Posts by jholland1964

Hi robertcarl,
Malwarebytes's did remove some nasty items. The two you mention in your posts CKVO.exe and now the Dc8.exe both appear to be game related in some way.
Dc8.exe is from GameSpyArcade
GameSpyArcade can be installed when you install a Game.
A lot of games now give you the option to install GameSpyArcade
Older Games did not give you an option and GameSpyArcade was installed without your knowledge. While the CKVO.exe also has been called, from what I could find,
Trojan.Win32.Vaklik.cdj
Trojan-PSW.Win32.OnLineGames.rxtk
Trojan-GameThief.Win32.OnLineGames.sitj

Now as far as your Norton showing as expired, as long as you have all the information regarding this...your current registration number and such, you should be able to uninstall it and reinstall it without purchasing a new copy and the expiration date would be restored. But we will get to that shortly, as long as it is still working right now let's leave it there and continue to be certain the computer is totally free of infection before doing that reinstall. You don't want the reinstall possibly damaged by anything still remaining.
I would like you now to do the following;

Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

* Close all open Windows including this one.

Have you tried a Safe Boot?
Using the F8 Method

1. Restart your computer.
2. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
3. Select the option for Safe Mode using the arrow keys.
4. Then press enter on your keyboard to boot into Safe Mode.

Hi welcome to daniweb,
Various conditions are usually the cause of this error.
This link gives various reasons and you should check out all of them;

http://support.microsoft.com/kb/330182

The possible causes given are these;

If this issue occurs after the first restart during Windows Setup, or after the Setup program is finished, the computer may not have sufficient hard disk space to run Windows.

If this issue occurs after the first restart during Windows Setup, or after Setup is complete, the computer BIOS may be incompatible with Windows.

Incompatible video adapter drivers.

A damaged device driver or system service.

If the issue is associated with the Win32k.sys file, it may be caused by a third-party remote control program.

Looks good to me pete. Are things running better? Are you running a firewall? Don't see any in the log.
I would also suggest that you use SpywareBlaster. A must have tool really, HIGHLY recommended, it is FREE and it DOES NOT run in the background. But it will, to quote from their website;

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
Restrict the actions of potentially unwanted sites in Internet Explorer.

Now one thing you need to do is set a new, and now clean, restore point.
To do this do the following;
Right Click My Computer. Choose Properties. When System Properties opens click the System Restore Tab. When that opens place a checkmark in Turn Off System Restore and click Ok. You will get a message telling you that you are turning it off and asking if you want to do this. Say yes, or ok whatever the answer is. It will then turn off.
Wait a moment and then go back in there and Remove that checkmark and it will then turn back on.
Judy

Run the MBA-M program first and let it fix what it finds. Then run combofix programand let's see what it shows.
Be sure to follow the instructions exactly and turn off all security programs while running it.
Post back here with both logs.
Judy

Look in your Event Viewer for errors.
Go to Start, Control Panel, Administrative Tools, Event Viewer. When that opens look in both System and Application for errors noted around the boot time. This may give us a clue.
When you see one of these errors double click on it. A box will open and tell you what caused the error and what it was.

One more thing gctbob,
After you have run MBA-M you should delete that old version of HJT and download and run a full system scan with the newest version which you can download HERE
Then post back here with both the MBA-M log and the new HJT scan logs.
Judy

Looks good to me also. I say you are "good to go"
Judy

Hi robertcarl, welcome to daniweb. One definite reason for slowness on the computer is your log shows you are running TWO antivirus programs. This is an absolute No-No. The absolute rule is ONE antivirus program and ONE firewall running on a computer. Your log shows both Norton and Avast fully running on the computer. Your choice, but you MUST uninstall one of them immediately. Once you do the uninstall then reboot the system.
Next do the following;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Reboot the system.
Then run a new HJT scan and post back here with the MBA-M log and the new HJT log.
Judy

Hi moe, welcome to daniweb. Did your antivirus scan find anything?
I would like you to do the followingl
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.

Post back here with that log and a new HiJackThis log.

Hi pete25,
Looks a lot better. Few more things you need to do. Hopefully you rebooted your system after the scans, if you have not then please do so now.

Please Download ATF-Cleaner.exe by Atribune(Windows XP, 2K, 2003 & Vista ONLY)

• You can put ATF-Cleaner on your Desktop for easy access.
  RUN ATF-Cleaner.exe.

• Click on ATF-Cleaner to run it

• Where it says Select Files To Delete, Check the Select All Option

• Click Empty Selected > OK

• If you use Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, click No at the prompt.

• If you use Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, click No at the prompt.

• Click Exit on the Main menu to close the program..

Now do the following; Open your Spybot Search & Destroy program. Go up to the top where it says Mode. Choose Advanced Mode. Once the Advanced mode is open then go down to the lower left corner and choose Tools. Once Tools opens on the left side click Resident. When Resident opens please take the checkmark OUT of TeaTimer. Click OK and close the program.
Next I want you to run the

Combofix log should be located in C:\ComboFix.txt.
Look there.

If you intend to install AVG it should be done as a replacement to your currently installed and running antivirus program ESET NOD32. The absolute rule is only one antivirus program on a computer. You should UNINSTALL ESET NOD32 first before installing another antivirus program.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Judy

cant do anything. tried to run avg anti virus and done nothing and run combofx, sdfix, and smitfraudfix. maybe i am doing them wrong cus i am still getting the same problem and my windows id says virus alert keep getting all these virus infection pop up. need help asap go to school online cant submit any homework.

Do you have the logs of these programs you have run? If so, post them here please.
Judy

and message on a blue screen flashes up and says something that begins with "a problem was detected.......".

Can you give us the full wording of this blue screen message? This may give us a clue as to what we are looking for here.
Judy

If it isn't too much trouble, could you instruct me on how to do this? I have never done it before. Thanks.

Very easy to do. Right click My Computer. Choose Properties. The System Properties box will open and on there you will see several Tabs, one of them being System Restore. Click that Tab. When that opens place a checkmark in Turn Off System Restore, click OK. You probably will then get a message telling you that you are about to turn it off and are you sure, or something to that effect. Say yes or ok, whatever the option is. It will then turn off. Wait a moment and do the same thing only this time Take Out the checkmark. Click Ok. They you might get a message that it is turning on. Say ok or yes if needed. That is it.:)
Judy

Happy to help.
Judy

Looks pretty good to me too. Are you running a firewall? Also would recommend adding SpywareBlaster.
Very highly recommended. Doesn't run in the background and really a super protector against ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software and will block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
Judy

If they were in System Restore you need to set a new, clean restore point.

Good, I will wait for your log.
Judy

Hi Judy
thanks very much
after using Malware bytes anti-malware the rec circle has gone!!
should i still paste the logs or am i safe?

very grateful
Paul

Yes, most definitely post the logs. This way we can be certain, that, even though the specific problem of the red circle is gone, that there are not other problems which need to be addressed. Very often one infection can lead to another before the computer is cleaned OR the one infection which has been removed is actually the result of the weakening of defenses by a whole different issue or infection which has not yet been removed. Let's see those logs, ok?
Judy

steve328, you need to begin your OWN thread, rather than posting in another's. Each computer is different, and each problem is different. Make your own thread, give it a title explaining the problem...then in your post be specific about the problem, what scans you have done and the results and post the logs for those scans so maybe we can see why they did and exactly what they removed and for the ones you say didn't work, maybe we can see why they didn't work.
Will be looking for your new thread.
Judy

Hi paul, welcome to daniweb. That red circle with a white x is a sign of infection. Please begin by doing the steps given HERE. Please note the instructions closely, if they are to have a specific program clean or delete what is found then please be sure to do so.
Instead of running the Deckard Scanner, which is not available now, please finish the steps with a full system scan with HiJackThis.
When you have completed all the steps then post back here with the requested logs.
Judy

Hi welcome to daniweb,
I would suggest that you begin with the steps given HERE but don't use the step concerning the DSS scanner as it is unavailable at this time. Finish instead with a scan with HiJackThis
Post back here with all the requested logs and remember, if the instruction says to allow the program to clean then please do so.
Judy

When a program says Delete on reboot.
This means you need to reboot the computer. Both Spybot and Malwarebytes's are showing the computer needs rebooting in order to remove the infections. This should be considered standard practice when using.
Reboot the computer. Then run Spybot again. If it finds anything tell it to remove it. Then reboot the computer.
Then run Malwarebytes' again, if it finds something then have it fix or remove. Then reboot the computer.
After you have done both then run a new HJT scan and post that log here.

Have you installed or enabled the firewall discussed? Have you installed SpywareBlaster as recommended? Have you installed an updated antivirus program? AVG 7 isn't the most current version of AVG. It is now up to AVG 8. Where were these located on the system? If they were in System Restore you need to set a new, clean restore point, once you are certain the computer is clean. Also empty the Malwarebytes's Quarantine and then run a new full system scan with AVG and see what it comes up with.

i assure you i didnt just run combofix by just dreaming up the name and then luckily finding a program that actually matched the dreamt up name. I was sent there.

That is not what I meant. I didn't think you just dreamed it up. But now the question is WHO told you to use it and WHY?

Combofix wouldn't remove those programs you note, those are legitimate programs. Combofix is a scanner used to scan for malware and hopefully will remove the malware it finds. But it isn't generally going to remove legitimate programs, especially those which came installed on the computer having to do with the operating system or updates to that system or to those programs.

When you say "Here's the ones I can't get rid of" do you mean they will not uninstall? How did you try to uninstall them and WHY? Many of the items you show are Security Updates for various Microsoft programs and shouldn't be removed.

You have not told us what operating system you are running, though I have to assume, based on the Add/Remove list is that it is XPSP3

WHy do you want to get rid of Dr. Watson?

To pick some others at random...your Add/Remove list shows the following Java versions in the list;
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
But you …

Apologise as computerkept shutting down and did not know if request went

That's ok. Just follow steps given in the sticky and post back with the logs.
Judy

Happy to be of service!
Judy

Can you tell us the reason you ran combofix in the first place? You really shouldn't run that unless directed to do so after running the steps in the link below.
You need to go HERE and complete the steps given there. Including ATF-Cleaner, to get rid of all those temp files...this should always be a FIRST Step. Then run Malwarebytes' Anti-Malware and allow it to fix what it finds. Do the online ESET Scan and SKIP the DSS program as it is not available at this time.
Following that please run HiJackThis on a full system scan and save the log. Post back here with the MBA-M log and the HiJackThis log.
Judy

Looks good but you need to update your Java. It is WAY out of date. Go HERE Download the Offline Install file and save it to the desktop.
Once you have done that then go to Add/Remove and Uninstall all previous versions of Java. After the Uninstall is complete go to the Java Install file on the desktop and click it to install the newest version. Once the Install is finished then go back to that link above and on the right side you will see Verify Now. Click that to be certain the install went as planned.
Judy

Looks good to me. Does everything seem to be working ok now?
Judy

Happy to have helped!
Judy

Hi welcome to daniweb,
Follow the instructions and run ALL the programs noted HERE WITH THE EXCEPTION of DSS scanner as it is NOT available at this time. Instead once you have completed all the instructions then download and run HiJackThis
After that then post back here with all the requested logs and we will see what is going on. Remember if the instructions say to Clean everything found then please do so.
Judy

I do have windows firewall enabled. Is this not secure enough? Would you recommend an additional firewall, or will I be alright with windows firewall?

I really appreciate all your help. Thanks.

Well, I know some will argue with this but I have used the Windows Firewall exclusively for well over 4 years and NEVER had a problem.
I have followed the advice of a fellow from another board, very knowledgable, I might add, who several years ago posted this argument concerning the Windows Firewall;

Windows Firewall blocks only incoming stuff whereas third-party firewalls block both incoming and outgoing stuff. This means that were you to inadvertently allow a trojan to be installed, WF would not prevent it from calling home with whatever information it had managed to harvest from your computer (passwords, monitored keystrokes, etc, etc). So, in theory, a third-party utility will offer a greater level of security than WF. However ...

... simply adopting safe surfing practices (not downloading applications from warez sites or via file-sharing utilities, not installing no-cost applications from little-known developers, etc, etc, etc) and running a good antivirus utility should be sufficient to prevent any trojans or other unwanted items from finding their way onto your computer and so a bi-directional firewall is, IMO, of less importance than many people seem to think.

Furthermore, look back over old threads and you'll find few (if any) instances of a person being "stung" as a result of using WF - but you'll find …

I am having a problem that seems may be common today....By the way, any clue how I may have gotten this trojan horse SHeur.chkn or how bad it is?

Your first comment is an understatement, to say the least! Nearly every MBA-M log I have seen in the last two weeks contains this infection! Have no idea where it comes from.
Here is one definition...

Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior. High risks are typically installed without user interaction through security exploits, and can severely compromise system security.

Doesn't tell us much does it?:)
One thing I note in your HJT log is you do not seem to be running a Firewall, are you running the built in Windows Firewall? This won't show in the HJT logs. If you aren't running one then by all means either use the built in Windows firewall or install one of the good free ones available. There are several noted in THIS LINK
Myself, and many others here also highly recommend SpywareBlaster It is truly a MUST HAVE, it is FREE and one super thing is that it DOES NOT run in the background.

Helps prevent the installation of spyware, adware, browser hijackers, dialers, and other unwanted software; blocks many spyware/tracking cookies, and restricts …

Hi welcome to daniweb,

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Judy

Hi Pete welcome to daniweb, You have multiple posts here over the last 15 minutes. You have to give us time to respond. There are many people asking for help and it takes awhile to get to everyone.
You noted in two posts you have used Ad Ware, do you mean the legitimate program AdAware or something else? And you have used Spybot. Is this all? How about an antivirus scan?
You need to complete the steps given HERE and post the requested logs. If the instructions tell you to clean whatever is found then please do so. Please follow each step PP gives there and run ALL of the programs he requests.
Ignore the instruction for DSS scanner as it is not available at this time. Go instead with HiJackThis. Do a full system scan and save the log and post it here along with the other logs noted in the sticky I gave you above. Then we can better help you. We need to see what the infections are and if there are other steps needed for removal but we can't do that without the other steps.
Judy

Looks like MBA-M did it's job. A question, do you use Lotus or Microsoft Exchange for your mail?
Reason I ask is I see you have a lone McAfee program running and that is McAfee Spamkiller, which, according to their website is exclusively for use with either of those two programs. If you do not use either then you should uninstall it.
You also have a few unnecessary start ups running all the time in the background and these can easily be run manually when needed.
Run HiJackThis again and place a checkmark next to the following;
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
Once you have placed the checkmarks then click the Fix Checked Button. Exit HJT.
Reboot the computer.
Run one more full system scan with HJT. Save the log and post it here.
Judy

Hope all goes well and sorry you had to reformat.
Judy

Hi and welcome to daniweb,
My advice would be to follow the steps given HERE Follow all steps, especially make note about cleaning out with ATF-Cleaner before beginning. Complete all steps but ignore the step with DSS scanner as it is having issues at this time. Substitute instead a run of HiJackThis, which you can download HERE
Post back here with all logs requested and also please be sure, if the instructions tell you to Remove everything found then please do so.
Judy

Happy I could help! Looks good. Though you do need to update your Java as the version you are running is WAY out of date. Go HERE Download the Offline Install file and save it to the desktop.
Once you have done that then go to Add/Remove and Uninstall all previous versions of Java. After the Uninstall is complete go to the Java Install file on the desktop and click it to install the newest version. Once the Install is finished then go back to that link above and on the right side you will see Verify Now. Click that to be certain the install went as planned.
Judy

Happy I could help! You do need to update your Java as the version you are running is WAY out of date. Go HERE Download the Offline Install file and save it to the desktop.
Once you have done that then go to Add/Remove and Uninstall all previous versions of Java. After the Uninstall is complete go to the Java Install file on the desktop and click it to install the newest version. Once the Install is finished then go back to that link above and on the right side you will see Verify Now. Click that to be certain the install went as planned.
You also have some unnecessary auto starting programs which can slow the computer that you can easily run manually. If you want to run HJT again and fix these do the following;
Run another full system scan and place checkmarks next to the following if they still remain;
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Once you have placed the checkmarks then click the Fix Checked button. …

Looks pretty good. How are things working?

All looks clean to me. Do the problems seem to have been corrected?

Update Malwarebytes' Anti-Malware and run it again for me. Be sure to remove all that is found and then reboot again.

Hi welcome to daniweb,

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Post back here with that MBA-M log.
Judy

Make sure you rebooted the computer.
Let's see a new HJT log.
Judy

Post the log of the malwarebytes' scan and we can take a look.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Next delete your current version of HJT, it is out of date. Download the NEWEST Version and then run a full system scan with that new version. Post back here with both logs.