Posts by jholland1964

Then I would say the AVG findings are a false postive. AVG is just not a very good anti-virus program. When researching your problem I found no other av program that found this file. I would advise you use a different anti-virus program, it certainly is one that I never recommend.
It rarely ranks among the highest or most reputable. My advice would be use Avira Free 2012 or Avast Free, but not AVG.
Your System restore is set way to large. You have restore points going back over six months. System Restore should never be used to go back that far, if it is used at all and then it should be only for a very few things.
Your Java is way out of date, you are running version 6 Update 25 and the most recent update is version 6 update 30.
Uninstall All Java listed in add/remove and then go here to download the latest version. http://www.java.com/en/download/manual.jsp

Anything else? Those trial versions are only temporary and good for a short time I believe, not illegal unless you illegally upgrade to the paid versions without paying for them.
How many other programs are on there that are not paid for but should have been?
Nearly every infected file found by MBA-M was on there because of the use of a keygen, possibly all of them since that is one of the easiest ways to get an infection, illegal use of what are supposed to be paid programs. Obviously those two are not the only ones on the system. There are four different PAID programs listed with infected files from the MBA-M log, with keygen related infections.All serious trojans.

sony vegas 10
vegas 9
adobe photoshop cs4 v11.0
propellerhead reason 4
Approximate value of all of the above in the U.S. is around $1000.00

I am possibly also questioning the legality of your system based on these notations in the log

c:\Windows.old\

Do you have another Windows operating system installed someplace?

At least one of the items found by MBA-M was the Boaxxe Trojan it installs other malicious programs on your computer that disable key security features and then attempt to steal any passwords you use, such as for your banking website. Another of the real "benefits" of trying to steal paid programs...the people who write these illegal cracks get your money anyway. It just goes to them …

Thanks so much for your kind words, they are greatly appreciated.
Happy we could get it all resolved. Good working with you too!

You are assuming a LOT and very wrongly. The Sticky, while dated, 2008, is kept up to date on a regular basis.
If your "handle" appendage, 1964, is a hint of your experience, you come from a generation of IT people that were notoriously abusive to "non-techs."

Again another wrong assumption. I am not a "tech" as you assume, I have never been and never have claimed to be. I am simply an ordinary computer user who has taken up assistance in malware removal as a hobby. The 1964 "appendage" was used in order to not have to go through "umpteen" other numbers to be able to use the name I wanted to use or take on a suggested user name that I didn't want to use.

The Sticky is user friendly if a person will use it as described and if you read other threads here you will see that it is used by all when posting here.

Honestly I don't know what it is that you are expecting or what it is that you want us to do. There is no magic bullet or button to push to remove infections like this one. They all require multiple steps and tools and there is no other way to remove them. We can't give you different steps if they are not available and they are not available. There is no ONE step to remove this infection.

If you don't feel you can follow the steps …

These are not the customary steps to stop these processes which can be done automatically but if this is the way you want to try it then be my guest.
His AV program shows as running. There are no temp files showing in the running processes or in auto starts. There are standard automated steps used to stop the processes which may be running, though none are seen in the DDS log, remove these infections but you are more than welcome to take over and have him run your steps.

Customary steps are those compiled by Bleepingcomputer.
For Security Shield infection;
According to Bleepingcomputer generally the files will reside in C:\Documents and Settings\<Current User> for Windows 2000/XP, C:\Users\<Current User> for Windows Vista/7, and c:\winnt\profiles\<Current User> for Windows NT.
C:\Documents and Settings\<Current User>\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\<Current User>\AppData\Roaming and not in %windir%\WINDOWS or %windir%\WINDOWS\system32 and even temp folder. Poster has stated the running of ATF cleaner and Spybot. There shouldn't be any temp files remaining.

We also need to see the second log created by the DDS scanner which is labeled Attach.txt. Please copy/paste it.

Also do the following:
Run the ESET Online Scanner

http://www.eset.com/us/online-scanner?i_agree=14

* You can use Internet Explorer to complete this scan and you will need to allow an Active X to be installed or you may use Firefox
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

I agree with caperjack. MSE rarely ranks "up there". Avast is excellent. Avira Free is quite good, however, due to Avira's recent partnering with Ask.com to add the Avira SearchFree tool bar and Trialpay to help cover the cost of providing the WebGuard extra, which is included in their paid version, many forums have removed it from their lists of recommended free programs. This WebGuard with it's Ask.com provided SearchFree tool bar certainly is not required and this has resulted in many, many complaints posted on their forum.
IF you watch their installs closely you can opt out of these toolbars in Avira but of course many people neglect to watch these installs and end up with these toolbars. They certainly are NOT needed and often are flagged by anti-malware scanners.

Have never been a fan of AVG. On several other forums where I post there are a lot of infection removal threads where AVG was the av program installed so I personally would not recommend it. But "to each his own".

The Rising Antivirus Software Free Edition 2011 on caperjacks link was tested by a fellow at another forum and his results were not good. With scanner settings set at Medium/Default;
Quick Scan produced very high CPU usage which remained extremely high during the entire scan. Scan took 4 minutes to scan 1509 objects. Full scan test resulted in 9 false positives during the first half of the scan. This is …

the guy who assembled my computer gave me the xp that i have. he even took what would be equivalent to 35 dollars for that..

I hate to tell you but in US dollars $35 is not even close to the cost of a legitimate, legal copy of Windows XP. The cost of a new, legal copy of XP is generally will average around $200 in US Dollars. Price depends on the version you purchase and also the store where it is purchased. Some will be higher than $200 and some will be a little lower than $200 but certainly never only $35.

So I would say, as we say in the US, the guy "ripped you off". He has likely sold you a stolen operating system, also called a "pirated" copy of XP.
This is shown by the files found and removed by MBA-M, notice what they say they were:
xp keygen\keygen.exe
xp keygen\update_xp_cd_key.exe
xp keygen\windowsxp product key viewer.exe

A keygen is a computer program that generates a false product licensing key, serial number, or some other registration information needed to activate a software application. In most countries, the use of keygens to activate software without purchasing a license is fraudulent. When you purchase the software, IN THE BOX, as you said you did with Kaspersky, you are purchasing that license. Each and every copy of the Windows Operating System, no matter what version you have, is issued it's own registration or license number, …

Jen, you can go here to get your java update. Much easier page.You evidently chose the 64bit version of the program and you are running a 32bit, that's why you got that message.
http://www.java.com/en/download/index.jsp

You DID do the right thing by updating IE. Even though you don't use it, you always need to keep it updated and there still ARE some websites that require that you use IE.
The KEY thing you need to update is the actual operating system. You do need SP3. Without SP3 your system is no longer supported and IS at great security risk.By updating to SP3 your system can receive critical updates until it's lifecycle expires which will be April of 2014. So it is to your advantage to do the update. Keep you a WHOLE lot safer too!

You need to go to our Read Me Before Posting sticky and follow all of the instructions and run all the scans requested there.

Once you have completed all the requested scans then post back here with copy/pastes of all the logs produced. Then we can better help determine what the next steps will be.

Hi Jen, Crunchie isn't here at the moment. The TDSKiller DID remove a rootkit. It is highly likely that you do still have infection on the computer.
Your version of MBA-M is a year out of date. Current version is 1.51.0.1200 and current database is at least database version 6897. So your database is over 2800 updates behind.

You need to update your MBA-M program to the latest version and latest database and run another Full Scan with it. Have it Remove Everything found and then Reboot the computer>>>this is VERY important as some of the removals may not be completed until the computer is rebooting.
Once you have done this then post back here with that new log and we will give you additional steps.

Poster was looking for info, not help.

I'm sure if they get issue's if it not been cleaned right, they will be back askign for help this time.

If the poster was only looking for "info" not help then why didn't you just give information, that this file is a Trojan which can create, delete or modify files on the computer and bring in other infection processes and it likely was brought in by the original Trojan which has not been removed?
You also should have given the information that to remove this infection that all the steps given in our Read Me First Sticky should be followed and logs requested should be posted once those steps were complete? That is the information required here.

Please ignore the two useless posts above by sergent and jingda, neither one has the knowledge needed to assist in infection clean up.

Follow all the steps given in our Read Me Sticky and post back here with COPY/PASTES of all requested logs.

http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

i think AVG, Kaspersky and NORTON are all good~~

This thread is over 5 years old and dead.

Firstly, Thanks for reply.

The steps that you told us are "Must need to be taken" steps. I would personally recommend to all users of XP (Not just Xp, But Vista ,7 and Linux users too)to backup their OS> if they dont want to buy a new HDD so Instead of Buying a new Hard Drive they can clone their Existing OS on a CD or a DVD.. Isn't it useful?, and it will save their money and time both.

Secondly, These kind of viruses (like system.exe, New Folder.exe, My Music.exe, Pictures.exe, HomeVideo.avi.exe) spread through autorun. That's why disabling aurotun will disable all these viruses. And i have also told to Use "Limited Accounts". These Viruses only activate and perform action in account with "Admin Privileges" they are disabled or deactivated in "Limited Account". Because of restrictions of "Limited Account" they can't change the system files. (The main cause of survival of these Viruses). So if you use "Limited Account" the sys-restore will be as powerfull as you want.

I am about 99% sure that you have used a account Admin Privileges (When this virus is activated) and that's why System Restore and Automatic-Updates couldn't help to remove these viruses

striker_1 you are 100% wrong about System Restore. System Restore actually operates only on a very few system files and settings. System Restore backs up your registry. System Restore does not backup your data. If you delete or damage a file, System Restore will not recover it.
System Restore …

Depends on the web page, if it is a public page then he would not be the only one who could listen. Unless it is a private, and maybe encrypted page, that only you own, that would require a special password to enter it in the first place, that only you could create and give to him, and nothing can be downloaded FROM that page without following specific multiple steps, then he could still save it on his computer at the same time he listened to it. In fact, depending on his computer configuration, his computer might require download of the file to his computer before he even could listen to it.
I would never chance it myself, especially something that there is no way I want others to see or hear. There is almost always a way to get around things in order to use them or keep them. That doesn't make it legal, it often isn't, but it is done probably millions of times daily on the internet.

As I said, once it is "out there", it is "out there" and you absolutely have no control on where it goes and who has it will have NO WAY to get it back, EVER, it is out there FOREVER.

You could even set something up like that so that only viewing or listening on the computer can be done by doing all the steps above, BUT that does not stop somebody from using a tape recorder, …

You can delete the extra IE icon, you would only need one. Here is the Adblock for IE
http://simple-adblock.com/

You might consider Firefox, it is a more secure browser, slightly different from IE but generally faster, easily configured. I have used it for years, rarely use IE anymore unless I have to use it. http://www.mozilla.com/en-US/firefox/new/

You do need to make certain you have proper security settings for IE. You want to be certain that 3rd party cookies are blocked, those are ones that are from ads on a web page and you don't want those, you only want the ones from the site you are visiting.
In IE go to Tools, Internet Options, Privacy, Advanced button. Make sure there is a dot in Allow 1st party cookies and a dot in the Don't Allow 3rd Party cookies and a check mark in allow session cookies.
Ok, your way out.

Try installing other anti virus program such as Kaspersky Internet Security 2011, Norton Internet Security or VIPRE Antivirus. The last one was my friend recommended to me, try it out. Do a full scan and tell me the log. As jholland has say, there might be less disk space. Backup your data on a hard disk then later erase and reinstall your computer. Do a virus scan first

There is no need to reformat the computer at this time. The poster is using a Free antivirus program that should be UNINSTALLED. There are several excellent FREE anti virus programs which can be used and have very high reputations.
Avira Free is one and Avast Free is the other.

If your problem is solved can you please mark the thread as solved. You can do that by going to the bottom. Thanks, i appreciate it.

You need to stop making this request in order to boost your own solved thread count. It is not for you to ask this.

Using an expired av program to scan a computer you think is infected is a bad idea. It likely would not be able to find all the infections, if they are there. In order to find the newest infections an av program must be up to date, and I certainly would not recommend backing up something I was not sure was clean.
By all means, follow the instructions found in our Read Me sticky, then save the logs and post them all here I will be happy to take a look, maybe a reformat won't be needed if we can get it all clean. There are several excellent FREE av programs available also once we get the computer clean.
Here is the link for the Read Me sticky:
http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

You mean a paid version of an antivirus program? You should be able to as long as you have the registration code and it is not expired. You probably would have to contact the av company to get it reactivated but that normally isn't a problem as long as you have all the key info and it's not expired.If it's expired then no you couldn't because you do have to re-register it and it wouldn't register if expired.

hahaha good call!

and sorry i didn't emphasize on going to add/remove programs and uninstall, i just assumed that they would have enough knowledge to do that... my apologies for not going into detail on uninstalling.

But.. i was right yea? :)

Yes, you were right but you always need to be sure you don't tell somebody to delete a program...because they will and all that does is delete the short cut, the program remains. It was Installed so if you want to get rid of it then you have to Uninstall it.:)

This rootkit,whistler@mbr.has added the TDSS rootkit to its "arsenal" but that cannot be removed with the other tools and requires it's own removal tool and that is the TDSSKiller.

Do the following:
Please download ComboFix by sUBs from

http://www.bleepingcomputer.com/download/anti-virus/combofix

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
• Re-enable all the programs that were disabled during the running of ComboFix..
• Then post back here with that log and a new scan log from HiJackThis.

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If …

Well, now we see why you have, as you say, MANY ISSUES!
#1a - 108 GiB total, 16.179 GiB free.
#1b - No anti-virus program
#1c - No Firewall
#1d - No security programs on there except what you have downloaded to use in this thread
#1d - uTorrent
#1e - BitTorrent
#2 - Advanced SystemCare 3 - which is absolute junk

The next umpteen? 131+ games & gaming sites downloaded software by my rough count and I am sure I missed some. If we gave trophies here for the most games or online games you would certainly be in the running. And as you see, it really isn't a prize you want to win, not with all that is going on with your computer. I guarantee you many of your "issues" and major infections come from both these games and anything else you have shared using uTorrent and BitTorrent including music and video which should have been paid for.

Now I know absolutely nothing about any of these games, I have to assume that at least some of these must be purchased, and all of these online Casinos require the install of ActiveX programs to play. I checked out some of these sites, not all of them, maybe a third of them and at least every 3rd one is a known site for installing spyware, malware, and or trojans onto a computer.The others are not necessarily good sites, they are …

Follow steps given here and post back with all logs. Please copy/paste all logs we do not open attachments.
http://www.daniweb.com/forums/thread134865.html

uninstall the security updates or restore your pc to back date

A ridiculous suggestion. If you are going to post please be aware of exactly what you are suggesting.

That is probably why. Microsoft nolonger supports windows Vista and as far as I'm aware Microsoft never did support Windows Vista. So upgrade to Windows 7 or at the very least download linux from your local internet hub. WindowsVista==WindowsME.
For all we know Internet Explorer might not be compatible with Windows Vista.

Have no idea WHERE you saw this but Vista always WAS and STILL is supported until April 2012 by Microsoft as long as SP 2 is installed. Same goes for XP, as long as SP3 is installed it also has support until April 2014.

You are also wrong about Internet Explorer. It is FULLY COMPATIBLE with Vista. It is part of the operating system.
You need to check your facts before posting 100% inaccurate information.

Registry Cleaners are never recommended. A good malware cleaner, like MBA-M WILL clean infected registry entries if necessary. Using a registry cleaner as a matter of "general course" can be very dangerous itself. The best way to deal with (possibly) registry-related issues is is to thoroughly research the problem and then use regedit to make any necessary changes and/or deletions (having first set a restore point or created a backup).Registry cleaning does *not* improve perforance.

We prefer logs be copy/pasted not attached so you did fine.
I also made an error, for the moment I don't need the DDS log, what I need for you to run is HiJackThis.Version 2.0.4 System Scan and post the log here.
http://free.antivirus.com/hijackthis/

Yes the combofix log is huge so it will take me awhile to go through it. Have you tried your internet yet?

You should go ahead with the scan. This is not required and if needed LATER you can install it, but if you all ready have a recovery disk this isn't needed really.
Go ahead and run the scan. If there is something that cannot be fixed at the time of the scan Combofix will note it.

How's the ability to go online?

Actually would rather you do the Combofix first and post that log ok? Then after that do the DDS.

By the way, love the way you are sticking with this.So many folks just seem to post once a day. Keep this up and hopefully we will be able to wrap this up in short order. Good job!

We will worry about the display problems later, those are minor at this point.
Don't worry about running GMER or the MS program in normal mode. I saw what I needed to see all ready.

Combofix can be downloaded to a flash drive and installed ONTO the infected computer without problem. Be sure either way it is ON the desk top. It must be run From the desktop.

Did you Update MBA-M before running this second scan? If not, stop the scan, update it and run it in Normal mode if possible.

Post BOTH of the MBA-M logs here ASAP.
Combofix should be run in Normal mode if at all possible.

As soon as the MBA-M scan completes please do the following:
Note to others reading this thread, these instructions are for THIS computer ONLY. This tool is NEVER to be used unless first instructed to do so by a helper.

Unless you have access to another computer during the program run please print out these instructions for reference as you will not be able to refer to them while this program is running.

Please download ComboFix by sUBs from HERE
· You must download it to and run it from your Desktop
· Physically disconnect from the internet.
· Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
· Double click combofix.exe & follow the prompts.
· When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
· Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!
When it is complete then post back here with the full log.

Good enough. Post the logs when you are finished. Know it's a pain to do it this way but hopefully the logs will show the problem and we can get it all worked out and get the computer back online.

Yes, all of the files can be downloaded to another computer, transferred to a flash drive and then taken to the affected computer so that steps may be completed.
You WILL need to save the logs, transfer those back to the flash drive and then uploaded here from that drive.

P.S. heres my registry:

C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Not certain what you mean by the above as this is not the registry.

The HiJackThis log you posted is incomplete. We need to see the entire log from top to bottom.

Please follow the steps given here http://www.daniweb.com/forums/thread134865.html and post back with all the requested logs.

You also are running Two Anti-virus programs or portions of two at least, Norton and AVG 8. AVG 8 would be likely out of date as there is a new version out now. I do not know what version of Norton you are running but one of these programs needs to be 100% removed ASAP. Running two anti-virus programs on one computer just adds to the possibility of infection.

Will look for that log, or your next post saying all was clean.
By the way, AFTER that scan and IF it is clean you should also Set a new and now clean System Restore Point:
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.

Did not mention disable system restore.

Your post clearly says

Disable System Restore (Windows Me/XP).

By telling the poster to turn off System Restore he loses restore points.

Im sorry for my assumption on a laptop,it was indeed a tower but ithink they can work that out for there self.

Poster said nothing about it being a laptop. You assumed it was a laptop. However, if YOU assumed it was a laptop then another person reading your instruction, KNOW you are speaking to somebody using a tower and so may assume that this would be all right to do this on a running tower.

Do you have any advice for this poster?

Yes, first of all don't follow colinperman's advice and wait for Crunchie's next set of instructions.

Please also post the MBA-M log. Your HJT log DOES show at least one Trojan, which should have been removed by the MBA-M full scan. You don't appear to be running either an anti-virus program or a firewall...why not?

Have to ask, have you been using the computer these past two weeks?

Yes I have.

Then you are going to have to begin at the beginning. As the MBA-M log shows you are STILL infected and very likely MORE infected.
In your very first post in this thread you said the following:

I have taken the steps suggested in the Read Me

Since you did go to the Read Me sticky, didn't you also read the following?

Please endeavor to reply to your thread promptly and to follow all cleaning steps in a timely manner. The reason for this request is twofold:

• Our volunteers can only address a limited number of threads at a time. If you wait too long to reply, they may move on to helping others and no longer have the free time to devote to your issues.
• Malware tends to reconstitute itself if not addressed quickly and completely.

You have not done this. You posted the Combofix log, did not wait for or comment to my reply and then returned 16 days later, admitting that you used this infected computer throughout the 16 days you failed to return. You obviously are not bothered enough by these serious infections because you to continued to use the computer so I will advise you to look elsewhere for assistance.
The only thing I will tell you to do is Uninstall Combofix using these steps as this copy of the program cannot …

Ok, that's great. You need to do these three things and then you can mark this one solved, unless you have other issues:

You should remove HiJackThis, you don't need it any more.

You also should uninstall combofix. It basically is a "one time" fix. If a person is told to use it again some other time then a new copy would be needed.

* Click START then RUN
* Now type ComboFix /Uninstall in the runbox and click OK. The space between the combofix and the /uninstall, it must be there.
When shown the disclaimer, Select "2"

You also need to set a new, clean Restore point.
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.

Judy

I mean that none of my anti-virus or anti malware is unable to detect anything.

That doesn't mean the virus is untrackable, it means that it is gone, there isn't anything for it to find. You don't need to keep running the scans, they aren't going to find infection if there is no infection to find.

I honestly don't know why your programs stall on that folder. It may be that it is too large.
Try running just the Quick Scan with MBA-M, after updating of course, and see if it stalls during the Quick Scan. These scans MUST be done in Normal Mode.

You have at least two registry cleaning programs running on the computer: RegCure and something called Abexo. Totally unnecessary programs. Registry cleaning is totally unnecessary. Please Uninstall these programs. If there are infected registry keys then these would be cleaned by MBA-M and several other malware removal programs. Otherwise there is no reason for these, uninstall them.
Then do the following:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

REBOOT after running MBA-M!
Run a new HJT scan and save the log. Post back here with the MBA-M log and the HJT log.
Judy

Go to http://virusscan.jotti.org/en
upload that file

C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\_Setup.dll

from your computer to that website. It will scan the file with 20 different scanners and give you a report on whether it is infected.
Post back here with the report.

Oh,
Phew erm C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\_Setup.dll here.It stalls like forever and the com hangs.
tyvm

That folder contains the Install Info for many of your programs. It may be quite large because of this. How long are you giving it before deciding the computer has frozen? You know even in Safe Mode these scans should take more than one hour.

Can you drop the acronyms and abbreviations please.

Hey thanks for the reply so,when i delete them it;s wrong? Erm i ran in safe mode and ran each at a time .But they both including malware btye when ran got hang at a particular file.How do i solve this? Thank you in adcnace =(

Sorry, but "shorthand" makes no sense here. What is it you are trying to ask and say?

Erm i ran in safe mode

When you said you

ran each at a time

I have to assume you mean you ran the scanning portion for each anti-virus program at a time....they BOTH run all the time, even when they are not scanning and both will conflict with each other. You should never have more than one anti-virus program on the same computer. Uninstall that AVG program and leave it off of there.
How long do these programs hang at that particular file? Do they never continue? Do you give it time to continue? If the file is large then it takes awhile to scan it. But remove that AVG.

Hi welcome to daniweb,
You said that

it runs real slow so I tried running a few different softwares on it.

Exactly what software did you try on it?
Aside from some unnecessary start ups I don't see anything "bad" on the computer. How long has he had the Norton 360 on there? Sometimes, with a smaller hard drive of a low amount of RAM this can slow the computer. Is he an AOL user?

How large is the hard drive and how full is it? How much RAM is installed? How long has it been slow? Is it slow all the time no matter on or off the internet?
Have you done things like run disk clean up, done a defrag of the hard drive and that type of thing?
Judy

System restore is not going to remove an infection so even the thought of that is useless. Many people don't have system restore enabled on their machines because of the small amount of things it backs up. System Restore only really only operates on a very small number of system files and settings. Basically it backs up your registry and that is it. When using System Restore to go back for whatever reason you also shouldn't count on going back more than a couple days. New restore points are made a various times and system restore is meant for only very recent changes. It is only so large, once the disk space for it is filled then older restore points are wiped out. System Restore does NOT save your data, does not keep copies of your files, doesn't keep old versions of programs so expecting it to restore your computer to "clean" after an infection just isn't going to happen.
From Ask Leo

System Restore will allow you to restore your system's configuration to a previous state. In some cases that means that viruses or spyware will be "undone" as part of the process. But system restore does not remove infected files from your system, and you can quickly get infected again. It also does nothing to prevent new threats from arriving.

There are a number of good image programs out there yes, BUT they don't REMOVE infections either. If the infections are not removed then all …

Well, several things I note here, though you said in the original thread that you use BitDefender as your anti-virus program Norton, Bitdefender both have entries in your DDS log, however, there is no indication of either programs RUNNING on the system and the only semblance of a security program showing as being disabled, meaning it's at least installed is Spybot.

Going through the Uninstall list there is NO anti-virus program listed on that at all not even BitDefender so obviously there is no anti-virus program installed.
I see MBA-M in there and Spybot but neither of those is a real time scanner and neither is an anti-virus program so you don't have one installed. I don't see a Firewall listed either so unless you are using the built in firewall you don't have a firewall either. So you literally have no protection on the computer.

You said in the original thread

I tried to do a system restore, but ALL of my restore points were GONE! I have made some manual restore points since, and a few (not all!) are still there, but I cannot restore them.

You are operating under a mis-conception really, System Restore only works for a few key system files. It isn't going to give you your computer back to perfection usually.
The Windows Update you mention has caused problems for BOTH XP and Vista users and it was advised not to install it. Also for the Nvidial Display GeForce 9200 …