time it would need to be online with MBA-M would be when it is updated, otherwise it can be totally disconnected from the internet. But as I said, there is nothing in the program that would even relate to power problems in the house, except the computer needs power to run of course but if it.

Those two DDS Logs were supposed to be copy/pasted, not attached. We don't open attached logs from possibly infected computers. The instructions are quite clear on that.

jholland1964 650

Good Job! Great to have somebody who reads and follows directions! Helps things move much faster.

Attach.txt log needs to be copy/pasted also. Then also run this scan, have it fix/remove anything found. Reboot and come back with the log.

ESET Online Scanner

[url]http://www.eset.com/onlinescan/scanner.php?i_agree=14[/url]

  • You can use Internet Explorer to complete this scan and you will need to allow an Active X to be installed or you may use Firefox
  • You will need to temporarily Disable your current Anti-virus program.
  • Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
  • When you have completed that scan, a scanlog ought to have been created and located at[B] C:\Program Files\EsetOnlineScanner\log.txt.[/B]

jholland1964 650

Then I would say the AVG findings are a false postive. AVG is just not a very good anti-virus program. When researching your problem I found no other av program that found this file. I would advise you use a different anti-virus program, it certainly is one that I never recommend.
It rarely ranks among the highest or most reputable. My advice would be use [B][URL="http://www.filehippo.com/download_antivir/"]Avira Free 2012[/URL][/B] or [B][URL="http://www.filehippo.com/download_avast_antivirus/"]Avast Free[/URL][/B], but not AVG.
Your System restore is set way to large. You have restore points going back over six months. System Restore should never be used to go back that far, if it is used at all and then it should be only for a very few things.
Your Java is way out of date, you are running version 6 Update 25 and the most recent update is version 6 update 30.
Uninstall All Java listed in add/remove and then go here to download the latest version. [url]http://www.java.com/en/download/manual.jsp[/url]

Blahthing commented: Very Very helpful! +1

jholland1964 650

We have absolutely no information and the only way we can offer assistance is seeing the logs produced when you run these programs on our [B]Read me before posting a request for assistance[/B]
[url]http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865[/url]

jholland1964 650

We cannot offer any assistance until you run the tools from our Read Me first sticky and post the logs

[url]http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865[/url]

Post back with logs produced and we will be happy to provide assistance.

jholland1964 650

We need the second log from DDS and also a log, not a screen shot, from AVG

Also please upload this file C:\WINDOWS\system32\services.exe

to [url]https://www.virustotal.com/[/url] for scanning.

Post back with that information given. Not a print screen, but full information.

jholland1964 650

AVG will not remove a trojan as you have found. You need to follow the steps given in our Read First sticky
[url]http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865[/url]

Run all the requested programs allow them to clean whatever is found.
Then post back here with Copy/Pastes of all requested logs and we can then help you complete the removal.

jholland1964 650

Alireza_021, crunchie has very patiently given you the correct instructions to follow but you have not followed those instructions for the correct use of MBA-M which clearly say, Post the Full Log, which you did not do, you only posted items found, the entire log from the very first line at the top which gives the following information:
Malwarebytes Anti-Malware 1.60.0.1800
[url]www.malwarebytes.org[/url]

Database version:
Operating System
Version of Internet Explorer
Time and date the scan was run
Type of scan run.
You posted none of the above, which is vital information needed for the helper to see.
You also didn't follow the very clear instructions given in the instructions which say;

[B]Be sure that everything is checked, and click [COLOR="Red"]Remove Selected[/COLOR].[/B]
We know that you did not do this because your log shows for every item found;
-[B]> No action taken.[/B]
Meaning you only ran the scan and then closed the program. So no wonder your system is not running, you didn't do the Key step with the program which is tell it to clean.
You need to UPDATE the program once again and run another Full Scan and this time Have it Clean, reboot and come back here and post the entire log from top to bottom. Then we can give you the additional steps needed and based on the findings in the log there will be other steps needed.

jholland1964 650

Those are only two of the logs requested and it is not a removal program it only gives a picture of all that is installed and running on the computer. We need to see ALL the logs from the programs run from our Read Me First sticky, not just these two. According to the logs posted you did not install or run any of the other programs listed in the sticky, so you did NOT attempt to clean the machine, you only ran DDS. If you truly want to get the machine cleaned then you have to run all of the programs requested.

These two logs most definitely show a huge amount of malware on the computer.

You show three or parts of three different anti-virus programs on the computer though none of them show on the installed programs list;
ESET NOD32 Antivirus 4.0
Authentium AntiVirus5
Symantec\Norton

All of the items listed below are installed and were running on the computer during the DDS Scan and every single one of them is known malware;
AskToolbar
Babylon toolbar
Chikka Messenger V4
ICQToolBar
RegWork
Sky-Banners Browser Enhancer
SpeedyPC Pro
Street-Ads Browser Enhancer
Support.com Toolbar
Support.com Toolbar Updater
TelevisionFanatic toolbar
voguecash browser enhancer

Those listed above are just the ones I could easily identify, there are many, many others that I could not identify but they are running. Some of those above are listed in Add/Remove and must be Uninstalled using Add/Remove immediately. Not all of them are listed in Add/Remove but do ...

jholland1964 650

tinkerdink2005, this thread is over 5 years old. Much of what was done or recommended here may no longer apply. You need to begin your own thread and follow the steps given in our Read Me First sticky and somebody will be happy to assist you.

[url]http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865[/url]

jholland1964 650

What is it that you are classifying as junk files? If you mean items in the recycle bin, just empty it.
Run Disk clean up which also removes temp files and that type of thing. But we need to know what you mean when you say junk files. If you mean programs you no longer use then those would need to be actually Uninstalled using Add/Remove.

jholland1964 650

Downloading of SpyBot Search and Destroy would not cause this problem unless you did not get the real program. Where did you get the program?
The only download sites for this program are those listed on it's website:

[url]http://www.safer-networking.org/en/mirrors/index.html[/url]

You need to follow the steps given here:
[url]http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865[/url]

You obviously are posting from another computer since you say you cannot access the internet with the affected computer so use this computer to download the programs, put them onto a flash drive and use that to put the programs onto the affected computer, then run the programs and post back with the logs.

jholland1964 650

Always happy to help!

jholland1964 650

MBA-M Free version is a scanner/remover only, doesn't run in the back ground so it would have no affect whatsoever.It is just another good and very effective way of keeping the computer clean. Update it and do a scan with it at least once a week. Always update before each and every scan.

jholland1964 650

Happy to help. Hope things are working well for you. Thanks also for identifying those start up which were unknown to my.
PhilliePhan gave me that avatar years ago at another forum and I like it also so I "carry it with me":)

jholland1964 650

I would suggest you begin from scratch, however, previous advice was reformat, present advice would be no different. HiJackThis is really no longer used that much and offers little if any information that can determine infection. The Read Me first sticky is what we would work from.
Yes, a recovery disk will wipe the drive and bring the computer back to it's factory install condition. After 18 months and having no clean up done of the computer then that would be my recommendation. however if you wish to start a new thread of course this is your option, but those tools in the Read me first sticky would be required, that is the only way we can get the information needed to proceed. If one tool doesn't work, go on to the next. DDS scanner, both logs are two of the key things that must be done.Without those we have no information whatsoever.
But after 18 months without doing anything my advice is a clean install. It would likely take you only a few hours to do so. You have waited 18 months to even think about returning so I am certain a clean up may very well be totally impossible too much time has passed to even half way believe that this computer can be cleaned to the users satisfaction.