Posts by jholland1964

Reboot the computer and then run a new HiJackThis scan and post the log.
Judy

It will take awhile to read this log, as you can well imagine. Will get back with you ASAP.
Judy

Happy to help.

Are you still getting those pop ups?
Do you know what this program is?
O4 - HKCU\..\Run: [download draw] C:\DOCUME~1\Rosedale\APPLIC~1\INTERL~1\Surftrust.exe

I was only asking about your location because the log shows an internet connection or ISP located in Iran. Just wanted to be certain that it was ok. If we see something like that we have to check to be sure, because some hijacking of computers take place from locations very far from the computer, in other countries. I, myself am located in the USA. If my scan showed an ISP in London or Paris that would mean serious problems and certain steps would be required to reset to the correct ISP.
That is a part of your log I can ignore then. I will go through the log and get back with you.
EDIT:
Here is what I see Danielle. You have a very SMALL amount of RAM for what is on the computer. This could certainly be a cause of the freezes.
I would advise increasing this to at least 1 GB. RAM is very easy to install and a very inexpensive way to upgrade the computer.
Now since you are in Iran I can't really tell you where to purchase it but you can go to
http://www.crucial.com/ where you can do a free scan of the computer and they will tell you what options you have for additional RAM, the proper RAM to purchase. Now this is located here in the US so I don't believe you could order it through them, but I cannot say for sure. But what …

You really need to explain your problem better than just listing Pop up Help. What types of pop ups for one thing, when did this begin, when do you get them?
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Reboot the computer.
Run a new HJT scan and save the log. Post back here with both logs.
Judy

The file was a virus then so you wouldn't want to restore it. It was NOT a legitimate file which should have been restored, if you had found and restored it then the virus would have been back.
System Restore wouldn't work probably because there were no GOOD restore points, that one certainly wasn't. Re-set System Restore.

Probably best to leave it and see . VundoFix *rarely* causes problems but there is still a risk i suppose. It is very good at finding infections though.

By the way WahooBoyd, i just want to congradulate you on being a great poster :) if every user provided as much information as you it would make everyones lives a lot easier.

And yeah, did you update the Java? Vundo commonly finds its way in through outdated JREs.

Post #7-Installed Java 6, version 11, and confirmed via Java web site that the installation succeeded and is operating correctly.

As far as running VundoFix that really is up to you WahooBoyd. If you feel you would like to check things out once more that is fine. I agree with jbennet concerning your thorough posting, it really makes a huge difference to receive full information.
Judy

Q: Would deleting the directory AskPBar from my Program Files folder cause any problem(s)? I suspect that answer is no. However, I still want to check with you.

Does it appear in Add/Remove? If it is there then remove it that way. Many anti-spy programs flag this as malware. While the bar itself may not be it is often included with other programs and is installed without your permission OR is installed because folks don't notice the "do you want the askpbar?" box and it gets installed.
A safer way, if it doesn't show in add/remove would be to remove it in Safe Mode... (keep tapping F8 key, when your computer starts, until menu appears)

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.

Delete): AskPBar folder from C:\Program Files

Restart in Normal Mode.
Mid-East...not a very safe place to be. My brother returned in Oct. from Iraq, he's with the State Dept. Relief to have him home, imagine your family will feel the same way.
I enjoy working with computers and offering what little help I can. Computers are great but can be annoying too. It is so nice when they run smoothly.
Judy

First of all I don't see two anti-virus programs running BUT no matter, get rid of the second one now. This will actually lessen your protection not improve it. It is recommended that instead of installing two anti-virus programs on the same machine, which is a definite NO-NO for the reason stated above, that you use an online scanner in situations like this one.
AFTER uninstalling the second anti-virus program then do an online scan with ESET Online Scanner.
* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.
Reboot the computer.
Run a new HJT full system scan. Save the log and post back here with both the ESET log and the HJT log.

Reboot and run update MBA-M then run a full system scan with it, reboot and run a new HJT full system scan and save the log, post back here with both.
Judy

* Click START then RUN
* Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

When shown the disclaimer, Select "2"
This is going to uninstall combofix.
Next do the following:
Run HJT again and put a check mark next to the following entries;
You need to run HJT again and this time put check marks next to these entries:
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {84F425A5-6301-47EA-A70B-399060B03D69} - C:\WINDOWS\system32\byXQGvtT.dll (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User 'SYSTEM')
O4 …

Hi zbizzy, will be waiting for your logs. Be sure to allow MBA-M to remove items found.
Judy

What does work instead of AD-Aware? My techie friend is a PC engineer and he only used AVG FREE 8.0 ANTI-VIRUS, AD-AWARE2008 and SPY BOT 1.6. And he makes a lot of money doing it. What do you suggest? as alternative programs
Jim

I still use SpyBot 1.6, NOT the TeaTimer portion however.
I quit using AdAware when it went to this new version AdAware 2008 was that this AdAware Service was put in there and runs in the background but as I understand it with the FREE version this actually does nothing. You have to have the paid version for it to do what it is supposed to do. Here is what I found when reading various reviews of this newer version;

One of the installation options that appears to be available even for Free users -- maintaining a constant scanner in the system tray, like a real anti-virus program -- forces the Free edition to respond later with a warning that the option isn't actually available.

Yes, this service can be turned off, but why have it anyway? Plus, I want to KNOW what I am going to install and what comes with it and does it work? When I found it was doing nothing I first disabled that service and kept the program, but then finally decided this newer version didn't work as well as the older one.
Plus I have found, like many others, that the free version of Malwarebytes' Anti-Malware has updates …

Those are the normally hidden system files. Did you follow the instructions on the Read Me sticky? One of those is to enable the viewing of Hidden Files and folders. Go back in and do the reverse and hide these files and folders again and see if these disappear.

Appears to be clean. Are all things running all right?
Judy

i have a ccleaner installed in my computer so, all the temp files will be deleted and the computer has became slow after the internet connection i have installed wamp and text editors software like stuff this may be the reason? and my cousine always installs some wiered stuff like games, style xp and many others
the system is getting slow down all the time
thank u

If the slow down began with the install of all those items then I think you can probably narrow it down to that.
If games and other items have also been added then you can probably add those to the cause also.
How big is the hard drive? How much space is remaining"
How much RAM do you have installed on the machine.
It may very well be just too much in too small a space but give me that info ok?

no one is supposed to use it for internet access, however, i have teenagers helping me out and sure enough, i look at the history and they're been on it.

Then you should call them on it. Since this is a business machine this could very well damage your business. When you are going to other, NECESSARY sites for the business on an infected computer there is a possibility of spreading these infections to others. This would definitely damage your business because there is a chance others could trace these infections back to your machine.
One free program can offer some help to you, and I would never run a computer without it, that is SpywareBlaster. It is FREE, it DOES NOT run in the background but it DOES protect the computer against the following;
ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
Restrict the actions of potentially unwanted sites in Internet Explorer.
All you need to do is download it, install it and update it and then enable all the protection. Update it at least weekly and then enable the new items on the update.

You also should set you Internet Explorer security settings higher, you will have to experiment with that to be certain that your business necessities are not blocked but that shouldn't take you long to figure out the proper higher setting. Also you need to Internet …

Thanks so much jsong. I am so happy I could help.
Judy

Looks good but that Spybot TeaTimer is running. Believe me, it is more trouble than it is worth. Disable that from running automatically at start up by opening the program.
Choose Mode, Advanced. Then you should click Tools at the bottom. When Tools opens you will see a row of buttons on the left. Click Resident. When Resident opens take the check mark OUT of TeaTimer.
Click ok and close the program.

SpywareBlaster will do a much better protection job and it does NOT run in the background. Download, install and update. Then enable all protection including the Restricted sites portion.
Manually update it once a week and enable all the new protection.
If you feel all is corrected and the computer is running well then click the Solved button.
Judy

Looks MUCH better. Keep that AVG on there, updated and scan at least weekly with it.
Do you feel things have been corrected and are working all right?
If so please click the Solved button.
Judy

Hi SeeJay, welcome to daniweb,
Download and run HiJackThis
Do a Full System Scan and save the log and post it back here.
AFTER posting that log here....
Then do this;
Please Download ATF-Cleaner.exe by Atribune
Save it to the desktop for easy access.
-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Next do the following;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where …

Actually for right now, skip those, if needed we can go back to them.
Right now, best thing to do is download and run the following; Instructions and download links can be found in the sticky. Also follow instructions for running the ESET Online Scanner
ATF-Cleaner, Malwarebytes' Anti-Malware program
Finally download HiJackThis and run it. The link for that is in my post above.
Do those four things, post the three logs here and we will go from there.
Judy

Try running it in safe mode. It should make it go somewhat faster because there won't be a lot of items running in the background.

Honestly, I am thinking (which may be dangerous in itself) that this Authenium could actually be part of the Verizon Security Suite. I just haven't yet been able to find who provides their Security Suite. Let me do some more looking around and maybe I can finally find out. I will let you know as soon as I do.
Judy

Looks good. Is everything running ok?

Keep us posted please.