Posts by jholland1964

1 - Open a Windows Explorer... You can do so by opening "My Computer"
2- in the menu bar at the top of the windows explorer you will find a "Tools" option.
3- In the tools option click "Folder Options"
4- click on the second tab "View"
5- Select the choice "Show hidden files and folders"
6- Click "Apply", then "Ok"

jholland,

You coment is pure sarcastic and if you do not wish to help, let someone else to do.
In contrary to you remerk, I solved all problems asking here and thanks to daniweb, so what else you want from me?

If all your problems were solved here then why not have the courtesy to at least post in the thread that the problems were solved and what steps helped you do so? Only one of your past threads is even marked solved but there is no explanation on how or what made it solved. You only state in this thread you are receiving messages in your Internet Explorer...webmail? Popups? No logs attached nothing.

If all of the problems below were solved nobody here knows how and virtually all of them had unfinished steps requested by usually crunchie, myself or others but you never came back with the results. So that is why I posted what I posted. That isn't sarcasm, that is truth.

http://www.daniweb.com/forums/thread147078.html no reply after crunchie's instructions

http://www.daniweb.com/forums/thread148598.html no reply from you following my instructions

http://www.daniweb.com/forums/thread158431.html no reply from you following my reply

http://www.daniweb.com/forums/thread185170-2.html no reply from you after crunchie's last instructions, you failed to follow instructions throughout this thread

http://www.daniweb.com/forums/thread185171.html you never replied after receiving replies from 4 different people.

There is usually NO need to do anything to the registry. Using registry fixers is generally not advised. One wrong click in the registry and the operating system can be totally disabled. WHY do you want to do something to the registry?

Please complete the steps given here, with the exception of the Deckard Scanner. Substitute instead HiJackThis.

Post the MBA-M log, the HJT log, and also that combofix log that you said you ran previously.
Do NOTHING else but what you are advised to do here on this forum from now on until complete.

First of all, update your anti-virus program. Don't run it yet.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

AFTER the update is complete. Close the program, shut down the computer completely. Then UNPLUG the Internet Cable from the computer entirely. This way it won't be able to go online by itself.
Then reboot the computer.
First do a Full System Scan with your anti-virus program and remove all that is found.

Next Open MBA-M.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Once the scan and removal are finished again Shut Down the computer.
Re-attach the internet cable and reboot the computer. Then download HiJackThis and run a Full Scan with it, save the log.
Post back …

I think you are under the impression I just checked boxes at random and hoped for the best.

No that is not what I think. I think you used the analyzer which is meant for reference ONLY so that entries questioned there can be researched. I say again HiJackThis is NOT a fixer program. It is ONLY a scanner program.
Here is the warning given concerning HiJackThis in the tutorial on how to use the program:

Warning

HijackThis should only be used if your browser or computer is still having problems after running Spybot or another Spyware/Hijacker remover. HijackThis is an advanced tool, and therefore requires advanced knowledge about Windows and operating systems in general. If you delete items that it shows, without knowing what they are, it can lead to other problems such as your Internet no longer working or problems with running Windows itself. You should also attempt to clean the Spyware/Hijacker/Trojan with all other methods before using HijackThis. If you allow HijackThis to remove entries before another removal tool scans your computer, the files from the Hijacker/Spyware will still be left on your computer and future removal tools will not be able to find them.

Did you follow ALL of the instructions given here BEFORE running HiJackThis? This is the sticky at the very top of this forum.
Read me before posting a request for assistance
If so I would like to see the logs from the MBA-M program and the ESET online …

Your Malwarebytes' Anti-Malware program is woefully way, way out of date. Current version is 1.37 and the database is 2227.

You need to update to the most current version and database. Then re-scan using NORMAL MODE ONLY and a FULL SYSTEM SCAN. Remove ALL items found.

Reboot the computer and then download and run HiJackThis on a Full System Scan. Save the log.
Post back here with the New MBA-M log and the HJT log.

You all ready have had multiple threads here requesting help and you never complete the instructions given.

program that helps you and when I delete the things it suggests I temporarily am able to edit the registry but even when doing all the fixes I could find within the registry, I am still unable to access folder options. Also after a few minutes at the most, the things I have deleted through HijackThis will start to return

First of all HiJackThis is never to be considered a Fixer program. Secondly it is not fully compatible with Vista 64bit systems so many times the logs are not fully accurate. HJT is basically used to scan the computer to see what may be installed, what may be running at start up via start up programs and services and what, if any, malware may be on the computer. Where are you getting the informations that "suggests" what should be removed? The KEY word is "suggests" that never means SHOULD, it is merely a suggestion that the entry should be investigated. Some things that Look Bad may NOT be bad.
Editing the registry without FULL knowledge on what it is you are editing is NEVER advised. I certainly HOPE you made backups of the registry before randomly going in there and editing.
The glaring thing showing to me in this odd looking HJT log is you are not running an anti-virus program nor a firewall. The easiest way to become infected. You are running multiple files from Temp folders. You have missing files throughout the log. Where are they …

Is the computer booted to Normal Mode? Frankly I have never seen anything like this happen before. But I also honestly don't know what all that has occurred with all the other programs you ran either. IF there is a way you can get to "C" drive this would be where the combofix log would be C:\ComboFix.txt
I have to say I am not certain now what should be done. The lack of internet service you have now has to be related to either the computer being turned off, and the fixes you attempted to correct the problems. It sounds to me like there is a rootkit at work on the machine, otherwise these other entries wouldn't have appeared in that latest HJT log. I always hate to ask this...do you have the install disks for the OS? It truly may be the easiest thing to do is reformat and reload.

the new version of malaware byte didnt find anything

Possibly because it was run in Safe Mode. The program is meant to be run in NORMAL mode if at all possible. Know you were instructed to do the scan in safe mode and that is fine. Safe mode doesn't let MBAM load all it's drivers which are often necessary for the best detection and removal results. MBAM works in safe mode but is crippled, so if at all possible it should be used in normal mode in an admin account.
Even though the scan showed clean this doesn't necessarily mean that it is. When connection problems are corrected a Full System Scan in Normal Mode with an updated MBA-M should be completed just for safety sake.

I am a bit confused here...you say you cannot access the internet BUT...

However, that being said a friend of mine was able to send me the start up for Malwarebytes through MSN.

If you cannot access the internet then how were you able to receive something via MSN. You have to have internet access to get something via MSN. If you cannot access the internet then how are you posting here?

This program should be run in NORMAL mode.
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the Computer.
Next download and run a Full System Scan with HiJackThis
Save the log. Come back here and Copy/Paste both the MBA-M log and the HiJackThis log.
Judy

The thread you found here is about 4 1/2 years old, so frankly think you should move forward.
How about beginning with a full system scan with HiJackThis. Do that and copy/paste the log back here. Maybe something will stand out...what other steps have you taken?
Judy

Well I hate to break it to you but I really feel your system is much more infected NOW than it was before. There are MULTIPLE trojans showing, new ones, which were not in the log before. One is especially worrisome, indicated by this NEW entry in the HJT log which was not there before:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,
This one is a strong indication of Infostealer.Banker.C Trojan, which is exactly as it sounds...an information stealer, including passwords, banking information, etc. There are now also multiple other ones which weren't there before you began your own steps.
Troj/Agent-IUK, W32/Koobfa-Gen malware, Trojan-Downloader.Win32.Agent (this one is part of a family of malware that consist of the executable dropper and its dropped files. It attempts to connect to certain websites and possibly download other malware. It also disables System Restore.)
There are other new ones also. The majority were NOT present in the other logs.
I realize the way you are having to connect to websites is an irritant but that can be fixed ONCE the multiple infections are removed. I asked you to upload that file immediately to the scan site, which you didn't do but instead followed other steps on your own without telling me. This gave the infections time to change their names, so no wonder you couldn't find that one.
Now THIS is the step I wanted you to run AFTER you had done that upload of the file, but since we can …

It is not a good idea to post the same problem at two forums. You began at geeks to go you should continue there. A word of warning however, one should NEVER run Combofix without FIRST being DIRECTED TO DO SO by a helper. You have not been directed to do so here OR at geeks to go. Just because you find a thread at a forum with similar problems does NOT mean the cause is the
same.
This information from the Combofix Tutorial says it ALL

ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

You have posted NO logs HERE or THERE. Since you posted there first I suggest you continue there.

What you have done is fine, though not what I requested that you do in my last post to you, which was upload that file to http://virusscan.jotti.org/en
I realize you say you searched for this file and couldn't find it but you did other things prior to the search. So I don't know if it is still there now but now using a different name.

By NOT doing that when I requested it does NOT mean that the file is gone, though your scans have removed a lot of infection. If you had done that immediately BEFORE the other steps then we would have known if whatever infection that was/is that had NAMED ITSELF avast was finally removed by all your scans. But we don't know that.
The main rule here is follow instructions as given, not other steps, the ones given. You are obviously very computer savy which is a great benefit when working on these problems, but you have to keep us up to date. The other rule is ANY TIME scans are done after notations of infections in an HJT log then AFTER those scans are done and infections are removed then Immediately after rebooting the computer again then a NEW HJT scan must be run and posted along with all those scan logs.
Hopefully the computer has been cleaned, but there is no way to know unless I see another HJT log.
You state you worked on the Internet …

I am somewhat confused here...you either have given me a log from a different computer or you have made major changes in the anti-virus program on the original and said nothing about it.
In your first HJT log, you showed TWO anti-virus programs running, a BIG NO-NO. Only one to a computer is the rule, but your log clearly showed two, PC Tools AntiVirus and AVG 8. Clearly I should have mentioned it originally, I did not frankly because I didn't honestly notice it until earlier this evening when reviewing your post again. Rather than add a post I decided to wait until you posted back.

Now on this log there is NO sign of either program but now it shows that Kaspersky Internet Security 2009 is at least installed on the machine, and shows in the Auto-Start programs but it does not appear in running processes, so it wasn't running when the scan was done. What is going on here?

Can YOU download? If so do the following:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.
Run HJT again and save the log. Post back with both logs.
As for the infected USB devices you have to DISABLE auto run on those, or for now on the computer which they will attached to. MBA-M WILL scan those and clean them too. When you click Full Scan you will get a window asking what drives to scan just choose those also.
As far as the still infected other computer...did you do a full reformat before the reinstall? This should have wiped the drive of the infections also.

Yes there is an infection or infections on the computer. At least one of those showing is Spyware Protect 2009, which is a Rogue anti-spy program. The KEY removal tool for this is Malwarebytes' Anti-Malware or MBA-M. One slight problem however it is designed to be run in NORMAL mode. While it will run in Safe Mode it would not be fully functional but if that is all that can be done you can attempt that.

First thing however I see evidence of TWO anti-virus programs on the computer, Norton and ESET. ONE of these MUST be removed. The absolute rule is only ONE anti-virus program to a computer. Choose whichever one is not expired and uninstall the other one. Thereare also some McAfee files showing on there also. Since this scan was run in Safe Mode I cannot tell if these are just remainders of various av programs or if all of these programs are installed on there. But ONLY ONE must remain and ALL the others must be UNINSTALLED, NOT deleted.

Reboot the computer following these uninstalls.

AFTER you have Uninstalled those extra anti-virus programs, update the one remaining.
Then do the following:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will …

For one thing, you didn't update MBA-M. New version came out before I asked you to run it. Newest version is 1.37 and current database is 2184.
Please update the program and run it again.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.

Run a new HJT scan and save the log. Post back here with the MBA-M log and the HJT log.
Judy

Hey,

Just thought I'd chime in while I'm going forward with your advice. In addition to the entry you mentioned in the HJT log, one of the entries I took note of was the following:

Now, to my knowledge, I've never downloaded or used Avast. And the whole 'unknown owner' thing caused me to raise an eyebrow. Is this something that I should also be concerned with, or should I just 'let it ride', so to speak??

You have a VERY KEEN EYE. That is a BRAND NEW entry in the log, it also shows as a running process. This obviously is NOT AVAST

Go to http://virusscan.jotti.org/en
and upload this file:
C:\WINDOWS\System32\avast!Antivirus.exe
It will be scanned by multiple scanners and give you a reading on what this file is exactly.
Post back here with the full information.

First of all, bad idea to install another program when the cause of the problem is unknown. Uninstall that Google Browser for now....What do you mean when you say...Error on every page? What does the error say?
When you say you ran Malware, I certainly hope you mean Malwarebytes' Anti-Malware. We need to see the log, even if nothing shows. Be sure to UPDATE it before running, there is a new version out today.
We also need to see a HiJackThis log.
Post back with both of those.

First of all TURN OFF ALL P2P file sharing programs, LEAVE them off. This is very likely how you became infected.
Run HJT and put check marks next to the following entries:

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SmileboxTray] "C:\Users\Prime\AppData\Roaming\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [P2kAutostart] V600

O17 - HKLM\System\CCS\Services\Tcpip\..\{31191494-429D-46B6-B0C5-AD1A977B54AD}: NameServer = 85.255.112.229,85.255.112.140
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB92F061-D685-45EE-8B14-10938B3AE9D8}: NameServer = 85.255.112.229,85.255.112.140
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.229,85.255.112.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{31191494-429D-46B6-B0C5-AD1A977B54AD}: NameServer = 85.255.112.229,85.255.112.140
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.229,85.255.112.140
O17 - HKLM\System\CS2\Services\Tcpip\..\{31191494-429D-46B6-B0C5-AD1A977B54AD}: NameServer = 85.255.112.229,85.255.112.140
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.229,85.255.112.140
O17 - HKLM\System\CS3\Services\Tcpip\..\{31191494-429D-46B6-B0C5-AD1A977B54AD}: NameServer = 85.255.112.229,85.255.112.140
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.229,85.255.112.140

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

Once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Reboot the computer.

Now I would like you to again try to run MBA-M, remove everything found and save the log.
REBOOT.
Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

• You will need to use Internet Explorer to to complete this scan.
• You will need to temporarily Disable your current Anti-virus program.
• Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
• When you have completed that scan, a scanlog ought …

This thread is nearly 6 months old. In order to better get help it is advised that you begin your own NEW thread. Please add a scan with HJT and post that log for us in that new thread.

Look at this concerning Documents and Settings folder in Vista
for the Icons try using Classic View for the desktop and see if they come back or try this:
Right-click an empty part of the desktop, click View, and then click Show Desktop Icons and put a check mark in that option

You are correct about starting your OWN thread, even if there is something maybe similar running no two computers are alike and even though they may be showing similar symptoms the cause may be totally different so fixes would be totally different. This would make it very confusing.
What operating system are you using? Have you run any anti-virus scans or anti-malware scans?

You ARE making progress, that is for sure. Let me explain WHY I had you remove Pure Networks, because some of the infected files were Pure Networks files.
Note these from previous log:
C:\Program Files\Setup Wizard\pure-network-magic.exe
I was hesitant earlier to note something, but I will now,
It seems that MOST of the infected files were/are located in this folder:
C:\Program Files\Setup Wizard\
I knew the pure network magic had to do with your ability to go through your router and if the "new"/old files work then there obviously was infection in the "new" ones you removed. Did you download these directly from THEIR website or someplace else?

Now this pop-up warning you received:

Your computer remains infected by threats! They can cause data loss and file damages and need to be cured as soon as possible. Return to Persona Antivirus and download it secure to your PC.

is an indication there is STILL infection on there, obviously by an rogue anti-spy/anti-virus. You did ABSOLUTELY the right thing by going off line immediately and shutting down.

Your MBA-M database IS the most current available so I am going to recommend once more that you do another scan with it....BUT stay OFFLINE, in fact disconnect the internet line completely to the computer and go to the Task Scheduler.

This entry in the HJT log concerns me also:
O22 - SharedTaskScheduler: gsf87hfunf98398jd - {C6C7B2A1-00F3-42BD-F434-00AABA2C8953} - C:\WINDOWS\system32\had73sfdfd.dll
As I am sure …

Your thread is over one month old. You have posted back here with two logs, the MBA-M is essentially clean, except for the notation that the Security Center is turned off. Not necessarily bad IF YOU personally turned it off. But other than those logs you tell us nothing.

You of all ppl should know to use the latest updates. MBA-M is waaaaaaay behind. Tut tut.

Shame on you Cohen!

AND if your MBA-M is that far out of date how far out of date is your Search & Destroy?
You have IE8 on there...did the computer "act right" prior to it's install? When did you install it? This seems to have mixed reactions...some have no problems and some have nothing BUT problems.

You also have Firefox 3.5 beta, just released April 27. Beta...TEST version, why would you install that? You know I never recommend being a guinea pig...was the computer "acting right" before this was installed? When did you install it? Hopefully not after it began "acting funny".

And I'm sorry if I'm kinda 'jumping the gun', but would this be why I can't get on the internet? And if so, how do we go about looking into that?
O10 - Broken Internet access because of LSP provider 'c:\windows\temp\ntdll64.dll' missing

You are not jumping the gun at all, very observant. I saw that one myself in your last log. It likely IS the reason you cannot get online. That entry indicates the rogue Anti-Spyware Program Antispyware2008 was on the system for sure and possibly some of it still remains.
Try running LSPFix, using the directions given on the link to repair.

There are still infected files showing in the log. But first I would like you to Uninstall the following programs:
Pure Networks-several of the infected files removed were from this program. Best to Uninstall ALL of it.
Also remove Webroot Window Washer. As you say, you have installed ATF-Cleaner, the Webroot program isn't needed and certainly shouldn't be running all the time. Same goes for PerfectDisk10. While neither of these programs are bad, there is no reason for them to run constantly.
RoboForms also runs all the time and can easily be run manually when needed.
Empty the Quarantine of Avira. Run the LSPFix program and do all of the above.
Then run HJT again and place check marks next to the following entries if they remain:
O10 - Broken Internet access because of LSP provider …

I update manually.
I installed Avast which can be updated manually.
That day i found a malware though i have no internet connection.
Who said without internet connection ur computer is safe.
I usally go Cybercafe and bring some files using pen drive.
Don't u think my pen drive may have some vruses.
Anyway thank you.

You never stated this before. Of course files on a pen drive can contain viruses, but they should scanned BEFORE they are put onto the computer? They can be scanned ON the pen drive and if they are found infected then is when they should be removed not after installed on the computer. You have much less risk to key files on the computer if you do it this way. Set the pen drive so that it doesn't auto run and then use the Avast to scan the pen drive itself. That way you won't be introducing infection onto the computer.
The KEY is when you download something be sure you are using the legitimate download site to do so but I would also be very wary of using a public computer to get downloads, sounds to me like the computers there are infected. If by Cybercafe you mean an actual business with computers for public use.

The things that randomly appear when it goes nuts on processes are msc.exe, 10888.exe, and 14297.exe

Give look in scheduled tasks, Start, All Programs, Accessories, System Tools. See what is in there, good chance you might find any or all of those. If so, delete them, if you can't delete them in normal mode then reboot to safe mode and try to delete them from there. Worked on a computer earlier this year which had the same symptoms got to looking around and that is what I found. Once I had those out of there I could run removal tools without difficulty.
One other thing to look for is Open Device Manager and on the VIEW Tab, select the Show hidden devices option.
Go down to non plug and play drivers and see if there is one called TDSSserv if there is then disable it.

Then Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M …

You are running TWO anti-virus programs and TWO firewalls...
AVG, Windows Firewall AND COMODO Internet Security which contains Firewall Protection & AntiVirus Software. That is an ABSOLUTE NO-NO and certainly could account for the freezing on the computer. If you have PAID for Comodo then keep it on there and Uninstall AVG and disable the Windows firewall, if you are running the FREE version then YOU choose what goes...AVG and Windows Firewall or Comodo. But before you do anything else you MUST do that. Then proceed with steps given by gerbil and download, install, update run and DO FIXES with MBA-M. REBOOT the computer. Upon reboot run a new HJT scan and save the log. Post back with both the MBA-M log and the new HJT log.

Prevx 3.0 and uniblue reg repair

Neither one are ones we recommend here.
Do the following, if needed it can be downloaded to a flash drive or a CD along with the Offline Update and then carried to the infected computer.
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
If you can't download to the infected computer then here is the page for the Offline Update files.
http://www.gt500.org/malwarebytes/database.jsp
Run that program and allow it to fix everything found as noted. Save the log.
Reboot the computer and see if you can get online.

What is the NAME of the new downloaded security software?

Yes, progress is being made BUT as you said your MBA-M log shows NO ACTION TAKEN on all objects found.
You will need to run it again to be certain.
The database version you had on there was pretty close. Since you are using the Offline Update option that one is somewhat behind the online updates. Once you are able to actually get this computer online you will be able to update via the program itself accessing the update files and then you would be up to date.
Go HERE and get another offline update, take it to the computer and update your MBA-M program and then run a FULL Scan again. This time once the scan is complete be sure there are check marks in all items found and then click the Remove Selected button.
Then REBOOT the COMPUTER...this is an absolute MUST. Some items cannot be completely removed unless the computer is rebooted because they will be removed during the early boot process before these infected files can be turned on.
There ARE still signs of infection showing in the HJT log and there is another step we can try but let's go on with this first to see what can be removed using MBA-M. I also would recommend you UNINSTALL AdAware, this newer version isn't what the old one was and it too adds some unneeded options which can interfere with fixes.
I also note you day you Deleted …

Sol means shit out of luck. I do believe that you can lock the Bios.
That is a way the computer will not even boot up until a password is setup. good luck :)

seeker9969, this thread is 4 years old. It is pointless posting something like this in a four year old thread. Learn to look at the dates.

Post that MBA-M log.

How can you be certain? You should post the MBA-M log here along with a Full Scan log from HiJackThis

From your log it appears you are running two anti-virus programs, Symantec/Norton and McAfee. The absolute rule is ONE anti-virus program on a computer. Completely Uninstall ONE of these.
Then TURN OFF that Napster program until the computer is fixed, better yet, uninstall it. Very likely one of the causes of your troubles. Plus we offer NO assistance when P2P programs are being used.
Turn off your IM programs. Move the HJT program to a permanent file of it's own. Fixes, if needed, can't be done with HJT from a temp file.
Once you have done all of the above REBOOT the computer.
Then do this:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

…

We cannot offer any suggestions until we see some logs. Post a MBA-M log.

Hi jholland1964,
Thanx for knowing me about SpywareBlaster.
But .When i scanned using it found malware type virus named some WIN32.

Now i am using only Avst Home 4.8 and daily i update it manually.
I am shocked how Avast found this Malware virus though i don't have any internet connections.Ya i agree it's a good Anti-virus.Still do i need Some special AntiMalware S/W for detecting any malware or am i fine with my Avst as it can detect.If fine then does it conflicts with malware ?

Win32 files are USUALLY key system files. How do you KNOW it was malware?
You must have the wrong program because SpywareBlaster is NOT a scanner and doesn't even have a scanning capability. It is a protection program ONLY.
I really cannot understand this however...you say you DON'T have internet? How did you put these programs ON the computer? How can you update without internet? How can you get infected with something without internet?
Please Explain

With the exception of Spybot everything else you list there is way, way out of date.
One thing you must do first is Disable the Spybot TeaTimer. It will interfere with fixes which need to be done.

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Current version of HiJackThis is 2.0.2

AVG 7.5 is of course not longer current and your version of MBA-M is as you stated, also way out of date, the current version is 1.36 and database version is 2162. This would likely be the reason you got the message you did.

Uninstall BOTH HiJackThis and MBA-M and if you So if you can prevail on your neighbor once more this is what I would do. Download both of the new versions to that disk and install them on the infected computer. HJT wouldn't need an update but MBA-M will certainly be more current than the one you now have and even if it cannot be updated for the moment you certainly will get a more up to date version and should be able to run a Full Scan with it and remove problems.

The thread you have noted is well over 4 years old so very possible the infection and things done wouldn't be the same. To Update MBA-M you can go to http://www.gt500.org/malwarebytes/database.jsp download an update. Save it to a disk or flash drive and then when you hit update MBA-M just choose to update FROM that location. It won't be the most recent update but current enough to do the job, rather than running a program without updates. Do a Full Scan and choose to Remove every thing that is found.
Reboot the computer and run another HJT scan. Since you HAVE the log do as below.
Open your HJT log, go up to Edit, Select All, Copy
Then come back here and hit reply. Paste the log. We prefer them to be copy/pasted anyway.
Judy

Couple of questions here, did you personally add all those addresses to Trusted Sites? Is your ISP lisney.com? Have you done a general clean up....temp files, cookies, etc? Have you done a disk defrag lately? Is the computer only slow when online or all the time?

Ok, I'll wait for your next post.
Judy

Is the computer slow otherwise?

Hi, welcome to daniweb.
Please do the following:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.
Next download HijackThis and run a full system scan with it. Save the log and copy/paste both logs back here.