Posts by jholland1964

Then in the Quaretine Tab it says 46 objects? also when you say update you mean check for updates on the software on the update tab (Im sorry Im asking dumb questions)?

Hey Jen, NO question is dumb, this is how we learn, by asking questions.
Yes, that is the way to update the MBA-M program. Which you SHOULD do each and every time you run a scan. This program has updates daily at the very least, sometimes several times a day so the Update should be run before each scan even if you are doing multiple scans in one day.
You actually can empty that quarantine folder by going to the Quarantine tab and clicking the Delete All button.
Now I would like you to do the following;
Go to Add/Remove in the Control Panel. Look for all of the following items;
FunWeb
My Web Search (Smiley Central or FWP product as applicable)
My Way Speedbar (Smiley Central or other FWP as applicable)
My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
My Way Speedbar (Outlook, Outlook Express, and IncrediMail)
Search Assistant - My Way
UNINSTALL any of those that you see there. You might not find any, as MBA-M did remove quite a bit of these items but you need to be absolutely certain they are ALL gone.

Next go to My Computer, Drive C, and double-click on the Program Files folder

7) Right-click …

Go to Control Panel and look in Program, Installed Programs for AskBar. If you see it remove it.

Before you stop you have just a couple of steps you should do.
Run one more HJT scan and post the log so I can take a look at that, and if it looks ok then there are just a couple more easy things to do.
Judy

Are you still getting the redirects?

Update MBA-M and run a Full Scan. Have it remove all items found.
Reboot and post back with that new log.

Update MBA-M and run a Full Scan. Have it remove all items found.
Reboot and post back with that new log.

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.
Reboot the computer.
Run a new HJT scan. Post back with both logs.
Judy

Download Combofix and run it:

http://www.bleepingcomputer.com/comb...o-use-combofix

Download it to your Desktop as that and follow the instructions in the link very carefully to run it and then post the combofix log.
Be sure to install Recovery Console if you don't all ready have it on the system and disable any other security programs or Anti-Virus programs as noted in the link before running Combofix!

Post back with that log.
Judy

Download Combofix and run it:

http://www.bleepingcomputer.com/comb...o-use-combofix

Download it to your Desktop as that and follow the instructions in the link very carefully to run it and then post the combofix log.
Be sure to install Recovery Console if you don't all ready have it on the system and disable any other security programs or Anti-Virus programs as noted in the link before running Combofix!

Post back with that log.
Judy

Waiting six days between posts isn't going to help the machine. Hopefully you can stick with this and maybe we can sort it out.

You need to only have the drivers on there from the current card, not the old one. So you have to uninstall the wrong driver and leave the driver for the card that you have in there now. Probably what you did during the reformat was to install the driver for the old card by mistake.
One item that can cause problems is Spybot TeaTimer. You should TURN it OFF and leave it off.
Here is how to do that:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

I had problems w/ Malware (Anti Vir noticed this

)
I am not certain what you mean by that statement. Do you mean that Avira FOUND malware or that there was a problem with the Malwarebytes' Anti-Malware program. There is no reason for Avira to do anything or note anything about that program.

What firewall are you running? Now of course this could be some sort of infection, but since I have seen no logs I …

Do you know this website? wardleonard.com

Yes

Hi, welcome to Daniweb.
It appears that the error loading message has to do with a possible infection that has been removed at some time. There is an auto starting reference in programs with that same file name. Since it was removed then this would be why the computer is giving you that error because it is looking for the file and cannot find it. It's a GOOD thing it cannot find it since it was a likely infection. We can take care of the error later.
The fact that you have numerous media player files which cannot be played also leads me to believe that these "might" have also carried infection but they infected portions have been removed, rendering the file useless really.

I see that you have MBA-M installed on the computer.
Did you recently run a scan with it where objects were found? If so did you have it remove them? If so, I would like to see that log. You can find the log by opening the program and clicking on the logs tab. There you will find all logs from each run. Go through the logs until you find the one where infection was removed. Copy/Paste that log back here. If there were more than one time infection was found recently please post each one of those logs too.

Then please Update it and then run a Full Scan with it.
When the scan is complete, click OK, then …

Hi and welcome to Daniweb,
Do the following:
First of all run Disk Cleanup.
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Reboot the computer

Download and run HiJackThis. Do a full system scan and save the log.
Post back here with both the MBA-M log and the HiJackThis log.
Judy

Ok good. Run GMER and post back with the log and we'll have a look

Hey Judy - You guys need to run GMER & Combofix to sort this problem out.

PP :)

That's what I thought PP.
You heard the man scraddock.
Please download GMER Rootkit Scanner:
http://www.gmer.net/download.php

-- DoubleClick the .exe file and, if asked, allow the gmer.sys driver to load.
-- If you receive a warning about Rootkit Activity and GMER asks if you want to run a scan, Click NO

-- Make sure the Rootkit/Malware Tab is selected (Top Left of GMER GUI)
Along the Right Side of the GMER GUI there will be a number of checked boxes. Please Uncheck the following:
- Sections
- Drives or Partitions other than your Systemdrive (usually C:\)
- Show All (be sure this one remains Unchecked)

-- Then, click the Scan Button
Allow the scan as long as it needs and then save the log to where you can easily find it and post it for us.

***Disconnect from the internet and do not run any other programs while GMER is scanning. Temporarily disable any real-time anti-spyware or anti-virus protection so they do not interfere with the running of GMER.
DO NOT take any action for any found items until PP or I can have a look.
Post the log here when finished.

I see by your HJT log you have run Panda and Bitdefender at some time, run one of those again.
Also a question, are you running the paid versions of MBA-M and SAS?

Does this post already resolved. I never saw an mbam logs. Anyway just want to share some information and additional removal procedure from this site.

The site noted in post by midnightsin is not reliable, please don't use that stranoblaze just follow the directions given by PhilliePhan.

Think it would be a good idea if you run at least one online scan. You will need to turn off ALL of your security programs, including your Avast and firewall and all the others too, in order for the scan to work properly and you will need to use Internet Explorer to run it.
Run the ESET Online Scanner and attach the ScanLog with your post.
If something is found please allow it to fix.
Once it is finished, reboot, do a new HJT scan and then post back with both logs.
Judy

Fantastic. Happy to help

Thank you r1pperZ,

If you noticed the HJT log, you will see that I have used Malwarebytes, Spyware Doctor, SuperantiSpyware, Ad-aware, CCleaner, Spybot, Bitdefender online and Panda online and AVAST antivirus scans and the infection is still there. The HJT log posted was after I had done all the aforementioned scans.

I appreciate the help all of you can give. I have tried everything I know to remove the infection, whatever it is. Neither of the scans listed above now find anything. I did remove quite a few before this HJT log.

Please help. Thanks.

Did any of these scans FIND infections? If so what were they and where were they located?
Do you have the logs from the scans you have done, especially MBA-M? We DO need to see the logs when scans have been done.
When you did the online scans did you turn off the onboard security programs? This is generally a requirement for the scans to work correctly.
Judy

Cases, Fans and Powersupply forum, if the problem arrose when you upgraded or altered your hardware then most likely a virus wouldn't be the culprit.

The poster clearly stated in his first post

i have a strange virus that boots off an on my pc consistantly every 10 secs.. ill try to type this short since it might shut off while im writing thisnow ..

ive replaced the heat sink fan and power unit which got my pc to work for 4 dys before it started to do the whole loop on an off thing again

This says the problem was happening BEFORE the replacements were made and then continued AFTER the replacements were done so it is likely the problem is not hardware related.
Have you tried safe mode with networking? If this works without these shutdown/restarts then chances are the problem is not hardware related.

A better idea is to work on ONE computer at a time since both may be infected. Get the one computer clean and then you can better work on the other one.
Which computer did the MBA-M scan come from? If it is the laptop and you cannot update MBA-M on that one then leave it for now and work on the desktop.
Be sure to state which computer you are going to be dealing with and when it is deemed fully clean then you will be told to move onto the other.
As far as the laptop antivirus program not picking up anything don't be fooled by that, many times trojans will NOT be picked up by an antivirus program because that is not what they are designed to do. What antivirus did you install, were you able to update it?

Choose the computer to clean, install MBA-M, update it if possible and do the Full Scan with it and have it remove whatever it finds. Reboot the computer. Download HiJackThis and do a system scan with that and save the log. Post back here with the MBA-M log and the HJT log. Then you will be told what additional scans you will need to do.

Perform these steps and you should be good to go.

It is very rare that infection is removed by using just one or two tools today.
Judy

How did you uninstall the Adobe Flash player? In order to uninstall the most recent versions of Adobe Flash player you must use their Uninstaller to do so.
http://download.macromedia.com/pub/flashplayer/current/uninstall_flash_player.exe

Save the file to the desk top for easy locating.
Once it is downloaded and on the desk top close ALL running applications, including all Internet Explorer or other browser windows, AOL Instant Messenger, Yahoo Messenger, MSN Messenger, or other Messengers. Check the Windows system tray carefully to make certain no applications are still in memory which might possibly use Flash Player. This is VERY important to do this because the uninstaller cannot remove files currently in use.
Once all applications are closed then run the Uninstaller.
Once it is uninstalled, reboot the computer.

The reason I asked is there are some programs there I am unfamiliar with, all perfectly legal but I am hesitant to have you make any changes regarding those so I won't.
Run HJT again and put check marks next to the following entries:
O1 - Hosts: ::1 localhost
O2 - BHO: Charter Toolbar - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\PROGRA~1\CHARTE~1\CHARTE~1.DLL
O3 - Toolbar: Charter Toolbar - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\PROGRA~1\CHARTE~1\CHARTE~1.DLL

Once you have placed the check marks click the Fix Checked button.
Exit HJT and reboot the computer.
Your Java program is way out of date and must be updated.
Go to http://www.java.com/en/download/manual.jsp
Download the Offline Install and save it to the desk top.
Then close all browsers.
Go to Add/Remove and Uninstall ALL old versions of Java showing there.
Once you have done this then double click that Java install file on the desktop and install the newest version. Be sure and watch closely on the install windows, they often times offer the Yahoo Tool bar and if you don't take out the check mark when it comes up it will also automatically install. When you see it take out the check mark so you don't get that too.
Once the install is complete then go back to the Download page and click Verify Now to check to be certain the install was successful.
Do a few searches then and see if you are still redirected.

Can I ask is this a work computer?

Yes why ?

is there anythng in there thats a threat? i dont know what else to do.. where can i post about cpu fans and atx power supply issues on here?

I asked the question because you didn't say whether things were better or not. No, I don't see anything in the log except a huge amount of programs running needlessly. But I don't see infections.
How much RAM is installed on the computer?

Please do the following:
Run HiJackThis again and place check marks next to the following entries:
O1 - Hosts: 91.212.127.227 awareremover2009.microsoft.com
O1 - Hosts: 91.212.127.227 awareremover2009.com
O1 - Hosts: 91.212.127.227 www.awareremover2009.com

Once you have placed the check marks then click the Fix Checked button.
Exit HJT and reboot.
Then do the following:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. VERY IMPORTANT
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer
Run a new HJT scan and then post back here with the MBA-M log and the new HJT log.

You have a large number of unnecessary programs auto starting and therefore running all the time in the back ground, this could be one cause.
Also, have you run a general cleanup lately, tmp files, internet temp files and the like? Have you done a defrag lately? A highly fragmented drive will also slow the computer. Is it always slow or only when online?

Hi there,
Yes, the computer seems to be working as normal now (if not slightly quicker too).
Thank you both so much.

Is combofix a utility that is safe to use on a regular basis as a backup to normal scanning etc?

Cheers
:):):)

Glad the computer is running well.
The answer to your combofix question is a resounding NO. This is a ONE time program to be used only in certain circumstances and NEVER on a regular basis and NEVER run unless first instructed to do so by a helper on a forum such as this.
The program has frequent updates and therefore should never be re-used once all the problems are corrected but it should be uninstalled.
In fact once these final steps are done I will give instructions on how to remove combofix from your computer. For the moment leave it alone.

You need to run a new scan MBA-M, be sure to update it first. Do the Full Scan. Remove anything found.
Reboot the computer.
Then run a new HJT scan and post back here with the MBA-M log and the new HJT log.

Are you still having problems?

Is the computer running better since the run of combofix?

Please do the following, follw these instructions exactly:
Please Download Combofix TO THE DESKTOP.
You will get a prompt asking if you want to run or save the file. Choose SAVE and save it to the desk top. DO NOT RUN it YET
You must take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Windows may issue a prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
ComboFix is now preparing to run and when it has finished you will see the Disclaimer screen you should press the number 1 key and then press the enter key to continue.
ComboFix will create a System Restore point so that if any problems …

We certainly can try to help with the slow boot time by eliminating unnecessary start ups, which should make a difference.
I will note, however, that Norton IS notorious for slowing the system so this could be part of the problem.

Neglected to have you fix this one with HiJackThis. Please run it again and put the check mark in and then click the Fix Checked button
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" //mailurl:mailto:melissa_x_15_x@hotmaiil.comm

Reboot the computer.
Are you still having the problems noted in your first post?

Run HiJackThis again. Place check marks next to the following entries:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

Once you have those check marks placed then click the Fix Checked button.
Exit HJT.
Reboot the computer and run a new HJT scan. Save the log and post it here.
Judy

You're welcome.

I really don't see anything in the logs. Are you still getting the Firefox tabs opening?

i dont understand why it says avg firewall disabled because i dont have avg installed lol

You must have had it at some time because there was also evidences of it in your first HJT log. There must be a large portion of it remaining if Combofix noted it.

Give me another HJT scan

Well, in response to your comments about the Advanced System Care by IObits...you may want to take a look at this info and think about whether you DO want to keep this program at all.

http://www.malwarebytes.org/forums/index.php?showtopic=29681

With these two below please note that both links received "This site has a poor reputation" or Ethical Issues problems. Do you want a program on your computer whose own website is questionable?

http://blog.iobit.com/archives/95.html

http://www.iobit.com/avg-com.html

You have CCleaner running at start up, totally unnecessary, along with a LOT of other unnecesary auto starts. Your Java program is out of date. You have software running for two different graphics cards...which do you have?

I'll be waiting for your log. As far as other scans not finding this infection, this is VERY common. Not all scanners look for the same things, this is why we generally have folks run more than one scanner, especially when symptoms continue.
Judy

Sorry, we're a bit short handed these days.

Uninstall IObit Security 360 using Add/Remove. This company is not a very reputable company and it is not recommended.
After that do the following:

Update MBA-M
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer

Then run a NEW HiJackThis scan and save the log. Post back here with both the MBA-M log and the HJT log.

Go to Add/Remove and see if AskBar is listed, if so, Uninstall it.
Reboot and then do a new HJT scan and post the log here. Please be certain that wordwrap is NOT turned on.

You forgot, infection WAS found in that Panda scan that couldn't be removed.
Please do the following, follw these instructions exactly:
Please Download Combofix TO THE DESKTOP.
You will get a prompt asking if you want to run or save the file. Choose SAVE and save it to the desk top. DO NOT RUN it YET
You must take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Windows may issue a prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
ComboFix is now preparing to run and when it has finished you will see the Disclaimer screen you should press the number 1 key and then press the enter …

I honestly see nothing in your HJT log pointing to the redirect page. Have you emptied all your temp files and run other scans? How about Spybot, have you run that?

That MBA-M program is WAY out of date. The current database version is 3131 and your version is 2775. Can you update again and do another scan?

Have you run the online scans requested? Have you rebooted the computer since all of these appeared?

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.
Run a new HJT scan. Post back here with the MBA-M log and the new HJT log. Please be sure that wordwrap is turned OFF before you copy/paste your logs.

pimpwack, you need to be sure the program you installed was the Malwarebytes' Anti-Malware (MBA-M) program. Update that program, do a full system scan with it and have it REMOVE all items found.
Reboot the computer. Run a new HiJackThis scan and then post back here with the MBA-M log and the HiJackThis log.

I have a windows xp with vista. I have never had a mac. I am a musician and have an rs232 connector on my laptop. I also need a wave file player. Also my computer has no cd so I want sonic foundry and cakewalk software. Do you know where I can buy.? From the net downloaded?

tupac you should NEVER post within somebody else's thread, especially with this type of question. This is not the forum where this belongs, this is a forum for virus and infection clean up.