Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: rlakritz on April 14, 2011, 05:54:33 AM

Title: Can't "Fix"
Post by: rlakritz on April 14, 2011, 05:54:33 AM
I just installed Avast Internet Security because I was getting a notification that there had been repeated malware attempts on my computer.  I have a warning that my system is not fully protected and the Firewall is off.  The "fix" button does nothing, and when I try to manually turn on the firewall I get a message that the firewall is unavailable.  Now what?
Title: Re: Can't "Fix"
Post by: ANHTHU5991 on April 14, 2011, 05:57:20 AM
do you install avast along with another antivirus?
Title: Re: Can't "Fix"
Post by: rlakritz on April 14, 2011, 06:58:25 AM
No, Avast is my only anti-virus software.
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 14, 2011, 07:53:09 AM
Any other AV software installed? Which?
What Windows version?
Previous AV software before Avast?
Title: Re: Can't "Fix"
Post by: rlakritz on April 14, 2011, 08:58:19 AM
I was using the free Avast software and just upgraded.  This problem developed after the upgrade.  I don't have any other antivirus software installed.  I am using Windows Vista on my laptop and Windows XP on my desktop and have the same problem on both (the upgrade included installation on 3 computers). I have Windows firewall activated on both computers.  Could that be the problem?
Title: Re: Can't "Fix"
Post by: rlakritz on April 14, 2011, 09:00:31 AM
I never had any other antivirus software installed on my laptop but did use Norton's on my desktop at one time.
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 14, 2011, 09:13:45 AM
So you upgraded.

I'ld recommend a clean install of new pre-relase version 6.0.1044.
You can click on the "AIS" in my signature, download the installer and run it. No need to uninstall current version.

No, the Windows FW is no problem with Avast AIS. Leave that activated.

If that does not cure the problem, we'll take a little deeper look.
Title: Re: Can't "Fix"
Post by: rlakritz on April 14, 2011, 01:53:49 PM
Thanks!  This worked perfectly on my laptop but I am having more difficulties on my desktop.  I keep getting "Best Malware Protection" popup windows, telling me that my computer is infected and that I should buy their product (which I have not done).  How do I get rid of that so I can proceed to upgrade Avast on my desktop?
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 14, 2011, 01:56:15 PM
That PC is infected for sure.

Download MBAM (free version) from my signature.
Install it.
Start it.
Update it via it's GUI.
Run a quick scan.
Have it delete all it finds.
Post the log here.

Thx.
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 14, 2011, 02:24:10 PM
Away from keyboard for 40 minutes now.  ;D
Title: Re: Can't "Fix"
Post by: rlakritz on April 14, 2011, 09:07:14 PM
Unfortunately, I can't get on the Internet from that computer.  I use Firefox and don't have any other Internet program installed. Everytime I try to get on I get a message, something to th4e effect that the proxy server won't connect. 
The good news is that I'm not getting the Best Malware Protection pop-ups anymore, but last time I shut it down I had messages that cmd.exe and ping.exe couldn't start, and I couldn't get rid of the messages in order to properly shut down the computer.  Eventually I had to force the computer to shut down. Can you think of some way around this before I take it in to my computer guy? 
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 14, 2011, 09:16:58 PM

This is a heavy infection it seems, so I recommend our Malware expert as I am not such a wizard. He will guide you through the most complicated stuff, if needed.

His nick is "essexboy", I will inform him. Be aware that he is not 24/7 available, so it may take a little while. He is on local british time, so keep on looking in here frequently.

He'll help you get rid of it.

Be patient please.

Greetz
Zyndstoff
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 14, 2011, 09:22:41 PM
Can you boot the PC in Safe Mode?
Hit F8 repeatedly during boot up until menu screen appears and select "Safe Mode with networking".

Try the MBAM download and procedure from there, if possible. Just a try.
Title: Re: Can't "Fix"
Post by: essexboy on April 14, 2011, 09:24:14 PM
Hi could you transfer the following two programmes to the infected system using a USB drive if Zyndstoff's suggestion does not pan out

Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) to your desktop
 

Please post the contents of the RKreport.txt in your next Reply.


Download OTS (http://oldtimer.geekstogo.com/OTS.exe) to your Desktop and double-click on it to run it
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 14, 2011, 09:27:26 PM
You're damn quick today! :)

Was my proposal using safe mode okay? I need to learn...
Title: Re: Can't "Fix"
Post by: essexboy on April 14, 2011, 09:30:29 PM
Thats a for sure - if safe mode with networking works we will be able to do a faster fix.  MBAM will not get the proxy changes or the malware folder - but it should get the running processes ;D
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 14, 2011, 09:31:43 PM
I'll watch this closely, so I will not always need to call you this soon.  ;D
Title: Re: Can't "Fix"
Post by: rlakritz on April 14, 2011, 09:35:52 PM
Thanks guys.  I'm actually in the Middle East so British time is only 2 hours behind.  I'm too tired now to concentrate on essexboy's suggestions, but I will give it a try first thing in the morning and let you know how it works out.  Thanks again for all your help.  I really appreciate it!
Title: Re: Can't "Fix"
Post by: essexboy on April 14, 2011, 09:51:13 PM
For sure I will not be online until about 1900 gmt
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 15, 2011, 08:22:18 AM
Can you think of some way around this before I take it in to my computer guy? 

BTW: don't take it to a "computer guy" if by any means this is dealer you are talking about. He is most probably not a malware expert, he won't invest any time (and that is surely needed), he'll tell you it can't be fixed and he is going to sell you some unneeded hardware like new HDD and tells you to reinstall Windows...  ;D

essexboy will get this straight with your co-operation.
Title: Re: Can't "Fix"
Post by: rlakritz on April 15, 2011, 01:23:24 PM
I was able to run MBAM on my desktop and here's the log.  I'll have to post it in a few sections since it's entirety exceeds the 10000 limit.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6367

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

15/04/2011 14:03:31
mbam-log-2011-04-15 (14-03-31).txt

Scan type: Quick scan
Objects scanned: 164601
Time elapsed: 2 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 760
Registry Values Infected: 32
Registry Data Items Infected: 7
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe (Security.Hijack) -> Quarantined and deleted successfully.
Title: Re: Can't "Fix"
Post by: rlakritz on April 15, 2011, 01:25:46 PM
On second thought, there were 806 infected items (I think) and the log was 53 pages long in Word.  If you really want to see it all I will post it, but otherwise I'm not sure it's worth the time and effort.
Thanks!
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 15, 2011, 02:03:01 PM
Wooo Hoooo !

What a list.  8)

I see you had MBAM delete everything. Okay. Save the log to disk in case essex wants it to take a look.

Did you run MBAM in Safe Mode or in Normal Mode?
If you can run it in Normal Mode, please run it again - and again post the log, please. Should be somewhat shorter now.
Title: Re: Can't "Fix"
Post by: rlakritz on April 15, 2011, 05:38:08 PM
I restarted the computer normally and ran the program again.  It didn't find anything.  Here's the log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6367

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15/04/2011 18:12:50
mbam-log-2011-04-15 (18-12-50).txt

Scan type: Quick scan
Objects scanned: 167075
Time elapsed: 5 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

However, I still can't run Firefox.  I keep getting that same pesky message.
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 15, 2011, 05:39:57 PM
Well, the log is one point for us.  ;D

What is the message?

About the proxy?

Check FF settings, make sure they look like the screenshot.

However, even if we manage to get you online again: still follow essexboy's instructions and come back here! I'm no expert on malware, and it is vital to close this thread with essexboy!
(Many users just vanish too early and we'll see them back here in a week or two and start all over...)
Title: Re: Can't "Fix"
Post by: essexboy on April 15, 2011, 08:31:29 PM
Doing well  ;D  The IFEO's were a major part of the problem with programmes not running properly

I should imagine there are still some miscreant folders hiding in the user folders
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 15, 2011, 09:04:35 PM
Doing well  ;D 

 :) Thanx...
Title: Re: Can't "Fix"
Post by: rlakritz on April 15, 2011, 09:16:49 PM
YEAH!!! That did it. We can now get on the Internet using Firefox!  As you suggested, I'll run the other 2 programs essexboy suggested.  Thanks again!
Title: Re: Can't "Fix"
Post by: essexboy on April 15, 2011, 09:18:08 PM
Team effort Boyo  ;D
Title: Re: Can't "Fix"
Post by: rlakritz on April 15, 2011, 09:22:53 PM
OK, essexboy, here is the log from Roguekiller:
RogueKiller V4.3.8 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Judith&Yuda [Admin rights]
Mode: Scan -- Date : 04/15/2011 22:21:09

Bad processes: 0

Registry Entries: 3
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:25384) -> FOUND
[HJPOL] HKCU\[...]\Explorer : DisallowRun (1) -> FOUND

HOSTS File:
127.0.0.1       localhost
Title: Re: Can't "Fix"
Post by: essexboy on April 15, 2011, 09:27:29 PM
OK you still have a bad proxy in IE - I will remove that using OTS 
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 15, 2011, 09:31:00 PM
Team effort Boyo  ;D

Looks like we made one man happy.
I am very strongly tempted to change my nick to "Flash Gordon (Saviour of the Universe)"...  ;D
Title: Re: Can't "Fix"
Post by: essexboy on April 15, 2011, 09:36:35 PM
Quote
I am very strongly tempted to change my nick to "Flash Gordon (Saviour of the Universe)"...
Noooo I have enough problems keeping track of you now   ;D
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 15, 2011, 09:40:51 PM
Well, Judith and Yuda,
once we're through with this, I strongly recommend that you setup a second restricted user account for everyday work & fun.
Also pay a little more attention to where you surf and what you click on.
Don't follow any links that were sent to you by email by clicking on them, even if you know the person the mail is coming from. Be careful when you are sent any attachements via email (especially .pdf and of course .exe and .com and .bat), if you are not 100% sure about the origin of the attachement.

Keep Avast up to date at all times.

 ;)
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 15, 2011, 09:41:40 PM
Quote
I am very strongly tempted to change my nick to "Flash Gordon (Saviour of the Universe)"...
Noooo I have enough problems keeping track of you now   ;D

...there is this "aka"-thing in the nick.  ;D You should be able to handle it.
Title: Re: Can't "Fix"
Post by: rlakritz on April 15, 2011, 09:48:27 PM
The OTS log is too long to post - over 9000 words.  Is there another way I could send it to you?
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 15, 2011, 09:51:53 PM
Even better: attach as .txt file.
Click on "additional options" in the post editing screen to upload.
Title: Re: Can't "Fix"
Post by: essexboy on April 15, 2011, 09:58:16 PM
Yep attach it is much easier (for me )  ;D
Title: Re: Can't "Fix"
Post by: rlakritz on April 15, 2011, 10:10:12 PM
This is Susan.  Someone who once worked on our computer set up the Judith & Yuda user names...
Steven, please be more specific about setting up a second, restricted user account.  How do I do this?  Should we ever access the Judith & Yuda account?  When?  Should we delete it?
Also, why are .pdf files so dangerous?
Title: Re: Can't "Fix"
Post by: essexboy on April 15, 2011, 10:15:05 PM
Hi Susan - if you do not use those accounts then they can just be deleted

We will discuss limited user accounts once we are sure you are clean  ;D

Could you attach the OTS log please - do you know how to do that ?
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 15, 2011, 10:15:21 PM
This is Susan.  Someone who once worked on our computer set up the Judith & Yuda user names...
Steven, please be more specific about setting up a second, restricted user account.  How do I do this?  Should we ever access the Judith & Yuda account?  When?  Should we delete it?
Also, why are .pdf files so dangerous?

Hi Susan,

leave all accounts as they are for the moment, please.

we'll talk that later on, okay?
Let's first get the baby clean, then do the other stuff.
Essexboy is still waiting for the log.  8)
Title: Re: Can't "Fix"
Post by: rlakritz on April 15, 2011, 10:17:04 PM
I thought had already posted the OTS log.  Here it is again.
Title: Re: Can't "Fix"
Post by: essexboy on April 15, 2011, 10:26:01 PM
Your host file was also hijacked - so lets remove these few bits and see what problems remain.  This fix may take a bit longer than normal as your temporary folders are a bit full.  When OTS runs you will lose your desktop and taskbar as it will kill all processes this is normal  ;D

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->
YN -> HKEY_CURRENT_USER\: "ProxyEnable" -> 1
YN -> HKEY_CURRENT_USER\: "ProxyServer" -> http=127.0.0.1:25384
< HOSTS File > ([2011/04/14 14:41:49 | 000,002,130 | RHS- | M] - 247 lines) -> C:\WINDOWS\system32\drivers\etc\hosts
YN -> Reset Hosts ->
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "AdobeUpdater" -> ["C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Documents and Settings\All Users\Application Data\80888d\BM808_2112.exe" -> [C:\Documents and Settings\All Users\Application Data\80888d\BM808_2112.exe:*:Enabled:Best Malware Protection]
[Files/Folders - Created Within 30 Days]
NY ->  BMHQP -> C:\Documents and Settings\All Users\Application Data\BMHQP
NY ->  80888d -> C:\Documents and Settings\All Users\Application Data\80888d
[Files/Folders - Modified Within 30 Days]
NY ->  PC Health Advisor Defrag.job -> C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[File - Lop Check]
NY ->  80888d -> C:\Documents and Settings\All Users\Application Data\80888d
NY ->  BMHQP -> C:\Documents and Settings\All Users\Application Data\BMHQP
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
 

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.  Post that information back here

I will review the information when it comes back in.
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 15, 2011, 10:29:30 PM
Okay, whilst essex is checking the log...:

A restricted account means that you do not have the same rights in performing operations on the PC. Malware attackers normally, most of the time,will have the same rights as the account that is used when the malware reaches the PC. So, when you catch a malware and are logged on to Windows with Administrator rights, the malware can do just about anything. Because it gets the same rights.

As example, restricted users are not allowed to install software. Consequently the malware possibly attacking can't neither - at least in most of the cases.

So you should have one account with administrative rights (just like the Judith & Yuda account) to install software.

And you should have a second one, a restricted one, to surf the web, use MS office, listen to music etc. You can work just normally, save documents etc...


PDF files are dangerous because the program used to read and handle them (Adobe Reader) is a rather poor program securitywise (or was a poor program, it is getting much better now). So malicious code can be placed easily in the pdfs and when you open them, the Reader will perform bad things, if he has the rights to - a good reason to be on a restricted account.  ;D
Title: Re: Can't "Fix"
Post by: rlakritz on April 15, 2011, 10:44:49 PM
I ran the fix on OTS and the got a message to restart the computer.  It's taking a really long time to shut down and may be stuck.  Now what?
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 15, 2011, 10:48:38 PM
wait for essex, please...
Title: Re: Can't "Fix"
Post by: essexboy on April 15, 2011, 10:54:27 PM
As I said there was a lot of temporary files - OTS is cleaning them whilst rebooting so give it a few minutes more
Title: Re: Can't "Fix"
Post by: YoKenny on April 15, 2011, 10:58:31 PM
As I said there was a lot of temporary files - OTS is cleaning them whilst rebooting so give it a few minutes more
As they say Patience is a virtue
Title: Re: Can't "Fix"
Post by: rlakritz on April 15, 2011, 10:59:38 PM
Before I read your message I pushed the reset button to restart the computer.  It had already been over 15 minutes and I thought the computer was stuck, for sure. Do you think everything was done that needed to be done?  
When the computer rebooted there was the fix log:
All Processes Killed
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.
Unable to update HOSTS file!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AdobeUpdater deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Application Data\80888d\BM808_2112.exe deleted successfully.
[Files/Folders - Created Within 30 Days]
C:\Documents and Settings\All Users\Application Data\BMHQP folder moved successfully.
C:\Documents and Settings\All Users\Application Data\80888d\Quarantine Items folder moved successfully.
C:\Documents and Settings\All Users\Application Data\80888d\BMPSys folder moved successfully.
C:\Documents and Settings\All Users\Application Data\80888d\BackUp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\80888d folder moved successfully.
[Files/Folders - Modified Within 30 Days]
C:\WINDOWS\tasks\PC Health Advisor Defrag.job moved successfully.
[File - Lop Check]
File C:\Documents and Settings\All Users\Application Data\80888d not found!
File C:\Documents and Settings\All Users\Application Data\BMHQP not found!
[Empty Temp Folders]
 
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes
 
User: Judith&Yuda
->Temp folder emptied: 97177092 bytes
->Temporary Internet Files folder emptied: 77921318 bytes
->Java cache emptied: 85739360 bytes
->FireFox cache emptied: 83652910 bytes
->Flash cache emptied: 11390 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 65938 bytes
 
User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 196790702 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4353712 bytes
%systemroot%\System32 .tmp files removed: 3417617 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1287482 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 104087230 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 253339 bytes
 
Total Files Cleaned = 625.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Judith&Yuda
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: LogMeInRemoteUser
 
User: NetworkService
 
Total Flash Files Cleaned = 0.00 mb
 
Restore point Set: OTS Restore Point (0)
< End of fix log >
OTS by OldTimer - Version 3.1.42.0 fix logfile created on 04152011_232943

Files\Folders moved on Reboot...
C:\Documents and Settings\Judith&Yuda\Local Settings\Temp\IadHide4.dll moved successfully.
File\Folder C:\Documents and Settings\Judith&Yuda\Local Settings\Temporary Internet Files\Content.Word\~WRS{51CEEE76-0562-43B7-9048-F1BB89DFC64D}.tmp not found!
C:\Documents and Settings\Judith&Yuda\Local Settings\Temporary Internet Files\Content.Word\~WRS{7A49F504-A7D2-465C-9280-C2F158D5B3F1}.tmp moved successfully.
C:\Documents and Settings\Judith&Yuda\Local Settings\Temporary Internet Files\Content.Word\~WRS{92D6BEDC-ADDB-476B-8B95-19DA56FC1D38}.tmp moved successfully.
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 15, 2011, 11:07:10 PM
Before I read your message I pushed the reset button to restart the computer.  

 ;D tz tz tz ... more patience.

essexboy can't be everywhere in the wink of an eye.
Title: Re: Can't "Fix"
Post by: essexboy on April 15, 2011, 11:07:21 PM
Quote
Total Files Cleaned = 625.00 mb
This was why it took a while  ;D

It appeared to be unable to reset your Host file

Download the HostsXpert 3.7 - Hosts File Manager (http://www.funkytoad.com/download/HostsXpert.zip).

Could you now check for redirects in IE and Firefox please and let me know the result



Title: Re: Can't "Fix"
Post by: rlakritz on April 15, 2011, 11:26:06 PM
When I try to run the program, it shuts down when I click on the Restore Microsoft's Host file.  I got the following error message:  Cannot create file c:\Windows\system32\DRIVERS\ETC\hosts
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 15, 2011, 11:30:09 PM

  • Click "Make Hosts Writable?"   in the upper right corner (If available).

Did you do that?
Title: Re: Can't "Fix"
Post by: rlakritz on April 15, 2011, 11:32:54 PM
I clicked on it before I clicked on the Restore Microsoft Hosts file but there was no way to tell if it "took".  It was highlighted in red before I clicked it and it was still that way. It was on the left side, however.
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 15, 2011, 11:38:05 PM
This is how it should be.
Click on the upper left button until it looks like this.
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 15, 2011, 11:43:10 PM
When you start HostsXpert you should see on the right side something like this (maybe not the same content, but at least something).
Title: Re: Can't "Fix"
Post by: rlakritz on April 15, 2011, 11:46:14 PM
I don't seem to be able to get the yellow background.  It's there when I click on it but as soon as I move the cursor, it reverts back.
Title: Re: Can't "Fix"
Post by: YoKenny on April 15, 2011, 11:50:46 PM
Please go to PROFILE then Modify Profile then Forum Profile Information then select your country in Please select your country: then update your Signature: with information like my signature as this helps the helpers offer pertinent advice.

How do I reset the hosts file back to the default?
http://support.microsoft.com/kb/972034
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 15, 2011, 11:53:54 PM
Please go to PROFILE then Modify Profile then Forum Profile Information then select your country in Please select your country: then update your Signature: with information like my signature as this helps the helpers offer pertinent advice.

How do I reset the hosts file back to the default?
http://support.microsoft.com/kb/972034

That's no help right now, and the MS will not work either here.
Title: Re: Can't "Fix"
Post by: rlakritz on April 15, 2011, 11:54:16 PM
Here's the problem.  When I open HostsXpert I get the following warning: Your HOSTS file is marked as a "system file" and can NOT be manipulated. Press OK to remove the system file attributes, CANCEL to Quit.  ***HostsXpert will NOT reset these attributes***
I pressed OK and then got the following warning:  Your HOSTS file is marked as a "Hidden file" and can NOT be manipulated. etc.  I pressed OK and that's when the "Make Hosts Writable turns red and I can't change it.
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 15, 2011, 11:55:58 PM
Susan,

are you logged in on the Judith&Yuda account?
Title: Re: Can't "Fix"
Post by: rlakritz on April 15, 2011, 11:56:58 PM
Yes
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 16, 2011, 12:03:33 AM
Okay, you need to set the windows explorer to view system and hidden files first.

In explorer, go to menu "Extras" and select "Options" (don't know the exact english name, maybe folder options...).

Select the middle tab in the window that pops up (should be named view).

Make sure to take away the x in the box "Hide system files" (or something like that - again, no exact worging...)
Make sure to select "Show all files" under "Hidden files and folders"

Close the window with okay.

Then navigate to "C:\Windows\system32\drivers\etc\"

right click on file "hosts" and unselect "hidden".

Then try hostsXpert again.
Title: Re: Can't "Fix"
Post by: rlakritz on April 16, 2011, 12:19:09 AM
I did the first thing in Windows Explorer.  I next went to the hosts file, right clicked on it, but the hidden file was not selected.  I tried to run HostsXpert but got the same 2 warnings.
It is now after 1am and I have to get up early tomorrow.  I'll have to continue this tomorrow.  Thanks for the help!
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 16, 2011, 12:20:25 AM
I did the first thing in Windows Explorer.  I next went to the hosts file, right clicked on it, but the hidden file was not selected.  I tried to run HostsXpert but got the same 2 warnings.
It is now after 1am and I have to get up early tomorrow.  I'll have to continue this tomorrow.  Thanks for the help!

Okay, we'll go for it tomorrow.
essexboy will be online sometime tomorrow.

Good night!
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 16, 2011, 12:54:49 AM
Create the folder "C:\Unlock"
Download and save the attached unlock.txt file there.
Rename the downloaded file to "Unlock.bat"

Go to Start -> Run

Copy or type this into the commandline:

C:\Unlock\Unlock.bat

Press Enter or click OK.

A black window should appear for a very short time (very, very, very short).

Run hostXpert again.

Did ist work?

Come back here anyway and check for further instructions from essexboy, even if it worked!
See you tomorrow.
 ::)
Title: Re: Can't "Fix"
Post by: rlakritz on April 16, 2011, 07:11:29 AM
Good morning guys.
I created the folder, downloaded and renamed the file.  When I copied it into the run the commandline, 2 thngs happened: 1. it couldn't find the file C:\unlock\unlock.bat, 2. it would only recognize c:\unlock\unlock.bat.txt which didn't work (no black screen).  I tried to get rid of the .txt but didn't succeed (read "don't know how").
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 16, 2011, 08:33:01 AM
Good Morning, Susan.  :D
You are doing great! Don't worry, we'll get this done. 8)

Go to Start -> Run
 
Copy or type (watch the spaces!) this into the commandline:

REN C:\Unlock\Unlock.bat.txt C:\Unlock\Unlock.bat

hit Enter or click OK.

Go to Start -> Run

Copy or type this into the commandline:

C:\Unlock\Unlock.bat

Press Enter or click OK.

A black window should appear for a very short time (very, very, very short).

Run hostXpert again.

Come back here anyway and check for further instructions from essexboy, even if it worked!
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 16, 2011, 09:54:43 AM
Susan,

I won't be around too often until monday, and I don't know if essexboy will.

So keep cool and keep looking this thread up every once in a while. If the trick in the post above helped to have hostsXpert run and fix your hosts file, then we are pretty far alright.  8)

Anyway, in the meantime you can download the Avast AIS 6.0.1044 by clicking on the bold, blue "AIS" in my signature and run it. It's the newest pre-release version and very stable. (In your first post you wrote that you installed the Internet Security version, so I presume you have a licence for it - you have to pay for AIS)


Just in case you had installed the 30-day-trial version of AIS and have no licence, then download the "Free" from my sig, uninstall the current Avast version on your PC, reboot and install the downloaded "Free".


I'll be checking in here every now and then, as time permits, so keep me updated.  ::)

Have a wonderful weekend
Zyndstoff
Title: Re: Can't "Fix"
Post by: rlakritz on April 16, 2011, 12:04:37 PM
Thanks Steven.  I tried to copy the command but got a message that the Windows couldn't find REN.  Oh well.  Have a great weekend!  Susan
Title: Re: Can't "Fix"
Post by: essexboy on April 16, 2011, 05:24:58 PM
Hi Susan - this is a shorter version  - we will just reset the attributes first

Quote
@Echo off
attrib -s -r -h "C:\WINDOWS\system32\drivers\etc\Hosts"
exit

Next you will need to create the batch fix to do that copy and paste ALL of the above in the quote box to a notepad file. 
Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.bat

This will create a batch file which is a small blue box with a yellow cog in it
Then run fix.bat by double clicking you may see a black box appear and then disappear

Then retry Hostexpert
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 16, 2011, 06:02:01 PM
Hi essexboy,

do you think the attrib command will work? If her Windows doesn't find the ren-command, it won't find the attrib either, I'm afraid.

What is the standard path for the DOS-commands in XP? Looks like the enviroment-variables have been deleted?
Title: Re: Can't "Fix"
Post by: essexboy on April 16, 2011, 06:14:05 PM
If the change of attributes fails - I will delete it using a kernel mode tool and then create another one

I will also get OTS to check the variables and reset if necessary  ;D
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 16, 2011, 06:25:39 PM
Okay.

Did you look at the bat-file I sent her as unlock.txt?
Is it okay?

If so, she can still run it if she knew the path for the ren-command. Wasn't it something like C:\Windows\Command\ ... I can't remember, I'm growing old... *sigh*
Title: Re: Can't "Fix"
Post by: essexboy on April 16, 2011, 06:29:51 PM
From a batch file there is no need to state the location of the command file

As to why the ren command failed you will need to run that from the command prompt as opposed to the run command
Title: Re: Can't "Fix"
Post by: rlakritz on April 16, 2011, 06:37:22 PM
This is really dumb but I clicked on AIS to download it and can't remember where to find the download in order to install it on XP.  Help!
Title: Re: Can't "Fix"
Post by: essexboy on April 16, 2011, 06:38:37 PM
What browser did you use ? If IE it should be in your downloads folder
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 16, 2011, 07:33:18 PM
Forget about the download for now and work that hosts-file thing first.  ;D

We'll find the downloaded on your drive later, no problem.
Title: Re: Can't "Fix"
Post by: rlakritz on April 16, 2011, 09:10:37 PM
I used Firefox.  The AIS hasn't been upgraded on my desktop yet since I was having Internet connection issues when this all started.
Title: Re: Can't "Fix"
Post by: essexboy on April 16, 2011, 09:13:20 PM
If you have a copy on your desktop - install that and it will update on completion
Any joy with the batch file ?
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 18, 2011, 03:19:23 PM
Looks like Susan is no longer interested in saving her PC.
Sad, we came so close...  ::)
Title: Re: Can't "Fix"
Post by: rlakritz on April 18, 2011, 04:19:35 PM
What!!! I'm still here!  I wrote to say that I did everything you said but when I ran HostsXpert again I got the same 2 messages re Windows and a hidden file.
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 18, 2011, 06:45:21 PM
Hi Susan!  ;D

Ooops... you wrote that?
I can't find it here. Okay, we'll continue.

Did you do all the things essexboy told you?
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 18, 2011, 07:07:17 PM
Okay, Susan, now here is my proposal:

I can offer you a remote maintenance session, which means that I will be able to work your PC from my Keyboard and Monitor just like I was sitting at your PC.

If you want me to do so, you should download: TeamViewerQuickSupport (http://www.teamviewer.com/en/download/tv6.aspx)
We need to make a time appointment if you want me to do so.

I'll give you further instructions depending on your decision.
Title: Re: Can't "Fix"
Post by: essexboy on April 18, 2011, 08:27:21 PM
Cool  ;D  If all else fails I have the Avenger in reserve  8)
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 18, 2011, 08:32:24 PM
Cool  ;D  If all else fails I have the Avenger in reserve  8)

I'll try to fix the hosts-thing.
If I get stuck, I'll call for your help again, essexboy.
 ;D  8)

Anyway, I think there's still some more to do? Or are we through if the hosts file is fixed?
Title: Re: Can't "Fix"
Post by: essexboy on April 18, 2011, 08:33:36 PM
The host file was the main cause of the problems - a quick MBAM run at the end should sort it
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 18, 2011, 08:38:16 PM
The host file was the main cause of the problems - a quick MBAM run at the end should sort it

Okey Dokey - you're the boss.
I'll do my very best.  ::)
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 19, 2011, 08:07:12 AM
Susan, good morning.  8)

Please try this MS-tool to fix the Hosts-file: TOOL (http://support.microsoft.com/kb/972034/en-us)

Download the file to disk and then run it (even though I'm afraid we will get the same errors as before, but let's try anyway).

If that does not work, please consider my offer for a remote maintenance session.

 ::)

P.S.: I have sent you a PM (personal message), you can read it by clicking on "MY MESSAGES" in the upper right of this forum site.
Title: Re: Can't "Fix"
Post by: rlakritz on April 19, 2011, 10:26:21 AM
This is the last thing I tried:

Hi Susan - this is a shorter version  - we will just reset the attributes first

Quote
@Echo off
attrib -s -r -h "C:\WINDOWS\system32\drivers\etc\Hosts"
exit

Next you will need to create the batch fix to do that copy and paste ALL of the above in the quote box to a notepad file. 
Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.bat

This will create a batch file which is a small blue box with a yellow cog in it
Then run fix.bat by double clicking you may see a black box appear and then disappear

Then retry Hostexpert

I was pretty much off line yesterday but can work on this again today.  I like the idea of the remote session so I'll work on setting that up from my end. I'll also try the MS-tool and let you know what happens.
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 19, 2011, 11:25:53 AM
Great.

Work through the stuff in the posts first, maybe we don't need remote maintenance.  8)

But if we do: I will be at my PC readyly available tonight at 21:00 local time (German Daylight saving time) which should be is 19:00 GMT/UTC.
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 19, 2011, 03:01:36 PM
Okay, Susan,

I will drop in here at about 19:00 UTC/GMT. Please leave me a post here if you wish me to remote access your PC then.

CU
Zyndstoff
Title: Re: Can't "Fix"
Post by: rlakritz on April 19, 2011, 04:02:57 PM
I ran the Tools program and then ran HostsXpert.  I clicked on the Make files writeable? and something about the Host files, which I was able to do, but nothing seemed to happen.
I'll check in at 1900 GMT to discuss this further.
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 19, 2011, 07:56:22 PM
Hey Susan, might be good news...

This could mean that the MS fixit-tool did restore the original hosts file successfully.

When you then start hostsXpert and direct him to restore the file, you will see no change because the fixit-tool had already done that. And if you change something from blue to blue you see no difference. (Same goes for red / red or green / green...  ;D ...just kidding)

So basically this could be a good sign...  ;D

Hang in there, you're doing great.

I'll be here at 19 UTC.
Title: Re: Can't "Fix"
Post by: essexboy on April 19, 2011, 08:46:11 PM
I like MS Fixit tools - never saw this one before ... In my toolbox it goes  ;D
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 19, 2011, 09:00:45 PM
I like MS Fixit tools - never saw this one before ... In my toolbox it goes  ;D

Do you agree to my conclusion, essexboy?  ::) (fishing for compliments...)


19:05 UTC / GMT... waiting for Susan.  8)
Title: Re: Can't "Fix"
Post by: essexboy on April 19, 2011, 09:14:46 PM
Probably as MS Fixits work really well - I found their windows update fix magic - especially as it save me writing a mega batch file  ;D

Susan was here a bit earlier
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 19, 2011, 09:15:51 PM
But no posts from her?

Desperately searching Susan.  ;D
Title: Re: Can't "Fix"
Post by: essexboy on April 19, 2011, 09:17:38 PM
Ouch that is soooo bad  ;D
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 19, 2011, 09:18:18 PM
Never saw it, it just came to mind.  ::)
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 19, 2011, 10:06:23 PM
Stopping Team Viewer now, going to meet my bed...  8)

CU (maybe)
Title: Re: Can't "Fix"
Post by: essexboy on April 19, 2011, 10:07:52 PM
For sure - will see how she got on if I am still here
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 19, 2011, 10:13:31 PM
Thx.

Submit my compliments.
Title: Re: Can't "Fix"
Post by: rlakritz on April 19, 2011, 10:21:26 PM
Sorry I'm so late logging on.  I had to run out to help my daughter with something.  Is there something you'd like to try tonight?
Title: Re: Can't "Fix"
Post by: essexboy on April 19, 2011, 10:28:22 PM
Could you run a quick OTS to see if the hosts file has reverted to normal

Title: Re: Can't "Fix"
Post by: rlakritz on April 19, 2011, 10:29:10 PM
OK.  How will I know?
Title: Re: Can't "Fix"
Post by: essexboy on April 19, 2011, 10:30:33 PM
I will be able to tell from the OTS log  ;D

Also are you having any problems now ?
Title: Re: Can't "Fix"
Post by: rlakritz on April 19, 2011, 10:34:25 PM
No special problems, but apparently even after I was able to log on to the Interenet there were problems and I didn't know it.  Should I run OTS with the same settings you requested before?
Title: Re: Can't "Fix"
Post by: essexboy on April 19, 2011, 10:38:03 PM
Aye it will not take any longer
Title: Re: Can't "Fix"
Post by: rlakritz on April 19, 2011, 10:42:11 PM
The log is attached.
Title: Re: Can't "Fix"
Post by: rlakritz on April 19, 2011, 10:43:47 PM
Actually, I have noticed a problem with Outlook 2007.  I've started getting a notice that there is a problem with the Avast plugin and asking if I want to disable/delete it.
Title: Re: Can't "Fix"
Post by: essexboy on April 19, 2011, 10:48:28 PM
Your Host file is now good  ;D

Could you try a repair to the e-mail element of Avast - do you know how to do that ?
Title: Re: Can't "Fix"
Post by: rlakritz on April 19, 2011, 10:49:07 PM
Nope
Title: Re: Can't "Fix"
Post by: rlakritz on April 19, 2011, 10:50:04 PM
Your Host file is now good  ;D

Could you try a repair to the e-mail element of Avast - do you know how to do that ?

Wow.  Didn't even see what you wrote about the host file.  Yeah!!! ;D
Title: Re: Can't "Fix"
Post by: essexboy on April 19, 2011, 10:53:08 PM
Go to Control Panel > Add/Remove programmes
Select Avast
On the left will be the option to repair try that first
If that fails then use the change option to first remove the mail shield
Reboot and then add the mail shield  
Title: Re: Can't "Fix"
Post by: rlakritz on April 19, 2011, 10:57:26 PM
Did the repair and restarted Outlook with no problem.  ;)

I'm wondering, since I had the malware problem on my laptop, too, if I should run some diagnostics there to see if there are issues I'm not aware of.  What do you think?  Are you up for it???
Title: Re: Can't "Fix"
Post by: essexboy on April 19, 2011, 11:14:25 PM
Anything for a laugh  .......  So lets start first we will give it a bit of TLC, and then see if the speed and responsiveness are to you satisfaction 

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]
[Unregister Dlls]
[Files/Folders - Created Within 30 Days]
NY ->  Unlock -> C:\Unlock
NY ->  HostsXpert -> C:\HostsXpert
NY ->  RK_Quarantine -> C:\Documents and Settings\Judith&Yuda\Desktop\RK_Quarantine
[Files/Folders - Modified Within 30 Days]
NY ->  RogueKiller.exe -> C:\Documents and Settings\Judith&Yuda\Desktop\RogueKiller.exe
NY ->  hosts.old -> C:\WINDOWS\System32\drivers\etc\hosts.old
[Empty Temp Folders]
[EmptyFlash]
[ClearAllRestorePoints]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.  Post that information back here

THEN

Download and run Puran Disc Defragmenter (http://www.puransoftware.com/Puran-Defrag-Download.html)
The first run will probably take about 30 minutes - subsequent runs will be faster

ONCE COMPLETE

Run the programmes you use most to check that they work properly and no untoward problems surface.  Confirm that the internet speed and page loading is OK 
Title: Re: Can't "Fix"
Post by: rlakritz on April 19, 2011, 11:23:06 PM
I am in the middle of running the OTS fix.  I started getting pop-up windows telling me that it can't find a specific folder and asking if I want to create it.  What should I do?
Title: Re: Can't "Fix"
Post by: essexboy on April 19, 2011, 11:33:01 PM
Answer no
Title: Re: Can't "Fix"
Post by: rlakritz on April 19, 2011, 11:45:03 PM
Ran the OTS fix but didn't get a log at the end, only a request to reboot to finish removing files.  Should I reboot? ???
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 20, 2011, 08:10:20 AM
Your Host file is now good  ;D

Could you try a repair to the e-mail element of Avast - do you know how to do that ?

Wow.  Didn't even see what you wrote about the host file.  Yeah!!! ;D

 ;D It was my tool! I did it!  8) ;D ;D

Nice to see it's working it's way out.
Title: Re: Can't "Fix"
Post by: rlakritz on April 20, 2011, 08:12:55 AM
Thanks so much!!!
Did you see my post about the OTS fix?  I'm not sure whether or not to restart the computer and I never saw a log to send to essexboy...
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 20, 2011, 08:17:49 AM
We are still talking about the same Computer, right? Not the second one you mentioned?

If so: yes, restart. The log will appear only after OTS finishes the job after reboot.

BTW: good morning, Susan.  ;D
Title: Re: Can't "Fix"
Post by: rlakritz on April 20, 2011, 08:21:48 AM
Good morning to you, too!

I'm talking about the second computer, the laptop.  Should I reboot to get the log?
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 20, 2011, 08:27:11 AM
Ooohhh... so you were working the second stuff essexboy advised on the laptop?
Title: Re: Can't "Fix"
Post by: rlakritz on April 20, 2011, 08:28:18 AM
I started to.  I did the OTS fix he suggested and wasn't sure how to continue since I didn't see a log.
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 20, 2011, 08:32:19 AM
This is not good, Susan.
The fix was meant for the first Computer I believe, the one we've been working on all the time.

So using the script on another machine might have caused some trouble.

The laptop: is there also an "Judith and Yuda" account on it?
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 20, 2011, 08:38:38 AM
Okay, I took a quick look on the script... shouldn't be much harm done to the laptop.
We will deal with the laptop later, but you can restart it anyway.

Back to the Desktop PC. Perform these steps from essexboy's post on the Desktop PC (the one we've been working on all the time):


Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]
[Unregister Dlls]
[Files/Folders - Created Within 30 Days]
NY ->  Unlock -> C:\Unlock
NY ->  HostsXpert -> C:\HostsXpert
NY ->  RK_Quarantine -> C:\Documents and Settings\Judith&Yuda\Desktop\RK_Quarantine
[Files/Folders - Modified Within 30 Days]
NY ->  RogueKiller.exe -> C:\Documents and Settings\Judith&Yuda\Desktop\RogueKiller.exe
NY ->  hosts.old -> C:\WINDOWS\System32\drivers\etc\hosts.old
[Empty Temp Folders]
[EmptyFlash]
[ClearAllRestorePoints]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.  Post that information back here

THEN

Download and run Puran Disc Defragmenter (http://www.puransoftware.com/Puran-Defrag-Download.html)
The first run will probably take about 30 minutes - subsequent runs will be faster

ONCE COMPLETE

Run the programmes you use most to check that they work properly and no untoward problems surface.  Confirm that the internet speed and page loading is OK  
Title: Re: Can't "Fix"
Post by: rlakritz on April 20, 2011, 08:48:42 AM
I believe we have moved on to the laptop.
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 20, 2011, 08:51:34 AM
No, you didn't. Look at the script... it refers to "Judith and Yuda" account which is not present on the laptop, right?

Besides that evidence: essexboy could not have given you a script for the laptop without having seen an initial log from it to analyze.  ;D

So please perform that mentioned two posts above on the DESKTOP.


P.S.: ...you're still doing great! I like that you're hanging in.  :-*
Title: Re: Can't "Fix"
Post by: rlakritz on April 20, 2011, 10:26:17 AM
I ran the fix on the desktop and when prompted, did a reboot.  It's been over an hour and it is still in the process of shutting down.  Last time you told me to be patient, but.....?
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 20, 2011, 10:28:35 AM
Yeah... seems to take too long a time...

Don't press reset: turn PC off by pressing the power-button continously and then restart.
Title: Re: Can't "Fix"
Post by: rlakritz on April 20, 2011, 11:56:15 AM
Too late.  My husband pressed the reset button.  The computer came up OK (as far as I can tell) and I've attached the OTS log.
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 20, 2011, 12:01:38 PM
Too late.  My husband pressed the reset button.  The computer came up OK (as far as I can tell) and I've attached the OTS log.

Too long a leash for your husband then...  ;D

Log looks great.
Update Avast if needed via GUI. (On maintenance-tab, press update prog + virus db)
then continue with the advices from essexboy: Download and run Puran Disc Defragmenter.

After that, do some testing of your programs.

Concerning laptop: we'll continue on that after this part here is finished, okay?

GREAT WORK, SUSAN!
Title: Re: Can't "Fix"
Post by: rlakritz on April 20, 2011, 12:43:16 PM
I went back to the Avast program pages but couldn't figure out how to update Avast.  In fact, I don't think I ever upgraded to the Internet Security version.  Should I go ahead and do that first? I'll have to find the email with the link and code...
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 20, 2011, 12:46:19 PM
No no no... don't upgrade - just update.

Anyway, there is a problem with the servers at the moment, so no hurry.

On Avast GUI, there is a Tab (left) "Maintenace" there you can update the virus definitions and the program. But wait for half an hour, they are having server down anyway.

No upgrade to any paid version needed!
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 20, 2011, 01:20:53 PM
Okay, servers are back on air.

What is the version of Avast running on your PC?
6.0.1091?

You can find in Avast GUI, Maintenance.
Title: Re: Can't "Fix"
Post by: jamiebosco on April 20, 2011, 01:48:31 PM
Hi Guys,After reading this thread I felt I had to register an account here just to say what a great job Zyndstoff and essexboy did,I hope if I ever have a malware problem that there's someone like you guys around to help me out.It's nice to know there are still people out there willing to give their time so generously to help complete strangers.

Thanks
Jamie
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 20, 2011, 01:49:55 PM
Thanks for your kind words - help is given willingly to people who need it and appreciate it. And Susan is one of those.  8)

Thanks again.
Title: Re: Can't "Fix"
Post by: rlakritz on April 20, 2011, 06:36:40 PM
YES, I APPRECIATE ALL YOUR HELP!!!

The desktop computer is still running the free version of Avast.  That's why I asked about upgrading to Internet Security (which I paid for). 

As far as the maintenance tab, could you provide the link to the page you are referring to?
Title: Re: Can't "Fix"
Post by: essexboy on April 20, 2011, 07:02:27 PM
No need to download the full version go to the maintenance tab and press insert licence file
Add the Avastlic file
Once done this will update to IAS

Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 20, 2011, 08:46:18 PM
YES, I APPRECIATE ALL YOUR HELP!!!

The desktop computer is still running the free version of Avast.  That's why I asked about upgrading to Internet Security (which I paid for).  

As far as the maintenance tab, could you provide the link to the page you are referring to?

Oh - you have already a paid licence? Well, then of course go ahead and upgrade.

Sorry, I got that wrong - thought you wanted to upgrade because you were thinking it would increase any virus capabilities.


Here is where you update the program and the virus definitions manually, if need be:
Title: Re: Can't "Fix"
Post by: rlakritz on April 20, 2011, 10:13:11 PM
I am about 35% finished defragging the C drive on my desktop (I'm writing this on my laptop). I also have a D drive to defrag. Regarding the Internet speed, how do I check that and know what it should be?  When I downloaded the defrag program it started out at about 10kb/sec and then went up to about 15kb/sec towards the end.  Seems slow, no?
Title: Re: Can't "Fix"
Post by: essexboy on April 20, 2011, 10:16:06 PM
The D drive can be defragmented from within windows, without interrupting any work on the main drive  ;D

We could do a quick speed check later - what does your ISP state that you may get as a download speed ?
Title: Re: Can't "Fix"
Post by: rlakritz on April 20, 2011, 10:21:57 PM
I just looked it up.  We're supposed to get 5Mb/500Kb.
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 20, 2011, 10:23:31 PM
Just a quick "Hi Susan" from me...  ;D

I'm off to sleep now - and a little reading. I'll check in here tomorrow morning again and see if I can be of further assistance.

Good night - and keep your husbands quick fingers away from the reset-button! Shorten the leash.

 8)
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 20, 2011, 10:24:53 PM
Speed test: try this: TEST (http://speedtest.net/)  ;)
Title: Re: Can't "Fix"
Post by: rlakritz on April 20, 2011, 10:30:49 PM
And here are the results of the speed test:
Ping 44ms
Download Speed: 5.21 mbps
Upload Speed: 0.17 mbps
Title: Re: Can't "Fix"
Post by: YoKenny on April 20, 2011, 10:35:27 PM
Please Go to PROFILE then Modify Profile then Forum Profile Information then select your country in Please select your country: then update your Signature: with information like my signature as this helps the helpers offer pertinent advice.
Title: Re: Can't "Fix"
Post by: essexboy on April 20, 2011, 10:41:29 PM
Looks spot on to I - this was mine and my ISP states up to 20Mb   

(http://www.speedtest.net/result/1261503568.png)
Title: Re: Can't "Fix"
Post by: rlakritz on April 20, 2011, 10:46:41 PM
Does this mean that the desktop is all better???   :P
Title: Re: Can't "Fix"
Post by: essexboy on April 20, 2011, 10:53:30 PM
As far as I can see yes - are you noticing anything untoward ?
Title: Re: Can't "Fix"
Post by: YoKenny on April 20, 2011, 10:54:51 PM
You only provided your country information.  ???

(http://www.speedtest.net/result/1261521041.png) (http://www.speedtest.net)
Title: Re: Can't "Fix"
Post by: rlakritz on April 20, 2011, 10:57:01 PM
Yokenny, I have a desktop and a laptap - 2 different OSs, etc. What would you want me to post?
Title: Re: Can't "Fix"
Post by: rlakritz on April 20, 2011, 10:58:36 PM
Essexboy, could we run some diagnostics on the laptop, which initially also had a malware problem?
Title: Re: Can't "Fix"
Post by: rlakritz on April 20, 2011, 10:59:37 PM
Steven, didn't mean to ignore you.  Thanks for your help.  Have a good night.
Title: Re: Can't "Fix"
Post by: essexboy on April 20, 2011, 11:07:52 PM
What were the symptoms on the laptop ?

Run a standard OTS scan initially please

Download OTS (http://oldtimer.geekstogo.com/OTS.exe) to your Desktop and double-click on it to run it
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Title: Re: Can't "Fix"
Post by: rlakritz on April 20, 2011, 11:11:24 PM
I just installed Avast Internet Security because I was getting a notification that there had been repeated malware attempts on my computer.  I have a warning that my system is not fully protected and the Firewall is off.  The "fix" button does nothing, and when I try to manually turn on the firewall I get a message that the firewall is unavailable.  Now what?

This was my initial issue on my laptop.  We took care of it but I'm wondering if there might be some underlying problem that I'm not aware of.  I'll go ahead and run OTS and see what it turns up.
Title: Re: Can't "Fix"
Post by: YoKenny on April 20, 2011, 11:12:12 PM
Yokenny, I have a desktop and a laptap - 2 different OSs, etc. What would you want me to post?
I have 2 desktops and it is easy to post the specifications of each.

You are in good hands with essexboy  8)
Title: Re: Can't "Fix"
Post by: essexboy on April 20, 2011, 11:13:12 PM
Don't tell YoKenny Susan but I don't have my specs up either  ;D
Title: Re: Can't "Fix"
Post by: YoKenny on April 20, 2011, 11:17:39 PM
Don't tell YoKenny Susan but I don't have my specs up either  ;D
Yea but I know you use Windows 7 64bit.  ;)

We still do not know Susan's system specifications.
Title: Re: Can't "Fix"
Post by: rlakritz on April 21, 2011, 12:10:52 AM
I ran OTS and thought I saved the log but it seems to have "disappeared".  It's late, so I'll run it again in the morning and post the results.  Have a good night everyone.
Title: Re: Can't "Fix"
Post by: rlakritz on April 21, 2011, 06:04:33 AM
Good morning everyone.  Attached is the OTS log for my laptop.
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 21, 2011, 07:21:39 AM
Good morning everyone.  Attached is the OTS log for my laptop.

Good Morning, Susan.

 ;D

I will take a look at the log, but essexboy is the real specialist on this.
Looks like we did a good job on your Desktop.  8) That's great.
Title: Re: Can't "Fix"
Post by: rlakritz on April 21, 2011, 07:45:02 AM
Hi Steven,
Yes things are looking good.  Thanks for your help!!!  :D
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 21, 2011, 07:46:13 AM
So, as one thing I see is a modified hosts file as well - which does not come to me as a complete surprise.  8)

On the laptop use this MS-tool to fix the Hosts-file: TOOL (http://support.microsoft.com/kb/972034/en-us)

Download the file to disk and then run it.

Then please start hostsXpert and copy the text on the right side of the window and post it here, pls. There is a "copy to clipboard" command in hostsXpert somewhere, maybe in the "tools" or "editing" sections.
In case you need to download hostsXpert, here is the link: hostsXpert (http://www.funkytoad.com/download/HostsXpert.zip)

Thx
Title: Re: Can't "Fix"
Post by: rlakritz on April 21, 2011, 08:05:04 AM
Steven, I ran the Tools fix and downloaded HostsXpert.  When I opened the program I got this message:  "Hosts file does not exist. Press OK to create Hosts file. Cancel to Quit." What to do?
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 21, 2011, 08:07:40 AM
Create it, then copy and post.  8)
Title: Re: Can't "Fix"
Post by: rlakritz on April 21, 2011, 08:16:04 AM
# Copyright © 1993-1999 Microsoft Corp.

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.

# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.

# For example:

# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 21, 2011, 08:24:56 AM
Wonderful.  ;D

This one is sorted out.

Since essexboy will be online in the evening only you will have to wait for a detailed analysis of your log, but I think it is looking quite okay so far.

I would suggest in the meantime:


I'm away for a meeting now, but I'll look at the MBAM log in an hour or so.  8)
Title: Re: Can't "Fix"
Post by: rlakritz on April 21, 2011, 09:07:02 AM
See attached log.
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 21, 2011, 09:29:43 AM
That is clean so far, very good.

This entry

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken
in the log refers to a PUM = potentially unwanted modification. This may have been done deliberately by the user or by some software and need not be bad.
This particular entry hides the search in the Windows start-menu.
You can delete it with MBAM if you wish or you can leave it this way, it is a harmless entry.  ;)
If you haven't missed that start-menu entry until now - just leave it.



For further advice please wait for essexboy to look at your OTS-log.

Cheers
Zyndstoff
Title: Re: Can't "Fix"
Post by: rlakritz on April 21, 2011, 09:30:59 AM
Will do. Thanks.  We'll see what essexboy has to say later on.
Title: Re: Can't "Fix"
Post by: essexboy on April 21, 2011, 07:04:34 PM
Here I be  ;D you also have a proxy setting and best malware hiding on your laptop - wave bye bye to them

There are also a few temporary files to go so it may take a little longerr than normal to complete the fix

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->
YN -> HKEY_CURRENT_USER\: "ProxyEnable" -> 1
YN -> HKEY_CURRENT_USER\: "ProxyServer" -> http=127.0.0.1:25384
< HOSTS File > ([2011/04/14 14:41:49 | 000,002,130 | RHS- | M] - 247 lines) -> C:\WINDOWS\system32\drivers\etc\hosts
YN -> Reset Hosts ->
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Documents and Settings\All Users\Application Data\80888d\BM808_2112.exe" -> [C:\Documents and Settings\All Users\Application Data\80888d\BM808_2112.exe:*:Enabled:Best Malware Protection]
[Files/Folders - Created Within 30 Days]
NY ->  BMHQP -> C:\Documents and Settings\All Users\Application Data\BMHQP
NY ->  80888d -> C:\Documents and Settings\All Users\Application Data\80888d
[File - Lop Check]
NY ->  80888d -> C:\Documents and Settings\All Users\Application Data\80888d
NY ->  BMHQP -> C:\Documents and Settings\All Users\Application Data\BMHQP
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
 

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.  Post that information back here

I will review the information when it comes back in.
Title: Re: Can't "Fix"
Post by: rlakritz on April 21, 2011, 08:34:50 PM
Hi there, essexboy. I'm in the middle of running the OTS fix and keep getting a notice that a certain file has been deleted or moved and asking if I want to create it.  I said yes to a couple but now see that there are about 150 more.  What should I do? Thanks.
Title: Re: Can't "Fix"
Post by: essexboy on April 21, 2011, 08:42:03 PM
What is the name of the files ? A few examples will do
Title: Re: Can't "Fix"
Post by: rlakritz on April 21, 2011, 08:44:48 PM
I can only see one at a time as they pop up. The next one up is 00EE9D56d01
Title: Re: Can't "Fix"
Post by: essexboy on April 21, 2011, 08:50:24 PM
What is instigating the notice that the file is being moved ?   Is this while it is trying to remove the best malware folder BMHQP
Title: Re: Can't "Fix"
Post by: rlakritz on April 21, 2011, 08:59:06 PM
I don't know what stage of the fix we're at.  The Paste Fix Here window now has 3 things listed:
[Empty Temp Folder]
[EmptyFlash]
[createRestorePoint]

The pop-up window says:

Copy Folder
The C:\Users\Susan\AppData\Local\Mozilla\Firefox\Profiles\chb...\00EE9D56d01 folder does not exist. The file may have been moved or deleted. Do you want to create it?
Title: Re: Can't "Fix"
Post by: essexboy on April 21, 2011, 10:06:28 PM
Ah OK answer no to them all - as the main parts have run - it is just clearing the temps from the list it had in memory
Title: Re: Can't "Fix"
Post by: rlakritz on April 21, 2011, 10:41:09 PM
I finished running the fix, saying no to all the it wanted to create.  I let the computer restart, but when it came up there was no log.  I ran the program again.  Same result.  No log.
I'm going to sign off for the night but would love to hear your next suggestion.   :D
Title: Re: Can't "Fix"
Post by: essexboy on April 21, 2011, 10:42:02 PM
The next suggestion is a question ... What problems are you experiencing on the laptop now  ;D
Title: Re: Can't "Fix"
Post by: rlakritz on April 22, 2011, 07:45:37 AM
I'm not experiencing anything unusual, but just like the desktop, I thought there might be something lurking.
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 22, 2011, 08:20:46 AM
Good Morning, Susan,

and:

HAPPY EASTER HOLIDAYS!

I'm off until tuesday, but as far as I saw in this thread it looks like you are done with the laptop also.
But essexboy will finish this.

Was my pleasure giving you the little help I could provide,
cheers
 :D

Zyndstoff (btw: Thomas is the real name  ;D )
Title: Re: Can't "Fix"
Post by: rlakritz on April 22, 2011, 08:45:26 AM
Thanks for everything Thomas.  Enjoy your long weekend! :D
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 22, 2011, 08:52:03 AM
Thank you!

I did send you a Personal Message in this forum, did you read it?
It contains my private e-mail address.
Just in case.  ;)

Title: Re: Can't "Fix"
Post by: essexboy on April 22, 2011, 03:32:46 PM
OK lets clean both systems - you may need to modify them slightly to reflect each

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

 Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]
[Empty Temp Folders]
[EmptyFlash]
[ClearAllRestorePoints]
 

Run OTS once more and hit the cleanup button.  It will remove all the programmes we have used plus itself. 

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

(http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif)   Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
SPRING CLEAN
 
Download and run Puran Disc Defragmenter (http://www.puransoftware.com/Puran-Defrag-Download.html)
For the first run I would recommend a boot defrag and disk check

(http://i1224.photobucket.com/albums/ee362/Essexboy3/Bootdefrag.jpg)


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
 
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Malwarebytes (http://www.malwarebytes.org/mbam-download.php).  Update and run weekly to keep your system clean

Download and install FileHippo update checker (http://www.filehippo.com/updatechecker/) and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ? (http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/)
Keep safe  :wave:
Title: Re: Can't "Fix"
Post by: rlakritz on April 22, 2011, 09:29:15 PM
I ran the OTS twice.  The second time I clicked cleanup and bunch of stuff appeared in the Paste Fix Here window.  Then I was told to restart the computer to finish deleting files, which I did.

I next checked the hidden files.  The correct box was already checked.

I now want to upgrade Java.  I followed the link but am confused as to which version to choose:  Java, JavaFx, Netbeans or JavaEE.  I figured Java was the correct choice but I was asked to agree to a license agreement different than what you wrote.  This one says:  "You must accept the Java SE 6 JDK License Agreement to download this software."  Is this what I want?  I'll wait to hear from you before proceeding.
Title: Re: Can't "Fix"
Post by: essexboy on April 22, 2011, 09:33:35 PM
You want JRE - accept the licensing agreement and then select Windows x86 Offline jre-6u25-windows-i586.exe

Just noticed it is now updated to version 25
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 22, 2011, 09:41:42 PM
I like this site better for Java: http://java.com/en/ (http://java.com/en/)

If you click on "Do I have Java" it will check your version and tell you either: you're okay or offer the correct download.  ;)
Title: Re: Can't "Fix"
Post by: essexboy on April 22, 2011, 09:45:46 PM
Hmm never tried that - nice find  ;D
Title: Re: Can't "Fix"
Post by: Zyndstoff (aka Steven Gail) on April 22, 2011, 09:52:00 PM
I knew you'ld like it, essex. I posted it just for you.  ;D
Title: Re: Can't "Fix"
Post by: Mr. Pace on April 27, 2012, 12:38:54 AM
Essexboy,

I have the same problem,  a warning that my system is not fully protected and the Firewall is off.  The "fix" button does nothing, and when I try to manually turn on the firewall I get a message that the firewall is unavailable.  Now what?

I guess I should tell you that,  I just removed Vista from my laptop and installed XP, if that plays a part.

I'm kind of a novice at this so any help, greatly appreciated,  please provide it in small steps.

Thanks,

Title: Re: Can't "Fix"
Post by: AntiVirusASeT on April 27, 2012, 06:42:57 AM
try a repair using avast standard uninstaller via control panel -> add/remove programs