hjt log

[jholland1964]

What do you mean "turn off" (Digidesign, Bittorent and WindowsDefender)?

Stop them from starting automatically when the computer is booted. "Someplace" in each program is a place to set options, one of those options is to start up when the computer starts up. I have already once given you the instructions on how to TURN OFF Windows Defender, but here they are again;

Open Windows Defender, Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
Now you obviously did not do this because it is still showing in your log as running with this entry;
C:\Program Files\Windows Defender\MSASCui.exe and it shows in the start up files here;
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

The windows defender could interfere with the fixes we are trying to make. You can turn it back on when the fixes are complete. The other programs are not required for the smooth running of the computer and can be run manually.

No, I Did not run the HJT scan before or after you ran Trojan Hunter.

Honestly have no clue what you mean by the above statement.
What you should do is run the Trojan scan BEFORE you run HJT.

HJT should be the very LAST thing that you do.

I am sorry but this all is somewhat frustrating. If you are asked to do various steps then you must do them all, NOTHING else, and do them in the order requested.
I really get the feeling here that you are not following instructions or doing them haphazardly. They must be followed precisely.

In my post #31 I specifically asked you to do the following;

Now when you ran this latest HJT scan you had entirely TOO many processes running in the background, many I had not seen before in your other logs;
Limewire for instance. Turn this off and don't run it whle running HJT or cleaning the computer. Which also could be where some of your problems have arisen from...P2P sharing can bring in a lot of nasty items.
Firefox. This is your browser of course but the first rule when running HJT is close all browsers.
RealOnePlayer Updater...totally unnecessary and can be run manually.
Alcohol Soft
uTorrent
Digidesign
Windows Messenger
MAFWTaskbarApplication
Gear CD Burning Software

Turn off all of the above when you run your next HJT scan.

However, the only programs not running with the latest HJT scan were Limewire and Firefox. The rest I requested that you turn off were still running.
You did not do the steps in the order given OR in the way they were given;

Now Reboot to SAFE MODE.
First run your Norton program, full system scan. Have it FIX whatever is found.
Next run the Trojan Hunter program. Have it fix whatever is found.
Next run the AVG program. Have it fix whatever is found.

Reboot the computer to NORMAL MODE. Make ABSOLUTELY CERTAIN that all of the noted programs above are TURNED OFF and run a new HJT scan. Save the log and post it here along with the latest AVG log.

The only two logs I requested were the AVG and the HJT.
Now I would like you to try it again. But I want to add one step which you must do FIRST before you do any of the others.
Go to Start, Control Panel, Administrative Tools, Services.
One that opens I want you to scroll down, and they are in alphabetical order, to this one inetsrv.
If it is there I want you to DOUBLE CLICK it to open a box describing the entry. In that box there called Start Up Type. I want you to DISABLE that service.
Next, in that same box there are four buttons and I want you to click the Stop Button. This service should stop.
Now I want you to update the AVG program and update your Norton program.
Now I want you to reboot to SAFE MODE.
First run your Norton Program, fix everything found.
Next run the Trojan Hunter. Fix everything found. Save the log.
Next run the AVG. Fix everything found.Save the log.
Reboot the computer to Normal Mode.
Run a new HJT scan and save the log.
Post back here with all three logs, starting with the Trojan Hunter log.
Next post the AVG log.
Next post the HJT log.

[jholland1964]

philentropy, have no idea where you are since you have not returned since your last post.
Have consulted with others here and PP has suggested the following fixes, and I concur with his recommendations. PLEASE PRINT these out so that you can follow them to the letter;

Download smitRem.exe ©noahdfear, and save the file to your desktop.
Double-click on the smitRem.exe file to extract it to it's own folder on the desktop.
Place a shortcut to Panda ActiveScan on your desktop (in Internet Explorer, right click on Panda ActiveScan link select "Copy Shortcut" then right click on your desktop and select "Paste Shortcut" or in FireFox right-click the link and select "Save Link As" and save it to your desktop).

Download roguescanfix.exe, and save it to your desktop.
Double click roguescanfix.exe to install it. We will use this tool later.

Next, boot into Safe Mode.

Open the smitRem folder on your desktop
Double-click on the RunThis.bat file
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Next, open the roguescanfix folder, and double-click run.bat.
Your desktop and icons will disappear and then reappear again, this is normal.
Wait till te message "Completed script execution" appear, then click OK.
Click "Exit" to close BFU.
Click "OK" to start the SpywareQuake/Spyfalcon uninstaller, after that click "uninstall".

Next, Run AVG/Ewido:

• Click on Complete System Scan and the scan will begin.
• While the scan is in progress you will be prompted to clean files, click OK
• When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop.

Close ewido anti-malware.
Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut.

• Once you are on the Panda site click the Scan your PC button.
• A new window will open...click the Check Now button.
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When the download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

1. Please download Brute Force Uninstaller to your destop

• Right click the BFU folder on your desktop, and choose Extract All
• Click "Next"
• In the box to choose where to extract the files to,
• Click "Browse"
• Click on the + sign next to "My Computer"
• Click on "Local Disk "C" or whatever your primary drive is
• Click "Make New Folder"
• Type in BFU
• Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

2. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

3. Open My Computer and navigate to the c:\BFU folder.

• Start the Brute Force Uninstaller by doubleclicking BFU.exe

Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)Wait for the complete script execution box to pop up and press OK.Press exit to terminate the BFU program. If you have any questions about the use of BFU, please read BFU Instructions

Now once you have completed all the steps above by running all the programs noted I want you to download and run one more program;

WPFind
Download WinPFind.zip and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder. Inside c:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Save these results as a text file and post back here with this log and the others as requested above.
Judy

[philentropy]

I could not get rid of Gear executable file. I tried to delete it manually and by using Killbox.

Digidesign makes a computer sequencer that I use to record music. I have sought tech support to figure out if I can stop running Digidesign an its soundcard: MAFWTaskbarApplication when booting.

I was not able to fix Gear CD Burning Software with HJT, by manually deleting, or by using Killbox.

All of the other programs listed in post #31 will not run during future HJT scans.