Posts by jholland1964 - Page 30

Please follow the steps given in our Read Me First sticky and then post back with the requested logs.

http://www.daniweb.com/forums/thread134865.html

Download and run this tool:
http://www.cexx.org/lspfix.htm

Then reboot the computer and run a new HJT scan and save the log. Please make sure that WordWrap is OFF. I had to redo your last HJT log to make it readable.

I would also like to see an Uninstall list generated by using HJT. To do this do the following:
Start HijackThis
Click on the Misc Tools button
Click on the Open Uninstall Manager button.
Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into a reply

First of all, that analyzer at Network Techs is 5 years old, and should NEVER be used. It is for use on machines running XP at the very latest and is for HJT version 1.99.1 at the latest. That said, the use of a HJT analyzer to personally do fixes is never, ever recommended and items noted on those analyzers, no matter where they are posted, are never to be considered to be "gospel". Those are for reference purposes only. If you read the warnings given on all sites containing HJT analyzers you will see We cannot guarantee this to be 100% accurate and is to be used for reference purposes only.
Now;
we need you to follow all the steps given in our Read Me sticky,
http://www.daniweb.com/forums/thread134865.html

Including 1A.Please Uninstall or Disable any P2P (peer-to-peer) programs on the infected computer before posting in this forum. Rather than write a long piece on the dangers of P2P, I’m just going to say this:

P2P software circumvents common-sense security measures and opens a user’s computer to a world of hurt.
Our regular volunteers' time is valuable and most are not willing to waste it on a machine that is almost certain to be reinfected in short order.
So, please remove or disable all P2P software for the duration of the cleaning process. Failure to do so may result in your thread being ignored.
Once you have done that then complete all …

webstar, this thread is six months old, the original poster did not return so the thread is closed. You need to begin your own thread, clearly stating your own problems, giving all info about your computer. We ask that you complete as many of the steps as possible in the Read Me sticky http://www.daniweb.com/forums/thread134865.html
before creating your own new thread and posting available logs in that new thread. Then somebody will be able to offer assistance.

What anti-virus do you THINK you have on there?

First glaring issue I see is there is NO anti-virus program installed on the computer. That is an absolute MUST today. I also don't see a firewall, another must.
The two security programs you have running are antispy/antimalware programs, neither offer protection against viruses.
Also, unless AdAware is the PAID version it is totally usesless to have running as a service, and therefore all the time, because it does nothing but run.
Frankly it isn't the program it used to be years ago and if it were my computer I would uninstall it completely.
SpyBot is an excellent program for SCANNING but the TeaTimer portion, which IS running can actually interfere with any fixes attempted by removal programs. That should be disabled:
Disable Spybot's TeaTimer

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

You need to get a good FREE anti-virus program on there and I recommend Avira, it is small, non-intrusive but offers superb realtime protection.
Download, install, update and do a Full System scan with it. Have it remove/quarantine anything found.
When it is complete, reboot the computer and do a …

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

You will need to use Internet Explorer to to complete this scan.
You will need to temporarily Disable your current Anti-virus program.

Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

ALSO, please submit a HijackThis Log along with your post.
**** Also, please run HijackThis and open the Misc Tools section.
Under the System Tools section, Click on Open Uninstall Manager and Click Save list.
Save it to your desktop and then please post this Uninstall List as directed below.
Post back here with the ESET log and the two HJT logs.

No wonder you have "something scanning". According to your DDS log you have Verizon Internet Security Suite Anti-Virus AND Norton Internet Security both enabled AND then you say "I also have a dll error for an old parentolic program" so right there are likely parts of three security programs running. Verizon appears to be the one you have chosen to use but obviously you didn't uninstall all of the other two programs. Because of this you have lessened your protection because they are conflicting, and likely the reason for all this "scanning" you say is happening.
What is the name of the process that is doing the scanning, do you know?

Barbie, you need to begin your OWN thread, stating all your problems. You cannot receive help by hijacking another persons thread.
This thread is 6 months old and the original poster did not return

MBA-M for sure. But we haven't seen all the logs yet. Where is the DDS log?
I, for one would like to see a HiJackThis log.
You can get it from here
http://free.antivirus.com/hijackthis/

I see your logs...but what are the problems you have been having? Obviously there were/are multiple infections on there but all the logs aren't here so we don't have any info about the computer or the problems. You need to fully state what has been going on, otherwise we cannot offer assistance.

Hate to tell you but...I said "How about updating and running a full scan with MBA-M just to be absolutely certain, ok?"

You failed to update MBA-M so the database is not up to date so it is possible your scan is not accurate. You really need to update it before each and every scan. MBA-M has updates daily for sure, sometimes MORE than one each day this is why that should always be the procedure, update first, then scan.
I'm not being picky here, just want to be absolutely certain that your computer is clean.

How about updating and running a full scan with MBA-M just to be absolutely certain, ok?

How is the computer running now?

Need you to do all of the other steps in the Read Me sticky. HJT would possibly be requested AFTER all the other tools are run.

Now please do the following:

Open Notepad
Copy and paste following text into Notepad:

@ECHO OFF
START remover.exe fix \\.\PhysicalDrive0
EXIT

Go FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.bat.
Save fix.bat to your Desktop.

Run fix.bat by double clicking.
You may see a black box appear; this is normal.

When done, run remover.exe again and post its output.

No problem.

You have used an outdated version of HiJackThis and judging by the log you are using either Vista or Windows 7, neither of which will get an accurate scan with this old version. You need to remove this one and download the newest version 2.0.4
http://free.antivirus.com/hijackthis/

We ask that you follow all of the instructions in our Read Me First sticky and post back here with all the requested logs. Then we can better offer some assistance.

Download Bootkit Remover to your Desktop.

* You then need to extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
* After extracting remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
* It will show a Black screen with some data on it.
* Right click on the screen and click Select All.
* Press CTRL+C
* Open a Notepad and press CTRL+V
* Post the output back here.

Please update MBA-M and do a new Full Scan with it. Then install HiJackThis and do a system scan and save the log.
Post back here with both logs.

well its has been happening for about 2 weeks...i don't really run IE at all. I only use firefox. and i do have my pop up blockers on for both IE and firefox. I know there was a ton of people that posted problem like mine recently. I don't know how it was resolved thats why i came here for help!! i must have done something wrong earlier because now my divx.dll is missing and i can even use that player.

Just reinstall the program.

Hmmm, never had a screen to ask me to buy it before. Do this scan then:
http://housecall.trendmicro.com/

Did you actually SEE it running, completely?

You have a DivXUpdate program that is running all the time. Maybe this is an update trying to download or check for updates.
Those wouldn't really be pop-ups I don't believe.
How long has this been happening? Do you have your pop-up blockers turned on?
You are running a very old version of IE...IE6. It isn't secure. You should at least update to IE 7, I wouldn't recommend you go to IE8, that is more for Vista and Windows 7.

Your MBA-M was not updated prior to scanning. Your database is way out of date. Please update and do a new Full Scan, remove all that is found and reboot.
Post back here with the log.
Also please do the following:
Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.
You will need to use Internet Explorer to to complete this scan.
You will need to temporarily Disable your current Anti-virus program.
Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us

Did you run the Microsoft® Windows® Malicious Software Removal Tool ?
If not please do so.
Then do the following:
Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.
You will need to use Internet Explorer to to complete this scan.
You will need to temporarily Disable your current Anti-virus program.
Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us

You need to run HiJackThis again and place check marks next to the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKCU\..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe -scan
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

Once you have placed these check marks click the Fix Checked button and exit HJT.
Reboot the computer and run a new System scan with HJT and post back with that new log.

By the way, I didn't ask and should …

I will be back shortly with fixes you will need to do with HiJackThis, but here is one very likely reason for your problems and that is your Start Page;
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
It is KNOWN as a website with a very poor reputation. It is known for;
malware/spyware spread in order to keep track of user activities; distributing malware, browser exploits, pop-ups, spyware/adware, phishing and other scams, malicious content and viruses. You can check this information at http://www.mywot.com/en/scorecard/search.bearshare.com#comment

I gave you the instructions on how to do this in post where I asked you to download the newest HiJackThis version. It is right above your posted log with the new version.

I need that Uninstall list also before giving further instructions.
Also please turn off the TeaTimer portion of Spybot. This DOES interfere with any fixes attempted.
To do this do the following:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

That is the old version of HiJackThis. Uninstall and please go to the link I gave you and download the newest version 2.0.4 and do one more System scan and post back with that log. In addition to the System Scan please also give me an Uninstall list generated by HiJackThis.
Start HijackThis
Click on the Misc Tools button
Click on the Open Uninstall Manager button.
Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into a reply

Please do the following:
Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.
You will need to use Internet Explorer to to complete this scan.
You will need to temporarily Disable your current Anti-virus program.
Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

Then download HiJackThis and run a System Scan and save the log. Copy/paste both logs back here.

You really need to begin clean up by following the instructions on our Read Me Sticky and then copy/paste the requested logs right back here.

Update and rerun Malwarebytes' Anti-Malware. Do the full scan. Have it remove anything found. REBOOT the computer, VERY IMPORTANT.

Also do the following:
Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.
You will need to use Internet Explorer to to complete this scan.
You will need to temporarily Disable your current Anti-virus program.
Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.tx

Download and run a System Scan with HiJackThis version 2.0.4. Save the log.

Post back here with all logs, even if they show clean.

5. How can I check the registry or clean up them from registry if it is get infected?
Hijackthis will show you registry entries.

MBA-M WILL remove infected registry entries.

I have never used this tool so I cannot advise what you should do next. Did you tell the tool to remove the infection?

Can I ask you where you actually FOUND these instructions. What web site and how did you find the web site?

Are you saying you used this tool or asking if it should be used?

Did you attempt to run any of those rkill files? They all are not .exe files.

Hello, try this. I want you to try running rkill to stop the process which is likely running in the background and therefore stopping the tools you need from running properly. Follow these steps exactly and then post the logs:
There are five different copies of rkill. Try them one at a time until ONE of them works.
These instructions are from BleepingComputerthe developer of the tool.
"RKill only terminates processes, after running it you should not reboot your computer as any malware processes that are set to start automatically, will just start up again. Instead, after running RKill you should scan your computer using your malware removal tool of choice. If there is a problem after running RKill, just reboot your computer and you will be back to where you started before running the program.
RKill can be downloaded from the following locations. Please note that the other file names below are RKill as well, just renamed in order to allow it run by certain malware.

* RKill.com Download Link
* RKill.exe Download Link
* RKill.scr Download Link
* eXplorer.exe Download Link - This renamed copy may trigger an alert from MBAM. It can be ignored and is safe.
* iExplore.exe Download Link

When RKill is run it will display a console screen
That console screen will continue to run until it RKill has finished. Once …

I'm having the same "hidden" IE windows and wav sound being "muted". I ditched AVG and installed Avast. Ran both Avast and MalWB, nothing found. Also ran ESET offline, it found 3 Unruy.CB variant files and removed then. No results. Here is my HJ log:

SubSkip, this thread is solved. You won't receive assistance by hijacking another persons thread, you must begin your own. When you do that somebody will be most happy to assist. You need to do the steps given in our Read Me First sticky and post all of those logs in your new thread.

I got it working now, everything seems to be working properly. I've started running windows updates, including service pack 3, I assume that's the last thing I need to do.

Thanks again for all your help Jholland! you were a lot of help would have been completely lost otherwise :)

I am so pleased all worked out so well. Yes, your last step will be updating to SP3. I will mark this thread solved.
Judy

Right Click My Computer. Choose Properties. When that opens choose Hardware, Device Manager. When that opens go to the Sound, Video, Game Controllers and click the check mark. You should see your sound card in there and the manufacturer. Double click to open and you should be able to see the driver version installed. Then go to the mfg. website to see if there are newer drivers, download and install if there are new ones. Pick the newest one.

FANTASTIC job by the way tracking down and fixing the cd drives. Bravo!

That still is NOT enough information. We no nothing about the computer, how long this has been happening, nothing.
You need to do all the steps found on our Read Me First sticky and post back all the requested logs.
http://www.daniweb.com/forums/forum64.html

Good. Are you still having the same problems?

There really ISN'T any reason to have Office auto starting when Windows starts up. All of it can be run manually without any trouble at all. I have always had Office on my machines and never have had it auto starting. There really is no reason to have it do that.

It looks much better. I am going to recommend that you change anti-virus program. AVG just isn't one of the higher ranked programs these days and as you have seen it offered you very little protection. Plus today I have helped with at least nine infected computers and six of them were running AVG 9, what does that tell you.
I strongly recommend that you remove it, via Add/Remove of course and then install an excellent FREE antivirus program. There are two I would recommend, either Avira Free, found here http://download.cnet.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html?part=dl-10322935&subj=dl&tag=button&cdlPid=11012914

or Avast Free found here; http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button

Both have very high rankings. I personally use Avira and have used it for at least two years, I am very pleased with it.
The choice is yours of course. But choose one and get rid of the AVG.
After you have done that, of course run a full scan with your new program. Have it clean or quarantine anything found.

Once that is complete then you also need to update your Java program as it is out of date.
Go Here and download the Offline Install file, save it to your desktop for easy access. http://www.java.com/en/download/manual.jsp

Then close all browsers, go to Add/Remove and Uninstall Java(TM) 6 Update 18.
Once the uninstall is complete then double click that install file on the desktop to install the new version. Be sure to watch the install carefully, it will …

We have no idea what the problem is here. You need to explain it more fully. What pops up? Ads?

This causes me concern:

have deleted ANYTHING I can find that refers to Adobe at all

You never DELETE, you Uninstall. Did you actually Uninstall or just delete?

There is Absolutely NOTHING wrong with Adobe Flash, in fact it is needed on many, many websites. The Adobe Flash Player is software for viewing animations,movies,presentations and interactive graphics using computer programs such as a web browser. This includes games, uTube videos, weather maps, sometimes various buttons on websites, any number of things you would never even know aren't working unless you have removed this.
It came pre-installed on there for that very reason, if it wasn't likely the user would need it, especially today with all the things available online it would not have been pre-installed by the manufacturer.
It is very possible that it was trying to check for updates. In fact it is very likely that is what was happening since this is a brand new computer. It most likely updated, and when the updates where attempting to install you received that info, that Adobe Flash was trying to make a change, an update IS a change.

When you get a brand new computer you should always check for updates to all programs that come pre-installed on the computer. Just because the computer is new does not mean there has not been updates to programs installed on the computer between the time of manufacture and the time of purchase. In fact it is VERY likely …

First of all you copy of HiJackThis is YEARS out of date. Current version is 2.0.4 and it is only available HERE
Get rid of that old version and download the new one.
Follow the steps given in our Read Me Sticky and post back with all the logs.

Thanks! I will have a look at the pics. Ooh...see you have Charleston, SC on there. Headed there on Friday for the week. We go every year for family vacations. Folly Beach actually, just 9 miles from Charleston.