Apr 4, 2010
1. Hi: working on my father-in-law"s laptop. He had thre anti-virus packages running (none updated). I removed them, added Avira, but it won't let me update. We also cannot add a printer, as it gets hung up during install. Error message said something about the spooler not working. Any help appreciated.

Bobbye

Scooter, make sure FIL understands that multiple AV programs can actually make the system more vulnerable as wee as slow it down. Let's see how much damage he did:

• Please disable all security programs, such as antiviruses, antispywares, and firewalls.
• Double click on the setup file on the desktop to run
(Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
• If prompted to update, please allow.
• Click on Yes, to continue scanning for malware.
Notes:

• 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run.
.
Run Eset NOD32 Online AntiVirus Scanner HERE
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Attach both the Combofix report and eset log to next reply.

I;m not sure what's been done here:
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ISI84RYR\JavaSetup6u19-rv[1].exe

I don't see the Java y6u19 running- just this setup so check that please.

Also, there is an AOL firewall in addition to the McAfee firewall. Please remove one of them:
C:\Program Files\Common Files\AOL\1137113834\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe

It looks like he has both AOL dialup and Comcast. Both providers offer security programs so check both for any dup AV also.

The online scan should show us what may be stopping the Avira update.

scooter125

Nothing found in eset. Combo fix log attached. Also, I can't find McAfee anywhere...not listed in program files..

Bobbye

For the spooler message:

Click on Start> Run> type in services.msc> double click on Print Spooler> Set Startup type to Automatic> Reboot.

There are still processes from Symantec/Norton running. Please run the Norton Removal Tool

• [1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad and copy/paste the text in the code below into it:
Code:
File::
c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
c:\windows\system32\javaw.exe
Folder::

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
====================

scooter125

I was able to update Avira and get the printer installed, so things are improving.

Bobbye

OK! Was it the print spooler setting? I'll give you a tip about the HP peripheral because that's what I have. HP puts a lot of processes on Startup, including all of those for digital imaging. Not only does the printer or all-in-one not need to be on Startup, but all the HP processes there can be stopped. Just open the printer of the HP Director in the program when you need it.

I'd like you to run this program and get rid of some of the temp files:TFC (Temp File Cleaner)

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.

When you have finished, Empty the Recycle Bin

What problem related to the original is still open? Printer is in, spooler is working and Avira is updated. AV scan came out clean. If the problems have been resolved, I'll have you remove the cleaning tools.

scooter125

Everything seems to be working. Father in law is impressed. Thanks very much.

Bobbye

Very good! Let's remove the cleaning tools:

Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
Remove all of the tools we used and the files and folders they created
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
• Go back and follow the path to > System Tools.
[*]Click "OK" to select the partition or drive you want.
[*]Click the "More Options" Tab.
[*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Please let me know if I can be of help in the future. I will close this thread now.

