TechSpot

8 step completed-computer still will not stanby-by or hibernate

By lauyr1
Jan 7, 2010
  1. All seems to be okay initially with the exception that my computer will not go into standby mode or hibernate..is there something I am missing??? Like a driver that may have been harmed, etc... Please help
     

    Attached Files:

  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    A lot of nasty stuff... Were you running without virus or malware protection for a while? Where to start...

    Please download ComboFix Here
    With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
    Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.

    Important! Save the renamed download to your desktop.
    Double click on Combo-Fix.exe to run and follow the prompts.
    (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
    Wait for the scan to be completed.
    If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

    Notes:
    1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Plese then run the Eset online scan,
    Attach both the Combofix reply and the Eset log in new reply
     
  3. lauyr1

    lauyr1 TS Rookie Topic Starter

    Ran Combo-Fix

    Thanks so much for the reply. I wasn't without protection. My Micro-Trend Pencillin security suite was getting ready to expire. I replaced it with AVG. I used AVG(free version) because out IT dept. where I work said it was great software. I also have the option of using Sophos. I just couldnt get a real opinio either way which was best. My problems all started after about a week of switching to AVG which was around the end of December. The virus seems to have appeared Jan. 4Is it possible for a virus to disable/block my ant-virus????

    I ran combo-fix-I hope I was successful in disbaling AVG. Wasn't sure how to completely disable it. After combo-fix last restart where log was created, AVG is still saying there were two threats found in C:\System Volume Information.....There are several viruses in the AVG vault. Should I "empty" the vault? I have never been hit with a virus like this. Again, thanks so much for all of your help--
     

    Attached Files:

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Tmagic, I know you're trying to learn about cleaning. But the first thing you need to do is search! I don't see 'a lot of nasties' on this system. And yes, Combofix will need to be run for the 020 AppInit

    But here's what I see:

    1. Guide member in installing the Recovery Console.

    2. Opening logs gives indication of type of malware. Instruct member to "Please change all of your passwords. you have had spooyware that steals passwords. Be sure to monitor and online financial transactions."

    3.
    This refers to the restore points. Malware can get into the restore points which is why we have you drop the old restore points.AFTER This malware is not in the system and cannot reinfect you unless you do a System Restore to that point.

    4. Suggest get control of the Tracking Cookie. Do this on ALL accounts:
    Reset Cookies

    For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    5. Regarding the 'no file' entries: checking the CLSID shows:

    • [*]R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll Legitimte
      [*]R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)>> Default Microsoft Internet Explorer Search Hook, normally not displayed in Hijackthis since it's whitelisted. Legitimate
      [*]R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)>> &Yahoo! Companion, Yahoo! Toolbar- Legitimate


      [*]O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll>> Cloaked malware Run Combofix

    Dealio toolbar, bundled with numerous third party applications>> optional- information and uninstall here: http://www.dealio.com/help/uninstall-dealio-toolbar.html#Q3
    [​IMG]
    The member may not have see this pre-checked on a download. But it is an Optional Removal. Advise and give information.
    • R3 - URLSearchHook: (no name) - *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)>> Vendio "Search Settings" foistware, bundled with its Dealio toolbar, which is in turn bundled with numerous third party applications X> Remove.See section regarding Delio Toolbar
    • ]R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
    • O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
    • O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll

    Here is the problem: See IT Resource Center HERE for fix.
    Advise Disable:
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE[/b]

    This is a one time post.
     
  5. lauyr1

    lauyr1 TS Rookie Topic Starter

    So far, so good

    Thanks so much to you both-after combo-fix, I saw the AVG warning once about the System Volume Information. After that, I haven't seen any more threats/warnings. Everything seems to be working great (hopefully, I havent spoken too soon). My computer is much faster.

    Do you guys recommend use CCleaner maybe once a week to clean things up? Just want to make sure I am doing everything I can to be properly protected. I am not sure about how to install recovery console. I have the original disks if that is where I begin. Thanks again,
     
  6. captaincranky

    captaincranky TechSpot Addict Posts: 11,673   +1,873

    Hey, I use it every time I close the browser. (There's no telling where that thing's been)!

    Some members (myself included), have found "Advanced System Care" helpful also; http://www.techspot.com/downloads/3160-advanced-windowscare-systemcare-free.html

    As with everything else I say, I always suggest waiting for a second opinion.
     
  7. kritius

    kritius TS Guru Posts: 2,084

    I wouldn't trust anything by IOBit, if they're willing to steal definitions from Malwarebytes what else would they do.

    I also wouldn't use CCleaner, don't trust the Registry part of it. Use ATF cleaner or TFC instead.
     
  8. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    I'm using free Comodo Internet Security and I did purchase Advanced SystemCare Pro, and CCleaner is still used on occasion. Vista is long gone, and Windows 7 Pro, 64-bit is getting along just fine with these programs

    It is all a matter of informed likes and dislikes. My definition of "nasty stuff" for Bobbye:
    Dealio Toolbar
    Yahoo Toolbar
    AVG Toolbar
    That HP port resolver
    That HP status server
    These are nasty, and nastier over time
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I've never used CCleaner. I use the Housekeeping utility in The Ultimate Troubleshooter, then use Eraser to overwrite it all.

    Tmagic, calling something 'nasty' because you don't like it isn't appropriate. And now you're griping about the AVG Toolbar! Seems to me there are a lot of posts with you saying AVG is the best AV program out! Of those you listed, the known entries to be removed are the two HP ones. The others- including the Delio Toolbar are optional. While we may suggest an entry be removed because of....state reasons...an optional removal is NOT a nasty."

    Another reason why your don't belong in this forum telling member what to remove!
     
  10. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Nasty is a generic term at best. It may include spyware, virus and other malware. I don't like to see computers where the browsers show 4 or 5 toolbars at once. You can hardly see the webpage displayed. You recommend something and its okay, I recommend the same thing and its not okay...

    We will always agree to disagree

    "Another reason why your don't belong in this forum telling member what to remove!"

    That's your opinion... Keep these opinions to yourself!
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    My apology lauyrl. You thread seems to have been hijacked! I had hoped to assist so that you got correct information.

    Before I have you uninstall Combofix, you might want to use it to help you install the Recovery Console. Here are the directions: Since you already have Combofix on the system, let it do the work for you: Delete the report you have on the desktop:

    Install Recovery Console- Combofix:
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
    • Double click on the setup file on the desktop to run
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
      (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.

    I'd like to check and make sure there's noting else. Combofix removed most of the Delio entries. Make sure these are gone:

    Please reopen HijackThis to 'do system scan only'. Check the following if present:

    R3 - URLSearchHook: (no name) - *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
    R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
    O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
    O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE


    Close all Windows except HijackThis and click on "Fix Checked."

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    Click on Start> Settings> Control Panel> Add/Remove {Programs> Uninstall the following if present
    Dealio Toolbar
    SearchSettings


    Use Windows Explorer to navigate to Local Drive (C)> Programs> do a right click> Delete on the Delio Toolbar if present.

    Start> Run> type in services.msc> double click on each of the following and set as indicated:
    HPBOID> Disable Start up Type
    HPBPRO> Disable Startup type.

    Exit Services

    Reboot into Normal Mode. Empty the Recycle Bin
    Use this if you need it:
    Dealio toolbar, bundled with numerous third party applications>> optional- information and uninstall here: http://www.dealio.com/help/uninstall...oolbar.html#Q3

    Remove all of the tools we used and the files and folders they created

    Uninstall ComboFix.exe And all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • DownloadOTCleanIt by OldTimer
    • Save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    The tool will delete itself once it finishes.

    If you are prompted to Reboot during the cleanup, select Yes.

    You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
    • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
    • Click "OK" to select the partition or drive you desire.
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

    To help clean the system:
    Remove Temporary Internet Files regularly: UseSet you browser to drop the temporary internet files every time it closes:
    Internet Explorer: Control Panel> Internet Options> Advanced tab> Security section> check 'empty temporary internet files when I exit the browser'> Apply> OK.

    Run TFC every 2 weeks or less

    Let us know if we can be of more help in the future.
     
  12. lauyr1

    lauyr1 TS Rookie Topic Starter

    Log-Combo

    Hey there--just got to run combo-fix tonight...it is attached. As always-thanks.
     

    Attached Files:

  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Seems to me we were through- was I wrong? Was the problem you were having resolved? I had you remove the cleaning tools including Combofix.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...