Posts by jholland1964

Are you using Vista Basic or Home Premium or are you using Vista Business, Ultimate, or Enterprise edition?
The reason I ask is that the fixes I have found are different.

Check this link and see if it helps. It gives fixes for both types;

http://www.vistax64.com/tutorials/154714-display-settings-enable-disable-changing.html

Operating System?

What operating system are you using? Is the IE7 an update from IE6 or is it the original browser?
Do you know the actual cause of the crash? When you say that you got your system up and running again, how did you do this?

There is no one program which will detect everything. Sorry that you had this happen, however, depends on what the exact problem was, when and how it came onto the computer AND if your particular programs were the very latest versions and had all ready had updates which would have detected whatever it was. If it was something brand new then many times some perfectly good programs won't detect it until the techs at that particular place come up with the update to the program so that the new threat can be detected and stopped and removed. Can't say absolutely why yours didn't detect and remove because we don't know what it was. There are a several very nasty items out there now and some programs just don't catch them yet. There are also some nasties which just aren't detected by your standard anti-virus program, they need a special program to do so.
When you say Lavasoft, I have to assume you mean some version of AdAware...the most recent versions, at least I don't feel are as thorough as previous versions.
Spybot is and has been a very good program to keep on the computer. Don't use the TeaTimer portion however as at times it can interfere with removals. Another very good program in use now is Malwarebytes'-Anti-Malware. It too is highly recommended and WILL remove many of the latest nasty items out there.
There really is not one program which will catch everything, there …

Absolutely fascinating!!!!

Spywareblaster doesn't run in the background at all so it shouldn't conflict with anything really. I have used that program with three different antivirus programs, including AVG, over the years and have not had a single problem with it conflicting with any of them.

Run AVG in Safe Mode. Do a full system scan and fix everything it finds.

Have you tried Safe Mode with Networking? You may be able to at least download HJT & Malwarebytes' Anti-Malware that way.

With Spybot, you can TURN OFF that TeaTimer, which often times is more trouble than it is worth because it is known to sometimes interfere with fixes needed, by going to Spybot, Advanced Mode (up at the top of the program) Then at the bottom choosing Tools, Resident. Take the checkmark OUT of TeaTimer then close the program.
Judy

I would drop the AdAware. Newest version isn't as good as past versions.
If by AVG you mean the antivirus program, yes, it can run with the others. If you mean AVG Anti-spy then it is no longer available as a stand alone program but comes with AVG8 Anti-virus.

Thanks for the great info. Have saved this for future use.
Judy

Glad it all turned out so well! I didn't do much, you obviously read about the combofix in another thread. Must caution others reading this that this will not work for every computer or every type of infection and one shouldn't run it unless directed by somebody helping you.
Glad all turned out so well g3nX

just uncheck the 04's releated to each program, in hijackthis to disable them at start up .no need for another program

When learning how to read and interpret HJT logs I was taught never to consider HiJackThis a fixer program but basically a scanner program and that it should not be used as a program to stop auto starts. This is why I always recommend using either Codestuff Starter or another good program, Mike Lin's Startup Control Panel. Hence, my recommendations in my above post.
If daniweb Admins prefer that I no longer make these recommendations to use these programs and prefer that HJT be used for this then I will no longer make start up program recommendations. I did not know that these programs were not allowed here.

Are you still having issues or do things seem cleared up?
Run a new HJT scan and post the log.

Give me a bit and I will give you a list and a recommendation for a FREE program to use to control these.

Ok, here you go. First thing you need to download the FREE program CodeStuff Starter
and install the program. This is a very easy way to control auto-starts both in the Start Menu and Services. Much better than using msconfig which should be used basically as a troubleshooting tool and not a permanent start control program.

Once you have installed the program, open it. You will see three tabs...Startups (these are the programs which load via the Startup menu, Processes (these are the processes running on the computer, much like your Task Manager would show you however you can double click on each process and it will show you what OTHER processes or programs are connected to this particular running process, the last Tab are Services. Services are programs that are loaded automatically by Windows on startup.

Open the Startups Tab. These listed below can be stopped from running automatically at start up by removing the checkmark next to each. None of these programs are required for the running of the computer;

NvCplDaemon...System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable …

Give me a bit and I will give you a list and a recommendation for a FREE program to use to control these.

Once you back up your data. Then the only thing you would need to do with System Restore is turn it off, this will clear the old and possibly infected restore points. Wait a minute and then turn it back on and it will set a new clean Restore point. That is it. You DON'T want to go back to another time or date because you do run the risk of bringing the infection back.

Do you have another computer you can use to download, save to disk and then bring the program to the problem computer?
Have you also tried Safe Mode with Networking?

Please re-run Malwarebytes'-Anti-Malware and have if FIX everything found.
Next run HouseCall and also have it fix everything found.

sheik124, you really need to make your posts in YOUR OWN thread. No two computers or their problems are exactly alike. What works on one may not work on another. While the problems may seem similar, g3nX's Malwarebytes log is clean so the problem he has is not exactly the same as yours. If you have questions or problems please create your own thread. Doing this can lead to confusion for the original poster, for those of us trying to assist him (in fact when I read your post I thought at first he had run another Malwarebytes scan but thankfully I realized the log was not his) and confusion for others who may be reading this thread.

Recovery Console and System Restore are two different things.

http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx
The System Restore feature is built into Windows XP and is used to return your computer to an earlier state if you have a system failure or other major problem with your computer. System Restore automatically tracks changes to your computer and creates restore points before major changes are to occurFor example, restore points are created before new device drivers, automatic updates, unsigned drivers, and some applications are installed. These healthy system checkpoints are created without prompting or intervention from the user the first time the computer is started after Windows XP is installed and, by default, on a daily basis after that. You can also manually create restore points.

When you use System Restore, you can revert to a saved state (of several days or weeks earlier if needed) without losing personal data including Word documents, e-mail settings and messages, and your Internet favorites list. System Restore won't lose any data you have stored in the My Documents, My Pictures, or My Music folders either

http://pcsupport.about.com/od/termsr/p/recoveryconsole.htm
The Recovery Console is for use when your system does not start correctly. The Recovery Console is particularly useful if you have to repair your computer by copying a file from a disk or CD-ROM to your hard disk, or if you have to reconfigure a service that is preventing your computer from starting correctly. These actually would be KEY original system files, NOT a saved document or …

You are using an old version of HiJackThis. Try THIS one

Also download and run Malwarebytes'-Anti-Malware
* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Post back here with both logs.

please, anybody? :(

I don't really see anything in your HJT log. Have you tried running Error Checking?
Open My Computer, Right Click "C" Drive. Choose Properties. Then go to Tools tab. On Error Checking click Check Now. A box will open, place checkmarks in both Fix errors and Scan for and Recover Bad Sectors. Click OK. Then you will get a message this cannot be done now, do you want to do it on reboot? Choose yes or ok. Then reboot the computer and Error Checking will run. This will take awhile so be patient.

Are things running ok now? Looks pretty good. You do have some unnecessary start ups but those are up to you. You do need to update your Java as the newest version is version 6 update 7.
Go HERE to download latest version, choose Offline install and save it to the desktop. Once you have downloaded that then go to Add/Remove and Uninstall all older versions shown. Once those are uninstalled then go to the Java install program on the desktop and double click to install. Follow any prompts given. Once the install is complete then go back to the original link and click Verify on the right hand side of the page and make sure the install went correctly.
Judy

Go into the Malwarebytes program. Click on the logs tab. Go through each log and find the one which removed 69 items. Copy/paste that one here.
The last run of the program didn't find anything because there was nothing to find. Everything was removed.

Strangest log I have seen...why did you only fix one time?

We need to see that malwarebytes log.

Again....What size hard drive do you have...How much space remains on it and how much RAM do you have installed????

Are you running this in SAFE MODE?
How about my questions concerning hard drive and ram?

Be sure to post ALL the logs. We may need to try one more thing. But I need to see the logs to be certain.

put, you need to begin YOUR OWN thread with all of this information. No two computers or problems are exactly alike.

How full is your hard drive? How much RAM is installed?

Also, I would suggest that you Uninstall ALL of the Anti-virus programs you have installed via Add/Remove Programs and then try to run MBA-M.
If it still hangs, try to run it in Safe Mode.

Let us know how you fare.

--- Re-install only ONE anti-virus program after the MBA-M scan. Looks like you have settled on AVG. That should be a solid choice.

Best Luck :)
PP

Also uninstall that SpySpotter System Defender. It is a VERY questionable program, not recommended.

Did a boot fix of Malware and running the scan again...
.

WHY?

Try HouseCall

Are you absolutely certain it is freezing? This scan can take awhile. The files which begin
HKEY_CLASSES_ROOT are registry files, these would take awhile to scan, it may not actually be frozen you may not be giving it enough time to scan. A full scan take take more than an hour at times.

Have you run other anti-spy programs like Spybot? If not you might try that first and then Malwarebytes.

Nothing in the log really jumps out to me....have you done some general house cleaning...emptied temp files, run a defrag and the like?
Give us more information on the computer itself...
Hard drive size, how much space remaining
How much RAM is installed
How long has this slowness been going on...

Re-run the Malwarebytes program again and allow it to fix everything it finds.
Also run the online ESET Scanner and allow it also to fix all it finds. Note* You must use Internet Explorer for the ESET scanner.
Post back here with both logs.

At the present time it is up to the poster as to which AV to use. Avast, which is an excellent program, is all ready on the system therefore it is advisable to leave it on there.

Post the malwarebytes log as soon as it is complete. Be sure to have it fix what it finds.
After that I want you to download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop
Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Double Click the Combofix icon on the desktop.
Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Windows may issue a prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
When the program begins to run you will be offered a disclaimer. To agree to run the program you must press 1. Please do so.
Then ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry.

Once the Windows Registry …

Was the zip file the only way to post it? You can either copy/paste or attach as a .txt file.

thanks for a quick prompt.
I have tried the suggestions in the read before posting:
system restore as i said before has a problem. sometimes, only sometimes works in safe mode.
atf-cleaner cannot be accessed.
microsoft malicious removal tool.... can be accessed to the downloading part and then stops. try the other link... not able to access.
option 9 for the online scanning... all of them cannot be accessed.!
i have been trying to post the HJT log with no success.... i will keep on trying

Don't worry about the System Restore part...you don't need to do anything with that until we are sure the system is clean.
When you say ATF-Cleaner cannot be accessed do you mean you cannot download it or you have downloaded it but cannot run it?
If nothing else try the built-in disk clean up program on the computer. If you can't do that either don't worry about it.
A key program would be the Malwarebytes program. Have you been able to download and install it?
The main thing is do what you can.
What is happening when you are trying to post the HJT log?

The DSS is not available at this time so just continue to follow PP's other instructions

FIRST:
Look in Add / Remove Programs and Remove/Uninstall the following crapware:
C:\Program Files\RXToolBar
C:\Program Files\SpySpotter3
C:\Program Files\MyWebSearch

and do as you have done and use HJT.
Your log shows also the Blaster worm. Can you run any Online AV scanners like ESET Online Scanner? If you can try that one and DO allow it to fix what it finds.
He has steps to run HERE and ESET Scanner is one of those steps. Try to follow as many of the steps he gives there as possible, especially the ESET, but go ahead and clean with it and also try the Malwarebytes-Anti-Malware program also. Allow it to clean too.

We ALWAYS recommend AGAINST playing with the registry unless you REALLY, REALLY know what you are doing and that you begin by following the steps HERE
Your log shows evidence of a trojan of the zlob family. This is one reason a Regedit is NOT the way to go at this time. This wouldn't remove a trojan.
Follow all the steps in that sticky, WITH THE EXCEPTION of the Deckard Scanner instructions. For now that program is not available. Do the other steps recommended and be absolutely certain if the instructions say to use to program to FIX items found then please do so.
Follow all those instructions, except of course those having to do with DSS and then run a new scan with HJT. Post back here with all the logs requested in the sticky and we will go from there.
Judy

Can you try the steps HERE?.
Especially the Malwarebytes program. Have it fix everything found.
Ignore the DSS scanner program in that sticky for now, it is not available.
See if you can get us a scan with HiJackThis too

Can you post the malwarebytes log for us so we can be certain?
Right now the DSS is not available due to problems with the program. This is why the links to it do not work.
Judy

Hi friend!

Please advice how the spywares comes again even after I format the complete system . What is the possibility? Where its comes from?
Thanks,
Sakthi

I believe I answered this in my post.

Proper setting of the browser for one thing will reduce or protect against tracking cookies. It must be set to accept 1st Party Cookies only...these are the actual cookies from the website you are visiting.

Go online and you can get spyware, period. If you NEVER go online, NEVER email, etc., then no you will not get spyware or viruses or trojans unless somebody gives you a disk, flash drive, etc., which carries an infection, then it would pass from that disk, flash drive or whatever to your computer. But essentially you have to GO ONLINE to get spyware/malware.

A reformat does NOTHING to stop spyware from coming into the computer, it just wipes the drive clean and reinstalls the operating system, yes of course it will usually remove any remaining spyware but it does not stop it from coming back if you don't use proper precautions when you are on the internet. Go online and you can get spyware on a brand new computer just out of the box or a 10 year old computer...makes no difference. The KEY is SAFE SURFING, good protection programs, proper security settings in the browser. I also stress again MRU's are NOT necessarily spyware. I say again;

MRU means Most Recently Used and really is …

This "ppxcs" is bothering me . please advise how to get rid of this.
Thanks

khpramanik, this is nimos thread
You need to begin your own thread, we cannot work with multiple posters on one thread, you must begin your own and follow the instructions HERE. Be sure if instructions tell you to Remove Selected that you do so.
Once you have completed steps there please post back here with the requested logs.
Note* all programs requested in that sticky are FREE and those we recommend most here.

One problem is you are running two or at least parts of two antivirus programs...Avast and AVG7. Since AVG has been replaced with AVG 8 I would advise that you UNINSTALL AVG completely. Also, for now, turn off Webroot Spysweeper as it is running in the background and along with the two running AV programs can interfere with removals of some types of spyware.
THEN go HERE and run the programs noted there including Malwarebytes Anti-Malware and be sure to allow it to fix or remove everything it finds and also run the ESET Online Scanner. Save logs from both. Then run a new scan with HJT and attach all three logs back here.

I you DON'T try the Avast uninstall does the computer boot and act normally?

You need to complete all the steps given HERE. Be sure if instructions tell you to Remove Selected that you do so.
Once you have completed steps there please post back here with the requested logs.
Note* all programs requested in that sticky are FREE and those we recommend most here.

Please Download ATF-Cleaner.exe by Atribune (Windows XP, 2K, 2003 & Vista ONLY)

• You can put ATF-Cleaner on your Desktop for easy access.
RUN ATF-Cleaner.exe.
-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

Next run Malwarebytes' Anti-Malware program again, be sure to UPDATE it first, and this time when it is finished Be sure that everything is checked, and click Remove Selected.

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked , and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

After you have done all of the above, and saved the logs, then run HJT again and save that new log. Post back here with those three attached logs.

When uninstalling Avast, as with many other program uninstalls, the computer MUST restart in order to complete the Uninstall. If it doesn't then the uninstall will not complete.
Try going through Add/Remove and see if Avast remains there, if so try the Uninstall there. ALLOW the computer to reboot. If this doesn't work then Avast does have an Uninstall Tool to try found HERE
Once it is uninstalled then install the new version.