Posts by jholland1964

Though your AVG shows as being set to auto start it is not running. It is likely that it was damaged by the infection and needs to be uninstalled and a new anti-virus program installed.

You need to uninstall it via Add/Remove and then also run this removal tool to be certain that all files are gone.

http://download.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

Now unless your AVG is a paid program and is not near expiration I would advise you choose a different program. Two of the best are Avira Free or Avast Free.

I have used Avira for several years and am most pleased with it. But here are links for both, you choose:

Avira Free http://www.avira.com/en/avira-free-antivirus choose the one on the left side of the page

Avast Free http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button

Do the above, do a full scan with your new anti-virus program and of course have it remove or quarantine anything found. Then do a new system scan with HJT and post back here with the results of the av scan and the new HJT log.

Good. You have been using an out of date version of HiJackThis. Uninstall that one and download the newest version which is 2.0.4
http://free.antivirus.com/hijackthis/

Do a new system scan with it and post that log back here.
Judy

Now do the following:
Please Run the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You can use Internet Explorer to complete this scan and you will need to allow an Active X to be installed or you may use Firefox
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

Now you need to update MBA-M and run a new Full Scan with it. Be sure you DO update as there was a new version of MBA-M released yesterday and it will update via the program. Allow MBA-M to remove everything found, REBOOT the computer and come back here with the new MBA-M log.

You ignored this advice
The Crawler IS considered a bad website, known for spam, phishing and malware and should not be used.

Follow these instructions for running the TDSSKiller from Kaspersky
http://support.kaspersky.com/viruses...?qid=208280684
* Download the file TDSSKiller.zip and extract it (use archiver, for example, WInZip) into a folder on the infected (or potentially infected) PC.

* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. It is necessary to reboot the PC after the disinfection is over.
# The utility can detect two object types:

* malicious (the malware has been identified);
* suspicious (the malware cannot be identified).

# When the scan is over, the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).

# Select the action Quarantine to quarantine detected objects.
The default quarantine folder is in the system disk root folder, e.g.:
C:\TDSSKiller_Quarantine\23.07.2010_15.31.43

Post back here with the results.

Hi and welcome to daniweb. You have used an out of date version of HiJackThis. Current version is 2.0.4 and can be found here; http://free.antivirus.com/hijackthis/
However in order to assist in identifying your problems you need to follow the steps given on our Read Me first sticky http://www.daniweb.com/forums/thread134865.html
Please complete the steps given there and post back here with all requested logs.

You also need to run HiJackThis and put check marks next to these entries, I forgot to include them in the last fix. The Crawler IS considered a bad website, known for spam, phishing and malware and should not be used.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispat...=%s&tbid=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_cu...spx?TbId=60076

After you have placed the check marks click the Fix Checked button and Exit HJT

Good enough. Happy to help.

You also should run the ESET Online Scanner to be certain. We just did this on another thread here and a couple more things were found.
http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You can use Internet Explorer to complete this scan and you will need to allow an Active X to be installed or you may use Firefox
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

You should have posted both the TDSKiller log and the MBA-M log. I cannot verify this system is clean.

Here is a new link for Avira

http://download.cnet.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html

Click next to the Green Button where it says Download Now

Here is how to disable Spybot's TeaTimer for good.

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Now, the MOST important:
If your Zone Alarm Anti-virus program is this old AND was a paid version then it is expired and very likely one reason you were infected. If you truly want to protect THIS computer then you need to uninstall it and use a good FREE one. I have used Avira FREE for two or three years. I have never had an infection on the computer. It is very highly ranked and has been for several years. I strongly recommend it.

Here is the direct link for Avira Free install file.
http://www.avira.com/en/free-download-avira-antivir-personal

Save this file and then Uninstall your Zone Alarm Anti virus. As soon as it is uninstalled then Install the Avira Free. Update it.

Here are pictures for the proper settings to use in Avira. You it is a zip file for download.
http://www.filefront.com/15924909/Avira%2010%20Critical%20Settings.zip

Open it and go through each picture to see proper settings. You can configure the program exactly how you want to, daily automatic updats, set up full …

Download tdsskiller from the following link and follow these instructions from Bleepingcomputer.
http://support.kaspersky.com/viruses/solutions?qid=208280684

If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.
Once it is on the computer, no matter how you got it there, then extract the files from the zip file. You can do this by right-clicking on the tdsskiller.zip file and then selecting the Extract All. Keep clicking the Next button until you receive the message that all files are extracted.

A folder will now open containing two files, including the TDSSKiller.exe program. Before you can run TDSSKiller, you first need to rename it so that you can get it to run. To do this, right-click on the TDSSKiller.exe and select Rename. You can now edit the name of the file and should name it a random name with the .com extension. For example, 123.com or 23kjasd123.com.
Once the file is renamed, you should double-click on it to launch it.
If you receive a warning, please click on the Run button to allow TDSSKiller to run. If you did not receive this warning, then TDSSKiller should have started and you can proceed.
Click on the Start scan button to have TDSSKiller scan your computer for the TDSS infection.

…

On the infected computer go into Internet Options, Connections, click on the LAN Settings button and make sure there is NO check mark in Use Proxy Server, if there is one, take it out. Then try to connect to the internet.

Well, I love a mystery and this certainly was one. Surf Safe!!!

Ben your second post means you have not followed instructions given in my original post. Please do so if you want assistance.

Good. Forgot about the Revo program. Do you have System Restore turned on? If so you need to do this:
You also need to set a new, clean Restore point.

Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.

I see you have SUPERAntispyware, update that weekly and scan with it.
Same goes for SpyBot, but keep the TeaTimer portion of it turned off, it interferes with fixes done by other programs.
Keep MBA-M, update and run a QuickScan weekly. If QuickScan finds something have it remove it, reboot and update again and run a Full Scan following same procedure.

Keep the cookie settings as I showed you earlier. Those are the BEST and Safest Settings to use.
Remember what I told you earlier, those files you were seeing enter your cookie folder WERE NOT cookies but infected files brought in by the trojans on there. Cookies are shown by a simple .txt icon but so are many other things on the computer. But that doesn't mean they are cookies. Get rid of that shortcut to your cookie folder …

Try this tool to uninstall them.
http://www.snapfiles.com/get/javara.html

According to your original Uninstall list you posted from HiJackThis it showed your java was way out of date. You need to update it. To do this do the following:
Go to http://www.java.com/en/download/manual.jsp

Download the Offline Install and save it to your desktop for easy locating.

Next close all browsers. Go to Add/Remove and Uninstall All older versions of Java you find there.
Once they are all Uninstalled then double click the install file on your desktop.

WATCH the install VERY CAREFULLY as the installs now often include extra toolbars like yahoo or others, you ARE given the option to NOT take these by removing the check mark next to them, take the check mark out and continue with the install. Once it is complete then go back to the download page above and click Verify now on the right side of the page to go to the verification page where you can check to be sure the install was successful.

Do you have system restore turned on? If so, do the following:
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.

Another program you MUST install is SPYWAREBLASTER from Javacool. SpywareBlaster doesn't scan for and clean spyware--it prevents it from being installed in the first place. SpywareBlaster prevents the installation of ActiveX-based spyware, adware, dialers, browser hijackers, and other potentially unwanted programs. It can also block spyware/tracking cookies in IE, Mozilla Firefox, Netscape, and many other browsers, and restrict the actions of spyware/ad/tracking sites.
Truly a MUST HAVE PROGRAM and I wouldn't run any computer without it.
Download it, install, update and then click Enable All Protection. Close the program, that's it. It doesn't run in the background but offers superb protection.

http://download.cnet.com/SpywareBlaster/3000-8022_4-10196637.html

Ok now you need to Uninstall Combofix. Follow THESE instructions EXACTLY which are slightly different from the last ones I gave you:
Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

Give me a new HiJackThis Scan

Yes, turn on Windows Firewall

If you find that Avast won't allow you to install without being online then of course stop the install and follow the steps for going back online. Then download from the link and install.

Pardon me while I pick myself off the floor!!!!!!!!!!!! Ok, make sure that Windows Defender is OFF and Disabled in the Services.

Download Avast from here to the flash drive
http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button

put it onto the affected computer. See if you can install it. Of course it won't update. Then turn off the affected computer, plug the ethernet cord back in, wait about two minutes and then power up the computer. Open Avast and update it.

Now here is a page where you can download a .zip file for with pictures for the correct settings you need to use with Avast. Download and open it so you can see the pictures on correct settings.

http://www.mediafire.com/?qfjnl0n4q46kot5

After that update MBA-M again and run a new scan with the updated database. Come back with that log and hopefully you won't need to wear your new boots.:icon_lol:

Never mind, try this removal tool

http://tinyurl.com/ylsyx24

Put it on the flash drive, move it to the infected computer, run the tool and reboot.

Tell you what, did you get an install disk from AT&T when you hooked up with them?

Unfortunately, Windows Defender isn't easy to remove. Personally...I don't like it and never recommend it's use. You can turn it off and keep it off however by going to Services and stopping it there and then change it's start up type to Disabled. Then it "shouldn't" restart. I said should because as you and I have found out this may not be the case.

I would like you to manually update MBA-M by downloading the manual update file to the flash drive, take it to the computer and install the updates from the flash drive. Then do a full scan with MBA-M and of course have it remove everything found, REBOOT the computer with your newly purchased spam boots :icon_lol:, sorry, couldn't resist,
Ahem...sericously, reboot the computer and come back here with the new log.

Here's the link for the manual update for MBA-M. It ususally is slightly behind the regular downloaded updates but hopefully an update with a higher database than you have.
http://malwarebytes.gt500.org/

The last one you showed was 5173 and as of just now the latest one is 5194. Hopefully you will get something in between. If it is older than the one you have, don't use it.

I see or saw that you have Revo Uninstaller on the computer. Use it to look for and remove that AT&T stuff and also have it look for Authentium and RPS. Have it remove all of those it finds.

Wow, I didn't know that those "boots" that are being advertised from Lucyye would help get this computer fixed ?
:D:icon_lol:
you and I will be the only two who know what you are talking about because I deleted that spam post...but your comment, Tumbleweedracef, is hilarious! Glad to see that even with all this you still have a sense of humor.
Maybe those are what is really meant when somebody tells you to "reboot" the computer:icon_lol:

Have you rebooted the computer since the run and why do you want to go into the Control Panel?

Did you follow Crunchie's instructions exactly?
STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
This WOULD include Windows Defender.

Did you drag the script onto the top of Combofix?

I am sure that Crunchie is going to take a look at this log to make sure all was done as it was supposed to, but I have a question, earlier you said this;
I have tried to get completely rid of the AT&T Internet Security so that I could use Avast.
yet it clearly shows in both Combofix logs
AV: AT&T Internet Security Suite AT&T Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: AT&T Internet Security Suite AT&T Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
SP: AT&T Internet Security Suite AT&T Anti-Spyware *disabled* (Updated) {307352C6-1CBD-11DB-8AF6-B622A1EF5492}
but it DOES NOT show in your Uninstall list. Exactly HOW did you try to "get rid" of the AT&T Security Suite because it obviously is not gone.
Also showing in the Combofix logs is
Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} but it shows nowhere in any other log or list. Where is it? Did you know that you had it on the system?

Hi Ben, welcome to daniweb. Please bear in mind that the thread you noted is nearly 4 years old, and while your symptoms may be similar it is probably unlikely you have the same one. AVG antispyware is no longer used or even available. If you found it some place it had to have been a very old program and certainly would not have helped your problems. So be thankful you were not able to install it.

We ask that you begin with the steps given on our Read Me sticky first

http://www.daniweb.com/forums/thread134865.html

Post back here with all the logs, and please, do not attach them, copy/paste them into a post. After a look at the logs we can give you the next steps any are needed.

Crunchie, computer has no av program on it because poster was running parts of three av programs. I had him disconnect the computer and uninstall all av programs. He is running these programs via flash drive with the infected computer disconnected from the internet. I told him to do this since he was having so many problems. Told him I would tell him when to connect, which would be after an av program would be installed via the flash drive.

Sorry, missed that Cleaner 2011 earlier. You didn't answer my question, is it the paid or trial version? Also, is your AdAware the paid or Free version?

Your computer is really way out of date. You only have XP SP2 on there and SP3 was released 3 years ago but you don't have it installed. This means it is likely that you have no XP security or critical updates that are very recent meaning your computer is very much at risk, no matter what or how many security programs you are running on there. Unless you install SP 3 your system is not supported anymore. XP SP3 is fully supported until 2014 but support for systems without SP3 installed has expired. This could also cause future problems adding other programs as many today require that XP have SP3 installed to be able to download their programs.
You still have a portion of the Emisoft program running but it is doing nothing but running and that is a-squared Free. It does absolutely nothing as it is no longer a stand alone program. You need to go into Services and stop the service and then change it's startup type to disabled. You also need to do the same for Emsisoft Anti-Malware 5.0
Run HJT again and put check marks next to the following entries:
O2 - BHO: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - …

Are all problems corrected?

No, you need to wait. I will have somebody else look at this too. Just turn off the computer and keep checking back on the other one. Not sure when somebody else can take a look since it's a holiday but we WILL get back with you ASAP.

Look, I told you all ready that you had too many anti-spy programs running on there. You removed some, I believe, since I no longer see the Spyware Terminator or the Trojan Killer. But now I see you have added another, The Cleaner 2011. Did you purchase this program? If you did not pay for it and are using the trial version then its real time scan is disabled by default and cannot be turned on during its trial period. So it is pointless having this run in the back ground because it does nothing until you pay for it.

Emsisoft Anti-Malware 5.0 - this gets very poor reviews. Here is just one of them from PC Magazine; Program fails to thoroughly remove detected malware. Explicitly identifies valid programs as malware. One-dimensional behavior blocking blocks many valid programs. Emsisoft Anti-Malware 5.0 is great at finding malware; too bad it flopped at removing what it found. It erroneously flagged several valid programs as specific, named malware, and its behavior-based detection kills both good and bad programs.

SpybotSD TeaTimer is still running and as I said before this is absolutely KNOWN to block fixes attempted by other programs. Turn it off and leave it turned off.

Exactly WHAT anti-virus program are you running?

That happens to a lot of people the first time they use it. Once they get the hang of it, no problem. This tool is top of the line, be sure to keep it and use it for Quick Scan at least once a week, be sure to update first. If Quick Scan finds something then of course remove, reboot, update again and run the full scan. Quick Scan doesn't scan as deeply as the normal scan so this is why a second run with full scan is recommended if something is found.

After these scans complete then also do a system scan with HiJackThis version 2.0.4 and save the log. Post that log here too.

http://free.antivirus.com/hijackthis/

Actually database wasn't that far off. But running again is a good idea because...you didn't have the program do any cleaning. Look at the log for all items found, -> No action taken.
Be absolutely certain you follow this part of the instructions;
* Be sure that everything is checked, and click Remove Selected if malware is found.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily.The log can be retrieved by opening up MBAM and clicking on the Logs Tab at the top of the program .

Reboot the computer this is VERY important as many infections cannot be fully cleaned by MBA-M until very early in the boot process when the infected files have not had a chance to activate. So you must always click that Remove Selected button and then reboot right then. Otherwise the tool won't be able to do it's full removal.

AFTER the computer reboots then open MBA-M again and go to the Logs Tab. It would be the bottom one you want, open it up and copy/paste it back here.
Then do the following:

Please Run the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You will need to allow an Active X to be installed or you may use Firefox if you have the IE tab add on.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure …

Good enough! Enjoy your turkey dinner!

Do to lack of activity this thread is being closed. If you need this thread re-opened please contact a moderator.

jholland1964

Malware is defintiely NOT the cause of your problem.
Your GMER log shows only XP Service Pack 2 so you have not fully updated your XP so installing Office 2010 is the least of your worries. You need to go to Windows Updates and complete all updates required for XP. If you don't do full updates your XP is no longer supported, if you install Service Pack 3 then your XP is fully supported by Microsoft, meaning you CAN continue to receive all updates, until April 8, 2014.

Office 2010 system requirements state clearly Windows XP (must have SP3) in order to install.

Thanks for the reply. From what I have found the Authentium AntiVirus program is often installed when users install software from their ISP and I have also found that it could be that the RPS Antivirus (and RPS stands for RadialPoint Software) is really Authentium and therefore may be why you couldn't find it anywhere after you removed the Authentium.
So I would say on that let's assume that it is gone. If we find it later we will deal with it. But here is your next step. Read everything VERY carefully, follow each and every step EXACTLY
I want you to run Combofix. You are going to have to download the file to your flash drive and take it to the infected computer. It must be put ON TO the infected computer, it cannot run from the flash drive and you must put in ON the desktop

Please download ComboFix by sUBs from

http://www.bleepingcomputer.com/download/anti-virus/combofix

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and run it from your Desktop
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts, though you can ignore the part of instructions about creating …

The only place that those programs showed up was in HijackThis so I tried to use that to delete them as you requested.

Which programs exactly?

Does the printer work?

Some HP printers are designed to add a dot 4 port,which is virtual.

A virtual port can not do peer to peer and this is by design.

http://support.microsoft.com/kb/302361

Look, this is totally ridiculous. You now have done two things I didn't request, download another program and install it and run it and also used HiJackthis, incorrectly, to do a fix that I did not tell you to do.

I am telling you right now ONCE, if you keep taking steps that I don't tell you to do then I am out of here. You can go elsewhere for help or take this computer to a shop and pay to have it fixed.
This computer is supposed to be OFFLINE, no programs should be installed on it unless I tell you to do so.

As I try to delete the file " index.dat", it won't let me. There is a warning/popup that keeps saying....
The action can't be completed because the file is open in another program
Close the file and try again.
Leave it alone. It is NOT a virus.

Now did you uninstall combofix as I told you to do?

Ok, disconnect from the internet, unplug the cord in other words and if you connect wirelessly then disconnect the connection.
Turn off ALL protection programs completely. Look in the task manager to make sure none of them are running.
Then following the instructions given by the printer manufacturer try to install your printer.