8 step completed-computer still will not stanby-by or hibernate

[lauyr1]

All seems to be okay initially with the exception that my computer will not go into standby mode or hibernate..is there something I am missing??? Like a driver that may have been harmed, etc... Please help

 

[Tmagic650]

A lot of nasty stuff... Were you running without virus or malware protection for a while? Where to start...

Please download ComboFix Here
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.

Important! Save the renamed download to your desktop.
Double click on Combo-Fix.exe to run and follow the prompts.
(Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
Wait for the scan to be completed.
If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Plese then run the Eset online scan,
Attach both the Combofix reply and the Eset log in new reply

 

[lauyr1]

Ran Combo-Fix

Thanks so much for the reply. I wasn't without protection. My Micro-Trend Pencillin security suite was getting ready to expire. I replaced it with AVG. I used AVG(free version) because out IT dept. where I work said it was great software. I also have the option of using Sophos. I just couldnt get a real opinio either way which was best. My problems all started after about a week of switching to AVG which was around the end of December. The virus seems to have appeared Jan. 4Is it possible for a virus to disable/block my ant-virus????

I ran combo-fix-I hope I was successful in disbaling AVG. Wasn't sure how to completely disable it. After combo-fix last restart where log was created, AVG is still saying there were two threats found in C:\System Volume Information.....There are several viruses in the AVG vault. Should I "empty" the vault? I have never been hit with a virus like this. Again, thanks so much for all of your help--

 

[Bobbye]

Tmagic, I know you're trying to learn about cleaning. But the first thing you need to do is search! I don't see 'a lot of nasties' on this system. And yes, Combofix will need to be run for the 020 AppInit

But here's what I see:

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

1. Guide member in installing the Recovery Console.

2. Opening logs gives indication of type of malware. Instruct member to "Please change all of your passwords. you have had spooyware that steals passwords. Be sure to monitor and online financial transactions."

3.

AVG is still saying there were two threats found in C:\System Volume Information....

This refers to the restore points. Malware can get into the restore points which is why we have you drop the old restore points.AFTER This malware is not in the system and cannot reinfect you unless you do a System Restore to that point.

4. Suggest get control of the Tracking Cookie. Do this on ALL accounts:
Reset Cookies

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

5. Regarding the 'no file' entries: checking the CLSID shows:

• 
  [*]R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll Legitimte
  [*]R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)>> Default Microsoft Internet Explorer Search Hook, normally not displayed in Hijackthis since it's whitelisted. Legitimate
  [*]R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)>> &Yahoo! Companion, Yahoo! Toolbar- Legitimate
  
  
  [*]O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll>> Cloaked malware Run Combofix

Dealio toolbar, bundled with numerous third party applications>> optional- information and uninstall here: http://www.dealio.com/help/uninstall-dealio-toolbar.html#Q3

The member may not have see this pre-checked on a download. But it is an Optional Removal. Advise and give information.

• R3 - URLSearchHook: (no name) - *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)>> Vendio "Search Settings" foistware, bundled with its Dealio toolbar, which is in turn bundled with numerous third party applications X> Remove.See section regarding Delio Toolbar
• ]R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
• O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
• O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll

still will not standby-by or hibernate

Here is the problem: See IT Resource Center HERE for fix.
Advise Disable:
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE[/b]

This is a one time post.

 

[lauyr1]

So far, so good

Thanks so much to you both-after combo-fix, I saw the AVG warning once about the System Volume Information. After that, I haven't seen any more threats/warnings. Everything seems to be working great (hopefully, I havent spoken too soon). My computer is much faster.

Do you guys recommend use CCleaner maybe once a week to clean things up? Just want to make sure I am doing everything I can to be properly protected. I am not sure about how to install recovery console. I have the original disks if that is where I begin. Thanks again,

 

[captaincranky]

Do you guys recommend use CCleaner maybe once a week to clean things up? Just want to make sure I am doing everything I can to be properly protected.

Hey, I use it every time I close the browser. (There's no telling where that thing's been)!

Some members (myself included), have found "Advanced System Care" helpful also; https://www.techspot.com/downloads/3160-advanced-windowscare-systemcare-free.html

As with everything else I say, I always suggest waiting for a second opinion.

 

[kritius]

I wouldn't trust anything by IOBit, if they're willing to steal definitions from Malwarebytes what else would they do.

I also wouldn't use CCleaner, don't trust the Registry part of it. Use ATF cleaner or TFC instead.

 

[Tmagic650]

I'm using free Comodo Internet Security and I did purchase Advanced SystemCare Pro, and CCleaner is still used on occasion. Vista is long gone, and Windows 7 Pro, 64-bit is getting along just fine with these programs

It is all a matter of informed likes and dislikes. My definition of "nasty stuff" for Bobbye:
Dealio Toolbar
Yahoo Toolbar
AVG Toolbar
That HP port resolver
That HP status server
These are nasty, and nastier over time

 

[Bobbye]

I've never used CCleaner. I use the Housekeeping utility in The Ultimate Troubleshooter, then use Eraser to overwrite it all.

Tmagic, calling something 'nasty' because you don't like it isn't appropriate. And now you're griping about the AVG Toolbar! Seems to me there are a lot of posts with you saying AVG is the best AV program out! Of those you listed, the known entries to be removed are the two HP ones. The others- including the Delio Toolbar are optional. While we may suggest an entry be removed because of....state reasons...an optional removal is NOT a nasty."

Another reason why your don't belong in this forum telling member what to remove!

 

[Tmagic650]

Nasty is a generic term at best. It may include spyware, virus and other malware. I don't like to see computers where the browsers show 4 or 5 toolbars at once. You can hardly see the webpage displayed. You recommend something and its okay, I recommend the same thing and its not okay...

We will always agree to disagree

"Another reason why your don't belong in this forum telling member what to remove!"

That's your opinion... Keep these opinions to yourself!

 

[Bobbye]

My apology lauyrl. You thread seems to have been hijacked! I had hoped to assist so that you got correct information.

Before I have you uninstall Combofix, you might want to use it to help you install the Recovery Console. Here are the directions: Since you already have Combofix on the system, let it do the work for you: Delete the report you have on the desktop:

Install Recovery Console- Combofix:

• Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
• Double click on the setup file on the desktop to run
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
• Query- Recovery Console image
  
  
• When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• Click on Yes, to continue scanning for malware.
  
• When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.

I'd like to check and make sure there's noting else. Combofix removed most of the Delio entries. Make sure these are gone:

Please reopen HijackThis to 'do system scan only'. Check the following if present:

R3 - URLSearchHook: (no name) - *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

Close all Windows except HijackThis and click on "Fix Checked."

Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Click on Start> Settings> Control Panel> Add/Remove {Programs> Uninstall the following if present
Dealio Toolbar
SearchSettings

Use Windows Explorer to navigate to Local Drive (C)> Programs> do a right click> Delete on the Delio Toolbar if present.

Start> Run> type in services.msc> double click on each of the following and set as indicated:
HPBOID> Disable Start up Type
HPBPRO> Disable Startup type.
Exit Services

Reboot into Normal Mode. Empty the Recycle Bin
Use this if you need it:
Dealio toolbar, bundled with numerous third party applications>> optional- information and uninstall here: http://www.dealio.com/help/uninstall...oolbar.html#Q3

Remove all of the tools we used and the files and folders they created

Uninstall ComboFix.exe And all Backups of the files it deleted

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

• DownloadOTCleanIt by OldTimer
• Save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.

The tool will delete itself once it finishes.

If you are prompted to Reboot during the cleanup, select Yes.

You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:

• Go to Start > All Programs > Accessories > System Tools and click "System Restore".
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
• Click "OK" to select the partition or drive you desire.
• Click the "More Options" Tab.
• Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

To help clean the system:
Remove Temporary Internet Files regularly: Use

• ATF Cleaner by Atribune or
• TFC

Set you browser to drop the temporary internet files every time it closes:
Internet Explorer: Control Panel> Internet Options> Advanced tab> Security section> check 'empty temporary internet files when I exit the browser'> Apply> OK.

Run TFC every 2 weeks or less

Let us know if we can be of more help in the future.

 

[lauyr1]

Log-Combo

Hey there--just got to run combo-fix tonight...it is attached. As always-thanks.

 

[Bobbye]

Seems to me we were through- was I wrong? Was the problem you were having resolved? I had you remove the cleaning tools including Combofix.