Posts by jholland1964

You should be able to remove these items with a program like Spybot Search & Destroy and also using something like ATF-Cleaner or CCleaner. Tracking cookies are temp files and also can be deleted by using the built in Disk Cleanup.
MRU means Most Recently Used and really is not malware. Usually MRU's contain information such as the names and/or locations of the last files you have accessed. They are located ALL OVER your registry, and for almost ANY file type, not necessarily malware.
Your KEY phrase is torrent file which means that you have used P2P file sharing. If it was a Nero torrent then this means you wanted to get a paid program for nothing and you ended up with more than you bargained for which is a risk you take by using P2P.
A reformat is not usually necessary to remove spyware and really a drastic step to take. This is usually only recommended when valuable system files have been damaged beyond repair.
The best way to NOT get spyware is use safe surfing practices, if you still end up with spyware then the best way to begin to remove it is to follow all the steps given HERE
You also state that you used

ca internet security, ad aware, norton and avg.

The absolute rule is ONE anti-virus program on the computer, if you are running all these at the same time then you probably are lessening your protection. They …

You really should run the steps in the link given to be certain that all nasty items are truly removed. Shouldn't take 7 hours to run those few programs, which are all FREE by the way.

Tried scanning my computer with a bunch of anti spyware softwares, but couldn't find anything...

Which programs did you use? We always recommend that you begin with all the steps given HERE
Follow all instructions, run all programs and be sure to FIX if instructions say to do so. Once you have completed all the steps in the sticky then post back with all the requested logs and we can go from there.
Judy

In one word NO. The ABSOLUTE rule is only one anti-virus program running and one firewall. Now that is not to say that you cannot have two of them installed, though I personally wouldn't recommend that either since very often once you get an anti-virus program installed it is very hard to keep it from running.
The reason behind this is that often times they will end up battling each other, slow the computer AND often times let something onto the computer that shouldn't be there.
If you want to use more than one virus program to be certain there isn't anything the onboard program is missing then most will suggest also using an online anti-virus scanner, ESET Scanner for instance, is a very good one and highly recommended.
PhilliePhan has some good suggestions for online scanners in his sticky HERE

Can you tell us and others who may be interested how you fixed it?

Follow the instructions given HERE If the instruction says to have the program clean infected files please do so. Once you have completed all requested steps then post back here with all of the logs.

What is your onboard antivirus program and firewall? I don't see any in the log?

You need to follow all the steps given HERE. If instructions say to fix items found then please do so.
Once you have completed all the steps then post back here with the requested logs.

Please go HERE and follow ALL instructions. Be absolutely certain if instructions say to have the program fix items found then do so.
Once you have completed all the steps then post back here with the requested logs.

Other than the fact that the log should be single spaced and is quite hard to read it looks pretty good. Did you reboot after using the Malwarebytes program?

Maybe somebody else can come up with solution on those avira driver warnings...we know they actually are not even supposed to be on the system since you removed the program but obviously there is still a setting someplace that says they are supposed to load. Have searched high and low and cannot find the answer. I will be away for a week beginning tomorrow afternoon so other folks will be checking in this post I am sure. Hopefully one of them will have the answer I couldn't find.
Judy

That's fine. I will be out of town and away from the computer beginning Friday afternoon but others will keep and eye on this and continue with you.
Judy

Please check your video driver also.
Right Click My Computer, Choose Properties. When System Properties opens then go to Hardware, Device Manager. You should then be able to find the Display Adapter. Double Click on that and you should see what video adapter you are using and the manufacturer. Go to that manufacturer's web page to check on current adapters.

at the very least you've forced me to learn more about XP...is that an advantage??

Absolutely. I love this os. Honestly, I didn't find it that much different from my old 98.
I believe most HP's come with the Recovery Partition. A small partition on the hard drive contains a record of all software installed at the factory and shipped with this system. This includes images for the Microsoft Operating System and supplemental products. If you have a problem with the operating system or device drivers, the programs on the recovery partition can restore the PC to proper operation.
Here is an HP link that explains it in general terms anyway. There are more than likely specific instructions at their website dealing with your specific model.

http://h10025.www1.hp.com/ewfrf/wc/document?lc=en&cc=us&docname=c00239036&dlc=en

Why not try Chat with a Tech on HP?
I have done it many times with pretty good results. They can certainly explain to you how to do this.

That's why I keep wanting to do a complete reload of Windows...used to work wonders pre-XP.

Another option, if you are seriously considering this, is to use your XP CD to do a repair installation of XP. You will not lose any info, but you will need to redownload any security updates or service packs.

Well, have done some searching around about this and sounds to me like it is a very common problem with all versions of the game. Most places seem to feel that persons having problems had video cards which were not compatible with the games. Found several threads where solution was to reset graphics settings from "normal" I guess you would say, to specific settings for the game to play correctly but that this didn't work with all graphics cards!
Could be part of your problems maybe, at this point I am stumped.
What graphics card do you have and do you have the most current drivers? These you should get from the graphic card website by the way rather than your computer manufacturers website.
I am still wondering about some hidden "something" on there though, but if "Tiger" made some settings changes....?

Run the ESET Online Scanner again and have it FIX anything found.
Then run a new HiJackThis scan please and post that new log and the ESET Scanner log?

avgio.sys
abipbb.sys
ssmdrv.sys
avgntflt.sys
Can I get those files from i386?

All of those above are related to Antivir Avira Personal Edition. You don't need to restore these because it is gone. Log shows that these are set to load during either boot up or system start.

ftsata2.sys can be related to Promise ATA RAID drivers. Do you have this on the system?

Looking through the log I see references to two registry cleaner program that I am not familiar with;
Max Registry Cleaner
Eusing Free Registry Cleaner
Did you use these? If so, did you make backups?

Ok, have gone back through our other thread. I want to be absolutely certain that all remnants of your previous infections were removed and I was really wrong not to request it in the other thread.
If you still have Malwarebytes-Anti-Malware program on the machine, hopefully you do, go back into it and find the log for the scan you did that removed the trojans, etc. When you open the program you will see a lot of TABS, one of those says Logs. There the previous logs are saved by date. If you are not sure of the date then you will have to go through and double-click on each log to open and read it so you can hopefully find the right one.
Post that for me.

Then next I would like you to update Malwarebytes and run another full scan. Allow it to fix whatever is found. Post THAT log also.
Then I would like you to run Deckard's System Scanner and post the logs that it will produce, there should be two of them.

If you don't have Malwarebytes program remaining on your system then you can download both it and Deckard's at this link HERE

Judy

wmipruse.exe

Are you sure it isn't wmiprvse.exe?

The link he gave me goes to that program i mentioned. i will try to find the right one but there are so many.

I tried both of Crunchie's links, first one takes me to correct download page on Majorgeeks for Malwarebytes' Anti-Malware and second link goes to Trend Secure for HiJackThis.

PC tools registry mechanic tool you downloaded from there is an advertisement (it notes that) on the lower right side of the MajorGeeks page but the download for Malwarebytes is at the very top with 5 download sites noted by the American flag.
Try this one for Malwarebytes' Anti-Malware
Follow his instructions.

Thanks PP. :)

That's fine, I would not have been thorough if I had not asked. Can you do those scans for me and post the logs? The reason I need the scans is your relative could very well have been right, there may be malware causing problems on the computer, though I still wonder why this lock feature was enabled as this must be done manually and has nothing to do with Spybot scanning...anyway, run the Malwarebytes program and let it fix as instructed and then do the HJT scan. Post both logs here and we can see what, if anything, turns up. We will then go from there.

Since you removed Spybot and cannot get to the program again to check other settings that were possibly tweaked also is a resgistry edit if you feel comfortable doing that but would recommend the scans first.
What operating system are you using?

Do you happen to still have the ORIGINAL logs? Not the ones you posted yesterday, they were obviously run yesterday, but the first Malwarebyte's log which must have removed "something". The log you posted showed as clean. Same with the ESET Scanner log. I would really like to know exactly what was removed, since combofix didn't remove or fix anything.

Plus, stop installing and uninstalling programs for now, except the actual program you want to remove, Norton. This won't help really and may confuse things more.

You didn't need to disable the Windows Firewall if you removed Zone Alarm, the rule means only one firewall should be used on the system.
If you have your Norton Install Disk, or if you downloaded it and you have your Product Key so that you can install it again, then go HERE for instructions on the removal of your Corporate Edition. You will have to choose the correct version and follow their steps.

can't manipulate Symantec, and that AVG couldn't access the web for updates

Are you saying you have both of these on the system at the same time? Did you turn off one of those firewalls?

Try doing this;
Run checkdisk checking both options,
Automatically fix file system errors
Scan for an attempt recovery of bad sectors

Are you absolutely certain these were the only "tweaks" your relative made to the system? Honestly cannot understand why this was considered because of difficulty with flash player sounds.
What version of Internet Explorer are you using? How many users are on the computer?

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it to the desktop. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Then give us a scan log using HiJackThis?
Run a full system scan and save the log to the desktop also.
Come back here and post both logs for us.

Looks pretty good. Do things seem back to normal?

How do you know for certain that this is what is on the computer? What happens when you try to connect to the internet? Do you get a blank page or what?

Since you seem to have another computer to use, try to do the following;
Download ATF-Cleaner to the disk along with Malwarebytes-Anti-Malware
Take the disk with these programs on it to the infected computer and run them. First the ATF-Cleaner.
Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK
If you are running Firefox or Opera browsers also on the computer allow it to clean out both of those also.
Next run the Malwarebytes Anti-Malware program. Of course without internet you are not going to be able to update that program but at least you will have the basic files there to hopefully be able to clean. Let it run and have it remove everything it finds.
Now since you don't have internet of course you won't be able to copy/paste the log it produces here, if you have a printer that can work on the machine then print out the log.
Then come back here and at least give us the infected files found...their names and their full location. May take awhile I know but at least it is a start.

I think you had better do one more program to be safe. Download Combofix to the desktop.
When you have the Save as screen configured to save ComboFix.exe to the Desktop, click on the Save button. ComboFix will now start downloading to your computer. If you are on a dialup, this may take a few minutes. When ComboFix has finished downloading you will now see an icon on the desktop.
Once that appears then do the following

Close all open Windows including this one.

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Double-click on the ComboFix icon found on your desktop. You will be asked if you are sure you want to run the program. Click the RUN button. Follow any prompts given and be sure to agree to the disclaimer. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Be aware that ComboFix will disconnect your computer from the Internet. Therefore, do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet as your connection will be completely restored at a later stage in the program.
…

Security plans look pretty good with the exception of the firewalls....rule is ONLY ONE OF THOSE also. Your choice but just pick one.
Am looking at your logs now and will get back with you on those ASAP.
Judy

Tell you what, download Combofix to the desktop.
When you have the Save as screen configured to save ComboFix.exe to the Desktop, click on the Save button. ComboFix will now start downloading to your computer. If you are on a dialup, this may take a few minutes. When ComboFix has finished downloading you will now see an icon on the desktop. Once that appears then do the following

Close all open Windows including this one.

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Double-click on the ComboFix icon found on your desktop. You will be asked if you are sure you want to run the program. Click the RUN button. Follow any prompts given and be sure to agree to the disclaimer. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Be aware that ComboFix will disconnect your computer from the Internet. Therefore, do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet as your connection will be completely restored at a later stage in the program.
ComboFix will now start scanning your computer for known infections. …

download ComboFix
When you begin the download you may see a security warning. Click Save and save it to the desktop.
Once Combofix appears on the desktop then FIRST do the following;
Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Once you click that Combofix Icon you may get another security warning
Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
The scan will take awhile so be patient. Be sure NOT to touch the computer until the program has completed it's scan.
If you see your Windows desktop disappear, do not worry or the clock change time. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, …

You have to post an entire log, including the portion at the top which would look like this;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:57 PM, on 8/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

But you also must understand, HiJackThis is NOT a "fixer" program, it is only one of the programs used when looking for infections and malware which might be on the computer. If is definitely not the first step a person should take, in fact many other steps need to be taken before running a HJT scan and those steps can be found HERE.

You need to go to the link above and run the requested steps exactly as given. Once you have completed all those steps then come back to this thread and post the logs generated by those scans along with a NEW and complete HJT scan log. You also need to tell us exactly what problems you have been experiencing, when if possible did the problems begin and what steps you took BEFORE completing the steps on the sticky above. We will be most happy to offer help and hopefully a resolution to your problems.

I am sorry you did not approve of the methods used. I checked your thread at securitycadets, same programs and steps were used there as were and here and if given the chance to do so here the completion steps given there would have also been used here.
Sorry I couldn't have been of more help.

Try the Mac Forums here at Daniweb for Mac information

First of all, the link I sent you requested that the scans be done, the logs saved and then those logs should be posted or attached back here in this thread so I can take a look at them. Could you do that so we can be sure your computer is clean?

Next, I, personally, and many others I might add, would advise AGAINST turning on that TeaTimer portion of Spybot. It CAN interfere with any fixes you have to do from time to time.

The link you posted does have current links to the various programs listed as far as I can tell.
My advice is continue to use the Malwarebytes-Anti-Malware program which is linked in the link that I gave you. Continue to use Spybot WITHOUT the TeaTimer enabled. The ONE other program I would recommend adding is SpywareBlaster which

Helps prevent the installation of spyware, adware, browser hijackers, dialers, and other unwanted software; blocks many spyware/tracking cookies, and restricts the actions of unwanted sites.

It is really a MUST HAVE. Plus it DOES NOT run in the background. Your Norton program, while a pretty good antivirus program does use a lot of system resources and therefore I wouldn't add a lot of other protection programs which can consume more resources.
Please post those logs for me so I can look through them and see what was removed and what other steps might be needed.
Judy

Your logs look good to me. For Mac information why not try the Mac Forum here at Daniweb?

Thanks PP cause I could find nothing.

I just find that odd since it shows up absolutely no where in any of the logs.
How about the trusted site I asked about?

Also, in your first post you said....

norton has detected 4 downloaders and cant remove them

What were the names of those downloaders and where exactly were they located?

As far as scans go, how about doing the Deckard’s System Scanner that you can get from HERE, just scroll down and you will see the instructions for it and links for download. BEFORE you do that also do the Malwarebytes program that you will also find there, follow the instructions for both programs EXACTLY and post both logs here.

FYI, I like Picasa, and if the Picasa Media Detector is what automatically transfers all images on the computer to Picasa, I'd like to keep that running.

I too use Picasa, I do NOT keep it running all the time in the background, I open it when needed. It is your choice of course but it doesn't have to run all the time to run properly.
How are you connected to the internet, I didn't ask. Also, has it ALWAYS been slow? If not, when did it begin?
Too bad about the RAM but if Crucial says you have maximum then...Can you give me the make, and model of this computer?

No, you are correct Norton (nor any other antivirus) is currently running

Believe in taking chances do you? You know by not running an antivirus program you of course risk your own computer but also put others computers at risk, without their knowing by the way, also when you send email, etc.
Follow the instructions HERE
When you have completed all the steps exactly as given then post back here with the requested logs.

The first thing you need to do is to go into the Spybot S & D program and TURN OFF TeaTimer. It can interfere with any fixes which may need to be completed.
To turn it off open the program. Go to the Mode Button at the top and choose Advanced.
Next on the lower left side you should see Three buttons, settings, tools, info & license.
Choose Tools. When Tools Opens, there on the left side you will see a list. Click on Resident (icon looks like a red shield with a white stripe diagonally down the middle. When that opens REMOVE the checkmark from Resident TeaTimer. Close the program.
Reboot the computer.
Go HERE Please follow ALL the steps given. If the instructions for a particular step tell you to remove whatever is found then please do so.

Also, I disabled my media HD's to work on getting rid of this bug-- should I keep them unhooked from the mobo? Could the bug/worm be lurking in them somewhere (both drives are used purely for media storage)? Or perhaps I could clean the C: drive and then turn my attention to the other drives...?

I would say if these are normally connected then connect them. The scans can be set to scan all drives. All of this should be done in NORMAL mode unless you are later instructed otherwise
Once you have completed all the steps then post back here with …

Hello Soximus, Welcome
Please begin your own NEW thread listing all the information you have given here and then you can be helped quicker and better. Never a good idea to post your problem in somebody else's thread. Fixes get mixed up that way. Plus this thread is well over 6 months old
Judy

Looks like MBA-M removed a couple of problems, the ESET scanner located a file in the spybot quarantine, wouldn't be a problem. Empty that quarantine folder.
Not sure what you mean by this...

i also removed the program Otto

Looking through the logs I don't see this anywhere, what is the full name of the program you removed?

Also did you add this to your Trusted Sites....

http://*.trymedia.com (HKLM)

do you know of any good free anti virus programs for the mac with os 9.1

Sorry but I am not at all familiar with macs. I am sure though there is somebody here who can advise on that.

The Local Settings is a Hidden File so you must enable viewing of the Hidden files first;
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Now try it. Once you get into Application Data then scroll down and you should see an icon like my attached. Delete and reboot.

Try deleting the iconcache.db file. It might have become corrupted.
Deleting will cause it to rebuild. It's in here:
C:\Documents and Settings\<username>\Local Settings\Application Data

Looks good to me. Is everything working now?