[ogam5]

.....I'm actually about to step out in a few minutes; will have a look at this tomorrow and see whether I can follow based upon my resources - let you know if I have any questions or need clarification; otherwise will also inform you once whatever needs to be done, is......

[Advertisements]

.....'Odd' is RIGHT; followed your directive and downloaded/burned the AVG Rescue disk as well as ISO burner (something came with the latter, a name which had 4 letters, the first beginning with a 'W' (?) Was this necessary to operate the program, or just another damned piggyback? Please investigate, unless there's some way for me to isolate it as part of a 'recent installations' list somewhere - some very strange behavior came after I ran the disk, including the fact that after almost 3 hours of scanning, though there were some items which it seemed to have identified (couldn't read the fule filepath given the format, which cut them off in the Command/DOS display) the ONLY threat left over was the V-Grabber MP3 conversion program your colleague recommended I install in lieu of the Sevas-s variation I originally had! One other thing: there were TWO entries for it when the actual scanning took place - maybe there was some sort of inadvertent duplication or ghosting effect of which I wouldn't be aware and you are (?)

Now, to the REALLY odd: attempted to exit all the way out to some sort of menu which would allow me to naturally access Windows but, appeared to BE none so I had to shut down cold. Upon accessing Firefox to check activity since going off the desktop, discovered to my amazement that the Yahoo! Tollbar settings which had been missing for 2 days had RETURNED - ????? Didn't dare to attempt any downloads from FF (to see if, however improbable, there was some sort of connection between the loss of it and my Yahoo! tookbar settings) lest I get hung up again but I was quite curious to see what SuperAntiSpyware might identify in terms of malware; remember, it had been extremely reliable in doing so before I first posted to Geeks-To-Go the 'Open With' problem and I just wanted to see if there was still anything it might find.....so I installed it but, upon trying to actually run a scan, the desktop started becoming unusable; almost no right-click Java function (NONE with SAS at all) and couldn't open Firefox again.....first restarted, then shut down entirely which finally freed up the desktop, could properly exit SAS and here I am (albeit replying on IE8.....) Do I next need to uninstall SAS for some reason unbeknownst to me, like it's conflicting with something else? Hasn't ever with Malwarebytes previously.....

To put it bluntly, feel as though I just emerged from the same rabbit hole I started from! What can be done next? And, I've accumulated a fair number of different programs since taking direction from you and CompCav, Ron - are there any I should/can delete, either now or once you've declared that everything which can be tried, has been? Also, please don't forget to remind me what needs to be done to hide the extension suffixes on all my files once we reach that point, and you'd said that something needed to be done witrh Java still - couldn't install for some reason (?) - thank you.....Jim

[ogam5]

.....'Odd' is RIGHT; followed your directive and downloaded/burned the AVG Rescue disk as well as ISO burner (something came with the latter, a name which had 4 letters, the first beginning with a 'W' (?) Was this necessary to operate the program, or just another damned piggyback? Please investigate, unless there's some way for me to isolate it as part of a 'recent installations' list somewhere - some very strange behavior came after I ran the disk, including the fact that after almost 3 hours of scanning, though there were some items which it seemed to have identified (couldn't read the fule filepath given the format, which cut them off in the Command/DOS display) the ONLY threat left over was the V-Grabber MP3 conversion program your colleague recommended I install in lieu of the Sevas-s variation I originally had! One other thing: there were TWO entries for it when the actual scanning took place - maybe there was some sort of inadvertent duplication or ghosting effect of which I wouldn't be aware and you are (?)

Now, to the REALLY odd: attempted to exit all the way out to some sort of menu which would allow me to naturally access Windows but, appeared to BE none so I had to shut down cold. Upon accessing Firefox to check activity since going off the desktop, discovered to my amazement that the Yahoo! Tollbar settings which had been missing for 2 days had RETURNED - ????? Didn't dare to attempt any downloads from FF (to see if, however improbable, there was some sort of connection between the loss of it and my Yahoo! tookbar settings) lest I get hung up again but I was quite curious to see what SuperAntiSpyware might identify in terms of malware; remember, it had been extremely reliable in doing so before I first posted to Geeks-To-Go the 'Open With' problem and I just wanted to see if there was still anything it might find.....so I installed it but, upon trying to actually run a scan, the desktop started becoming unusable; almost no right-click Java function (NONE with SAS at all) and couldn't open Firefox again.....first restarted, then shut down entirely which finally freed up the desktop, could properly exit SAS and here I am (albeit replying on IE8.....) Do I next need to uninstall SAS for some reason unbeknownst to me, like it's conflicting with something else? Hasn't ever with Malwarebytes previously.....

To put it bluntly, feel as though I just emerged from the same rabbit hole I started from! What can be done next? And, I've accumulated a fair number of different programs since taking direction from you and CompCav, Ron - are there any I should/can delete, either now or once you've declared that everything which can be tried, has been? Also, please don't forget to remind me what needs to be done to hide the extension suffixes on all my files once we reach that point, and you'd said that something needed to be done witrh Java still - couldn't install for some reason (?) - thank you.....Jim

[ogam5]

ADDENDUM: attempted once more to download/save/upload from Firefox; same result - as I've suggested previously, thought it might some sort of problems with settings reconfigured by something CompCav had me do, but the fact that my Control Panel window ALSO was hung up points to issues with RAM and/or something interfering with both actions. Lastly, not sure as to its relevance, but when I attempt to access/view photos in Yahoo! Sports as I do from time to time, they haven't loaded on the first or even second try twice now this weekend; get a message to that effect with a logo I've never seen before: a small 'i' against a powder-blue square - maybe you know what it is/signifies?

[RKinner]

I just downloaded both files. The isoburner also installs sptd which is a driver used by a lot of programs. Not one of my favorite drivers since it doesn't let my tools look at it and it's a pain to remove but nothing bad. I do think I will talk to admin and see if I can get him to change his write up to use my favorite "free iso burner" instead. http://www.freeisoburner.com/ It doesn't require sptd and doesn't need to be installed.

As for what you can remove to save space. I would start with the .iso file you just downloaded and any logs that you have already posted. Then uninstall the isoburner program. Also SAS, MalwareBytes, ZoneAlarm LTD Toolbar.

We really need a good anti-virus. Try to download the free avast again using IE. http://www.avast.com...ivirus-download
then click on Download under the free column. Tell the stupid popup No Thanks I want Free Protection then click on Download now.

Save the file then run it. If you get it to install, register when it asks you to then make sure it updates. Once it has updated:
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take 6 or more hours so it's a good scan to let run while you sleep.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
I think on XP systems the log file can be found in text form in C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\boot.txt
but if you pay attention when it first starts the scan it tells you where it will put the log.

Not sure about the logo you are seeing. Could be your video driver needs to be replaced as it sounds similar to intel's logo. What PC is this (Make, Model, Service tag if applicable) and is the the same video card it came with or an after market?

Ron

[ogam5]

It's a Dell Dimension 2100 (harddrive installed around 2009, if I'm not mistaken) - to be honest, don't think it's the video driver - but had considered the possibility as well; again, no such potentially related problems which are apparent to me previous to whatever's taken place between you, CompCav and myself.....


I'm going to summarize all the problems and see if you can discern any sort of pattern:

1. STILL cannot save/download/upload in Firefox - is it problem endemic to Version 13?

2. Video still not synching well on 13 - and now problem with photo (again,ONLY in 13 - does Firefox have drivers separate from IE?) though there ARE synching (and buffer?) issues with IE, albeit MUCH more minor in comparison

3. Selective Java mouse sensitivity on Desktop - specifically, SuperAntiSpyware which, AGAIN, consistently detected malware and far more than Avast! (which is of a GARGANTUAN size at present) ever did and that's why I'm extremely reluctant to install it

4. When SAS loads automatically as it has in every instance that I had to restart, is VERY slow to initialize and clearly disrupting my attempts to load either FF OR IE - something it never did before.....what could have made it now in conflict? Once I finally get Java sensitivity and can elect to Exit, Desktop DOES free up.....once more, NEVER was a previous problem


The question remains: WHAT was changed or modified in the past 3 days to create these conditions? I added SP3 at CompCav's behest, for one thing - and upgraded to Firefox 13 - to say nothing of the many scans/fixes done

[RKinner]

Uninstall SuperAntiSpyware
Uninstall Firefox completely. Delete the C:\Documents and Settings\User\Application Data\Mozilla\Firefox\ folder. Delete the C:\Programs Files\Mozilla\Firefox folder if it exists.
Install Avast. Run the boot-time scan.
Download a new copy of Firefox and install it.
Download the latest Java from Java.com - use IE if you have to. Close all browsers and install. If you have trouble with it then get the free Revo uninstaller http://www.revounins...e_download.html and use it to remove Java.

Download the latest Flash from Adobe.com - http://get.adobe.com.../otherversions/ You want the one for Windows, for Other Browsers. Close all browsers and install.

Then come back. Otherwise I'm going to lock this thread. I'm tired of you bad mouthing CompCav and not following instructions. It's not his fault your system is messed up. You had a bad infection. It damaged your system. If you don't have an anti-virus it's going to happen again and I'm not sure it is is completely gone. On my other forum we won't even help you at all if you don't have an anti-virus.

Ron

[ogam5]

Please DON'T take that tone with me, Ron - I only pointed out the obvious: that these particular problems weren't present when I first started working with him - yes, it's possible something was provoked by the actions taken; I GET that, but it's extremely frustrating when there seems to be a dismissal by you both of my circumstances in terms of very limited resources, digital and otherwise.....anyhow, I've already uninstalled and reinstalled Firefox once; presuming you want to try doing the Avast! antiviral scan without any potential interference from it.....as for Flash, I installed versions for both Firefox and IE - the distinction was clear to me based upon your making it earlier.....when I uninstall Firefox this time, am I to presume I'll lose Flash with it then (?) SuperAntiSpyware has now been uninstalled; am proceeding to do the same with Firefox.....will pick this up again in IE shortly.....

[ogam5]

.....I've been going through some terribly depressing times of late - trying to get this computer situation rectified was one way I hoped of blunting them.....just landed a 2-month assignment though, which should also help.....

[ogam5]

This is where things stand: uninstalled Firefox, installed - or at least downloaded - not sure - Avast! as instructed; tried to uninstall Malwarebytes but couldn't initialize for some reason - suspect the attempt may have been in conflict with whatever Avast! was doing but if I didn't wait until after Avast was installed, would've been left with no antiviral at all and there was no direction you gave in the most recent posting as to what order these actions were to be otherwise taken.....also didn't get any registration prompt before one to allow Windows Update to search for software came up - and I was just informed it cannot find any such software.....what should I do next? Jim

[ogam5]

.....something is really hanging up the Desktop like never before - copied & pasted the instructions related to ocnfiguring Avast! for the scan and saved in a Notepad file; will run scan as planned overnight and pass along the results before going to work tomorrow morning.....

[ogam5]

The results of the Avast! scan were revealing, to say the least - going to hold off on reinstalling Firefox until tonight, uninstalling Malwarebytes now that I have confirmation Avast! is fully activated, and as for Java, still have the setup icon on my Desktop but not sure that it was ever successfully installed - will look further into it tonight as well:


06/24/2012 23:39
Scan of all local drives

File C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat is infected by VBS:Agent-KQ [Trj], Moved to chest
File C:\hiberfil.sys is infected by Win32:Jifas-EH [Trj], Move to chest: Error 0xC000007F {An operation failed because the disk was full.}
File C:\Qoobox\Quarantine\C\Documents and Settings\User\Start Menu\Programs\System Tool\System Tool 2011.lnk.vir is infected by LNK:Lnkbaddst-S [Trj], Moved to chest
Number of searched folders: 11407
Number of tested files: 514610
Number of infected files: 3


Needless to say, I'm a bit concerned about the failure to move the hiberfil Trojan to the Chest. Any insight you might have as to whether there's an obvious cause-and-effect between these results and the problems I've been experiencing this past weekend (as well as the original 'Open With' issue in Safe Mode) would be appreciated - thanks!

[RKinner]

C:\hiberfil.sys is a file where XP stores its hibernation info. More or less a snapshop of the RAM.


Open the Windows Control Panel
Double-click Power Options
Click the Hibernate tab, de-select the 'Enable hibernate support' check box, and then click Apply.
Restart your computer and hiberfil.sys should be automatically deleted (this is not always the case - simply delete it if Windows didn't do it for you).

Then rerun the Avast scan to make sure it doesn't find anything.

Then you can turn on hibernation again if you use it but you might want to leave it off as it does cost a lot of space on the hard drive, go back to the Hibernate tab as described in the first three steps and check the box 'enable hibernation'.

It is important when you uninstall Firefox that you also delete the folders where it lives so that we have a completely fresh install.

Do not reinstall Java or Flash until after you have reinstalled Firefox.

I've found another helper who is willing to work with you so I'm going to leave you to him. His name is Dakeyras. Goodbye.

[Dakeyras]

Good day.

As my well respected colleague stated in his last post I will be assisting you from this point onwards...However please be aware you need to follow my instructions to the letter so to speak as otherwise you will be ultimately wasting both my time and yours.

So far you have received excellent support from both CompCav and RKinner, for your edification every single approved Anti-Malware helper on this forum has received extensive training before actually being allowed to provide one on one assistance for those who may request such.

Anyway the issues your machine may be experiencing are not due to anything the aforementioned have advised. In fact all is due to the fact your machine has been quite badly infected with malware and the consequence of such it can at times irreparably damage a machines Operating System as a whole beyond anything that could be done in a online environment such as here in Geeks to Go...Mainly because we never actually have physical access to any one machine.

Next:

Once you have completed all of RKinner's prior advice, carry out the below for me please and we will go from there.

Security Application Check:

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

• Double-click SecurityCheck.exe then follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt
• Please post the contents of that document in your next reply.

Re-scan with OTL:

Delete your current version of OTL and any logs pertaining to it still present and then empty the Recycle Bin.

Now download a new/updated version of OTL and save it to your Desktop.

Alternate downloads are here and here.

• Double-click on OTL.exe to start OTL.
• Under Output, ensure that Standard Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered?
• SecurityCheck Log.
• Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

[ogam5]

Hi, Dakeyras - appreciate your taking over and, to the best of my ability I will follow your instructions; did so with both CompCav and Ron but there were some instances where theirs weren't completely clear - no fault of theirs necessarily but as I wasn't familiar enough with the operation in question, needed clarification.....

Did deactivate the hiberfil feature as instructed by Ron but won't be able to do an Avast scan (presuming he wanted it to be another boot scan?) until just before going to bed - do you still want me to run SecurityCheck and do another OTL scan with Extras as instructed anyhow, or wait until after? Won't be able to run them until tomorrow night otherwise.....Jim

[ogam5]

Hi, Dakeyras - re-ran Avast! in Boot mode and came up clean:

06/26/2012 00:15
Scan of all local drives

Number of searched folders: 11419
Number of tested files: 517041
Number of infected files: 0


Results of SecurityCheck scan to follow in next Reply.....