Posts by jholland1964

Did you empty all of your temp folders as directed?
You still have uTorrent installed

A temp folder is just that, a temporary folder. Empty your temp files using Disk Cleanup.
When Norton finds this do you tell it to remove it? There would be no reason to manually search, that is what an anti-virus program does, search, finds and then you tell it to remove whatever is found. Are you doing this?
Are you still using P2P? Our Read Me Sticky clearly says not to do this and to stop doing it.
This is how you are likely getting infections on your computer. P2P file sharing is one of the easiest ways to get infections, serious infections on a computer that sometimes can totally ruin the computer.

Sorry, but I am actually out of town until Sunday evening. This is the first chance I have had to get back here.
That scan is obviously clean.

Is your CPU still "bogged down" as you originally said?

You have a large number of unnecessary auto starting programs, which therefore run in the back ground all the time and could cause a drain on CPU usage.Many of these can be easily run manually when you need them, rather than have them run all the time, even when you are not using them. They still use some valuable resources just "sitting there" waiting to be used.

Another thing I see are you are three hard drives that are each nearly 75% full.
C: is FIXED (NTFS) - 451 GB total, 90.208 GB free. meaning you have used 361 GB of the hard drive
E: is FIXED (NTFS) - 128 GB total, 14.747 GB free. meaning you have used 114 GB of the hard drive
F: is FIXED (NTFS) - 106 GB total, 33.152 GB free. meaning you have used 73 GB of the hard drive

Don't be doing anything else while it scans.No browsing, no email, no downloading, nothing.
This is one key thing when trying to clean a computer, don't do anything else but work on the cleaning and the tools you are using.

Ok, have it remove everything it finds and then be sure to reboot, this is often times critical to complete removals. Then post back here with the latest log.

Then that is the current one as of yesterday. It has updated again since then. The log you posted shows that you did no update before running the scan, which is an absolute must. MBA-M has multiple updates daily. Even if you do scans on the same day you must always check for updates before each scan.
Please update and run a full scan, have it remove all items, reboot and then come back and post the newest log.

The most current database is 8021, unless you have this or something higher than this you do not have the latest database version.

If you do not have the latest version then try updating via Safe Mode with Networking.

Then how did you run MBA-M in the first place? You have to open the program to run it and it is updated via the program itself.Click Update Tab and then the Check for updates button.

You failed to update MBA-M before running the scan. It is 1400+ definitions behind. Please update it and run another full scan with it. Have it remove anything found.
Please do not post your logs in quotes, this makes them very hard to read.

Please also Uninstall Ubisoft Game Launcher this contained one of your infected files.

Here is the Microsoft® Windows® Malicious Software Removal Tool for Windows 7 64bit
http://www.microsoft.com/download/en/details.aspx?id=9905
It does work with Windows 7 64bit, that is what I am running.
Supported Operating Systems: Windows 7, Windows Server 2003 x64 editions, Windows Server 2008, Windows Server 2008 R2, Windows Vista Business 64-bit edition, Windows Vista Enterprise 64-bit edition, Windows Vista Home Basic 64-bit edition, Windows Vista Home Premium 64-bit edition, Windows Vista Ultimate 64-bit edition, Windows XP 64-bit

Any tool that does not run, skip and move to the next tool. Please note which ones don't run and let us know.

I gave you the correct instructions we require in my second post. You should not be following instructions that are 5 years old. The link I gave you are the current steps we require. All links in it are good. Please follow those instructions as posted.

The only way we can offer assistance is for you to follow all the steps given in our Read Me First sticky and post back with copy/pastes of all the requested logs. Then assistance can be offered right now you have given no information that can help us make any type of determination of what should be done.

http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

if it's a minidump file how do i open it to copy and paste?

We don't want to see a mindump file. What we want from you in order to offer assistance is exactly what I said in my first post to you. If you truly want assistance then you will follow those steps.

In order to receive assistance you need to do the steps given in our Read Me First sticky and then post back with All requested logs. Please, copy/paste all logs, I say again, attached logs will not be read or opened and will be removed for the safety of others.

http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

First thing I see is that all of Norton program is out of date.
It shows in the log as Norton Internet Security *Enabled/Outdated*

Attached files are not opened here. All items must be copy/pasted. In order to receive assistance you need to do the steps given in our Read Me First sticky and then post back with All requested logs. Please, copy/paste all logs, I say again, attached logs will not be read or opened and will be removed for the safety of others.

Ok, I will definitely at least consider instaling another antivirus, probaly avira. Thanks for the info.

Consider????
Well it's your computer. But remember you have all ready put virtually every piece of personal information you have on the computer out there for anyone to take it and use it as their own, somebody may be doing that right this minute, but of course you won't know this until you suddenly discover you have purchase a $5000 home entertainment center and a $15,000 cruise around the world. Rather than clean a rootkit you decided to reformat and install another operating system. You are doing P2P file sharing, which is how you were infected in the first place and bear in mind there are some rootkits and bootkits that pretty much toast the computer.

Your choice, good luck.

Look, do what you want. I didn't say MSE was bad, I said Avira and Avast scores higher on independent testing. Virustotal isn't a program that is even installed on the computer it is an online service that allows you to upload a suspicious file from your computer to be scanned by multiple, more than 30, anti virus engines. MSE, Avira, Avast are only three of them.

I gave the info I have and I know to be true. Do whatever you want. But if you are running only Windows Defender then you absolutely, do not have an anti-virus program on the computer and it WILL become infected again.

I would still go with Avira. It beats MSE hands down. As does Avast.
Look at the results in my print screens from the most recent AV-Comparative testing. This is an independent lab by the way, nothing to do with any of those programs tested.

yeah, I probably confused with those two tool. Probably this guy recomended me microsof security essentials. I didn't know that microsoft had two different tools, so I just found one and I thought that the defender is the tool recomended by that person. So I am now installing microsoft security essentials.

You previously said you were installing Avira, I certainly would choose that over Microsoft Security Essentials. It scores MUCH higher than MSE, in fact many programs score higher than MSE. If you want I have instructions on the install of Avira 2012 Free. It is an excellent program and very easy to use.

Windows Defender is NOT an antivirus program, it is an anti-malware program. It really is a worthless tool because of conflicts with other tools and the most common recommendation from most respectable forums is turn it off and leave it off. It was formerly known as Microsoft AntiSpyware and comes automatically with Vista and Windows 7.
Even Microsofts own anti virus program turns off Windows Defender when it is installed. It rarely works well with any other and more highly rated anti virus programs or anti-malware programs and will often stop fixes done by other programs.

I think you can try kasper sky anti virus,it is good enough to protect the pc.

The poster is in the middle of a clean up, purchasing another anti-virus isn't going to remove this Rootkit. No matter what anti-virus a person is running continuing to do dangerous things on the computer like P2P will catch up sooner or later.

IF it's useful??? Did you see this in the log?

BITCOMET_HELPER_SERVICE <-- ROOTKIT

Notice the program noted...BitComet, one of your P2P programs.

Continue with the scans ONLY. Do NOTHING else online except the steps noted in the Read Me Sticky. I say again, nothing else online, no surfing, no email, no downloading, nothing. The more you do the more you will be adding more infections.
A rootkit is a type of malicious software that is activated each time your system boots up. Rootkits are difficult to detect because they are activated before your system's Operating System has completely booted up. A rootkit often allows the installation of hidden files, processes, hidden user accounts, and more in the systems OS. Rootkits are able to intercept data from terminals, network connections, and the keyboard.

It's your choice as to what to do with your computer, however I have several pieces of advice.
#1. You absolutely cannot correctly clean an infected computer in a "piece meal" way, half a tool today and the other half tomorrow. All of the tools are meant to be run from beginning to end without pausing them or stopping them in the middle and then attempting to restart it. Doing this can cause more damage on top of the damage caused by the infections.You certainly cannot turn off of hibernate a computer while it is in the middle of running a tool, as you have see this causes major problems.

#2. You have said you have run multiple tools but we have only seen one log, HiJackThis. HiJackThis is essentially not a cleaning tool but a scanning tool to give a picture of what "may be" on the computer. There are some very simple clean ups that can be done with HJT but removing an infection is usually not one of them. I truly cannot say with certainty what was/is the infection on the computer without seeing other logs but I do see from the HJT log are 14 windows from google chrome browser. Right there is another mistake, all tools should be run with the browser totally closed unless it is an online scan. In that case there should only be ONE instance of the browser open and that would be the one where the scan is taking …

if you can find the exact location of the virus you can delete their manually hope it works for you....

.Very bad advice. Attempting to remove a virus manually without knowing all files involved can really cause major problems.

You have been cautioned about this in the past and yet you continue to not follow the rules. If you are going to post advice please follow the rules given for First Responders
http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/368036
If you do not adhere to these rules then we do reserve the right to delete your posts.

You are attempting some dangerous things really,especially running Combofix without direction or not posting the logs, especially the MBA-M log. You need to do the steps from our Read Me Sticky and post back here with all of the logs. The logs must be copy/pasted. Once we can see exactly what we are dealing with then we can better assist.

http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

Then leave them alone. Or boot to safe mode and try to open them.

That is not an ESET log. It is the set up information.
Did you turn off the antivirus programs when you ran the scan? It should have taken probably an hour to scan and you should have actually seen it doing the scanning. It should have shown you what was found and you would have had to tell it what to do with what it found.

Those numbers on the files tell me nothing, what is inside of them? They look like temporary files.

No AVG is not comparable to Avast. What happened when you tried to download Avast?

Try Avira Free, it also is much better than AVG.

http://download.cnet.com/Avira-Free-Antivirus-2012/3000-2239_4-10322935.html?part=dl-&subj=dl&tag=button

Follow these instructions to get and install Avira Free
Click the GREEN Download Now Button to get the executable install package, save it wherever you can easily find it, I chose My Desktop.
You must then UNINSTALL your AVG program completely.
To begin, double click the executable file to start installation. Vista and Windows 7 users must run this executable as Admininistrator.

Before installation the installer will scan your system for other security programs installed. Avira Free AntiVirus 2012 may warn you of POSSIBLE incompatible security software on your system like Emsisoft AntiMalware, some 3rd party Firewalls, especially Zone Alarm. It is just a warning of POSSIBLE conflicts and you do not need to uninstall these software programs. Just install Avira Free AV and everything is OK. …

The infection shown by the MS scan is the TDSS rootkit. It must be removed FIRST.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_date_time_log.txt
will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

Ok, I would recommend that you restore those items.
Couple of things I do see in the HJT log, you have portions at least of two antivirus programs, AVG 2012 and also Authentium Anti-virus. The Authentium shows with these three entries from services,
O23 - Service: vseamps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe

meaning that they at least attempt to autostart when the computer boots up. They didn't show in running processes during that scan but the computer is at least trying to start them up.
Another dangerous service that also runs at start up is this one;
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

Those 4 items absolutely must be totally stopped from running at all or even attempting to run.
Go into Services. Go through the list, it is alphabetical order and double click on each one of those four entries. Stop the service if it is running and then change the start up type to Disabled.

When you used the CCleaner registry portion did you create backups of what it was removing?

If you stopped MBA-M you must remember to update it again before you use the scanner. It has multiple updates daily.
Are you doing anything else on the computer while running these scans? Those should be the only things you are doing, nothing else. I noticed in the HJT log you had no less than 6 browser windows open at the time of the scan. You should be doing absolutely nothing else at all with the computer except running scans, everything else must be closed. Did you turn off TeaTimer? That is a must do also before running any scans.
When you used CCleaner hopefully you didn't use the registry portion, did you?
Give me the first log from the MBA-M scan you did before coming here. It can be found under the logs tab and filed by the date it was completed. Copy/paste it here.

Which scan is taking 7 hours? None of the scans in our sticky should take seven hours, in fact all of them together shouldn't take seven hours.

First you must do the following:
Disable Spybot's TeaTimer it does interfere with fixes done by other programs. Leave it turned off please.

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

After doing that please follow all instructions on our Read Me First Sticky.
http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

Post back here with Copy/Pastes of all logs produced then it can be determined what is needed next.

I recently uncovered three files on my C:\ drive that won't even let me access or delete them
What are the three files and why do you want to delete them?
Please do the following:
Turn OFF Windows Defender, it is out of date and really is not top of the line. Leave it turned off.

Run the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You can use Internet Explorer to complete this scan and you will need to allow an Active X to be installed or you may use Firefox
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.
Post back here with the log.

AFTER running ESET please do the following:

You don't have any antivirus installed on the computer you DO need one.I would suggest Avast Free:
http://www.avast.com/free-antivirus-download

Install Avast, update and run a full scan with it. If anything is found have the program remove/quarantine.

I have a similar problem in that the plusnetwork tool bar has installed itself onto Firefox and now also internet explorer does not work. I am running Windows XP 32bit and have Mcafee antivirus and firewall etc. Please can anyone advise me what to do, regards

The advise for you is the same as given to the original poster.

The only way we can offer assistance is for you to begin with steps in our Read Me First sticky. Post back here with Copy/Pastes of all logs from the scans and then we can better advise you on what steps to do next.
http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

After you have followed those instructions then please begin your OWN thread. We do not offer assistance to more than one person per thread. So you must create your own thread and not hijack another persons thread to receive further assistance.

The only way we can offer assistance is for you to begin with steps in our Read Me First sticky. Post back here with Copy/Pastes of all logs from the scans and then we can better advise you on what steps to do next.
http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

To have that file I am assuming you have Windows 7. I believe that file might be something to do with the windows idle processor. What I would suggest doing is booting up windows in safe mode then renaming that file by putting the number 3 at the end. Then put in the windows installation disk and do a repair of the system and it should replace that file with a clean one. If not then rename that file back.

If it comes down to it I think you can reinstall windows without loosing your files but you loose anything in Program Files and any Registry entries. But that's an assumption from a past experience.

Sorry but you have misread the name of the file in question,
the file removed was C:\Windows\system32\msible.dll with a "b" not a "d"
poster is also running Vista, not Windows 7.
That file very likely was/is a trojan. But since the poster has never returned we have no way of knowing whether he has been able to get the internet working again.

You need to follow all steps given in our Read Me First sticky and post back with all the requested logs.

http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

You need to follow all of the steps given in our Read Me First Sticky and post back with Copy/Pastes of all requested logs. Until you complete those steps and we can see logs we have no way of offering assistance.

http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

Windows Defender is really not that good of a program. I would keep it disabled entirely. It does interfere with other programs, much better programs.

There is no way you can reformat the computer without losing files. A reformat erases the drive and then installs the operating system again.
Can you boot to safe mode with networking and try to run steps in the Read Me first sticky?

http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

It is very likely you have additonal infections on the computer, or your MSE has been damaged by the removed infections.

I would strongly advise that you follow all the steps given in our Read Me first sticky and then copy/paste all requested logs from that link back here. We will be most happy to offer additional assistance after seeing all the logs.

http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

I need help. Came home and turned on my computer to find American Tresendrrs start up page. my compurter is ASUS computer. the screen saids hit F9 I did but saw that even before I hit it on the bottom it said shut down in 15 seconds. I hit F9 and nothing has changed. How did i change this. I disconnected all USB cables

You need to begin your own thread after following all steps given in our Read Me sticky
http://www.daniweb.com/forums/thread134865.html

Please complete all steps found on our Read Me First sticky and Copy/Paste back here with all requested logs.

http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

I thought you meant the pagerage-silentinstaller file. Yontoo is fairly well known. Yontoo Layers is a browser add-on that customizes a website for the user.It certainly isn't unknown, it is considered quetionable quite often because it may contain ads, etc. But it certainly isn't unknown.It would have to be installed by the user, it doesn't just "appear" on a computer.

I was also impressed with the decent amount of fake reviews calling this thing amazing...
I have NO idea where you found these "amazing" reviews, fake or otherwise, I have found absolutely ZERO amazing reviews and only two safe pages with even mentions of this file.It is an installer file. Not sure what would be amazing about an installer file.

http://systemexplorer.net/db/pagerage-silentinstaller%5B1%5D.exe.html
"Our database contains single file for filename pagerage-silentinstaller[1].exe. This file belongs to product Yontoo LayersThis file has description Installer. This is executable file. You can find it running in Task Manager as the process pagerage-silentinstaller[1].exe. "

I found ONE other page with any information about this file
http://www.prevx.com/filenames/X3335093411878032099-X1/PAGERAGE-SILENTINSTALLER%5B1%5D.EXE.html
The unsafe files using this name are associated with the malware group:
Virus

Other than those two I found NOTHING.

Our instructions are very clear here, follow all instructions in our Read Me First sticky and post back here with Copy/Pastes of all requested log.

http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

Read the page below and go to that heading.
Steps to disable autorun feature on Windows 7

I still don't believe that this autorun.inf pop up you keep getting from Avira is truly Avira doing it's job.
I honestly don't understand when you say you keep deleting it but it comes back. What exactly are you deleting?
External drives and USB devices usually have an Auto Play feature, meaning when you plug them in they will automatically play or run. Avira is stopping this for your safety. It will NOT stop the drive from working or the USB device from working, it will just stop it from auto running. You CAN run whatever it is manually.
Autorun.inf itself is a simple text based configuration file that tells the OS which executable to start, which icon to use, and which additional menu commands to make available.

hi i am having the same problem an i am looking for i way to fix i have wipe an re install windows 7 on my system an i still cant get to facebook page all other sites are working fine except that one can anyone help with this

This thread is three years old.
You need to begin your own thread, clearly stating all of YOUR problems and complete the steps given in our Read Me Sticky and copy/paste the logs produced in your own thread. Then somebody will offer assistance.

http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

Sorry coz in the program it says i should zip it or attach then post in the forum

BUT OUR instructions there ALSO say

"• Copy&Paste both the DDS.txt and the DDS Attach.txt into your post for assistance.

please be sure to submit (Copy & Paste, not as an attachment unless requested)"
and an attachment was clearly NOT requested.