Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

PC Reoovery

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: PC Reoovery

Unread postby Dakeyras » March 27th, 2010, 7:34 am

Hi. :)

Question - I ran Startup Lite again and CTFMON.exe and NvCplDaemon still is not disabled. I rebooted and it is still trying to start up on this system start up. I thought you had killed both of these. Should I select "remove" instead of "disable" from Startup Lite?
No do not make any other changes to the computer what so ever. These we will deal with in due course once I am satisfied the machine is malware free.

Next:

Please download Sec-Info.zip then extract to the Desktop.

  • Double click on Sec-Info.vbs and select Open.
  • A notepad file will appear after a short duration.
  • Please post the contents of Sec-Info.txt in you next reply.

Next:

Out of date Adobe and Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update both in due course.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Adobe Reader 7.0
J2SE Runtime Environment 5.0


To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform a Quick Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Check Hard Disk For Errors:

Press Start->Run, then copy/paste the following command into the box and press OK:
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
A blank command window will open on your desktop, then close in a few minutes. This is normal.
A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

When completed the above, please post back the following:

  • How is the computer performing now? Any problems encountered and or any further symptoms?
  • Sec-Info.txt.
  • Malwarebytes Anti-Malware Log.
  • checkhd.txt.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Re: PC Recovery

Unread postby Curley » March 27th, 2010, 3:05 pm

No problems that I am aware of. Computer seems to be working really well now.







Company Name:
AV Name: Trend Micro AntiVirus
Version Number: 16.10.2012
On-Access Scanning Enabled: Yes
Product up-to-date: Yes
~~~~~~~~~~~~~~~~~~~~~~~~




Malwarebytes' Anti-Malware 1.44
Database version: 3922
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/27/2010 2:50:16 PM
mbam-log-2010-03-27 (14-50-16).txt

Scan type: Quick Scan
Objects scanned: 118115
Time elapsed: 7 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is recovering lost files.
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

190105177 KB total disk space.
15668812 KB in 74604 files.
22232 KB in 6140 indexes.
0 KB in bad sectors.
136949 KB in use by the system.
32784 KB occupied by the log file.
174277184 KB available on disk.

4096 bytes in each allocation unit.
47526294 total allocation units on disk.
43569296 allocation units available on disk.


Thanks for your help!!!
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am

Re: PC Reoovery

Unread postby Dakeyras » March 27th, 2010, 7:43 pm

Hi. :)

No problems that I am aware of. Computer seems to be working really well now.
OK and thanks for the update.

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

  • Click Start >> Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and hit the Enter/Return key.
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:
CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)
  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.

Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

Let myself know when completed the above procedures, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: PC Reoovery

Unread postby Curley » March 29th, 2010, 7:06 pm

Hi Daks! :roll:

Procedures have been completed.
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am

Re: PC Reoovery

Unread postby Dakeyras » March 29th, 2010, 7:35 pm

Hi. :)

New Adobe Reader Installation:

  • Go here and click on AdbeRdr930_en_US.exe to download the latest version of Adobe Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.

New Java Installation:

  • Click here to visit Java's website.
  • Scroll down to JDK 6 Update 18 (JDK or JRE). Click on Download JRE.
  • Select Windows from the drop-down list for Platform.
  • Select Multi-language from the drop-down list for Language.
  • Check (tick) Java SE Runtime Environment 6u18 with JavaFX 1 License Agreement box and click on Continue.
  • Click on jre-6u18-windows-i586.exe link to download it and save this to a convenient location.
  • Double click on jre-6u18-windows-i586.exe to install Java.

Next:

Please download ATF Cleaner to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Run Kaspersky Online AV Scanner:

Go to this Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

This online tutorial will help explain how to use the aforementioned online scan.

When completed the above, please post back the following:

  • How is your computer performing now? Any problems encountered and or any further symptoms?
  • Kaspersky report.
  • A new HijackThis Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: PC Reoovery

Unread postby Curley » April 1st, 2010, 12:16 am

I haven't forgotten about you. I tried to get everything done Monday evening because I have a big project I am working on this week that requires that I stay focused. I didn't expect this but Kapersky was taking a great deal longer in downloading the virus definitions and I eventually had to go home. I will resume this weekend or Monday.

I did want to mention that the MicroTrend keeps finding a lot of spyware. I ran it again right before I got your last post and it found 21 spyware. 2 or 3 days prior, it found 16 and a few days prior to that it found 57. We are barely on the system since I took over fixing it so it doesn't make sense to me that MicroTrend keeps finding so much spyware, especially since ESET online hasn't and neither has MalwareBytes. The spyware Microtrend has been finding seem to all be located at cookies. I think part of the problem is MicroTrend is simply not reliable or keeps recording the same spyware. I am switching my mother to ESET but I didn't want to do anything until you were done with your processes. However, the system itself has been working pretty smooth since I updated the security and have been running the scans and have had your assistance.

Unfortunately, it is my mother's computer and I can't work on it again until this weekend or Monday because of a bigger committment as I stated earlier. But at that time, I will run and send the Kapersky scan log and a new HiJackthis log. Thanks.
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am

Re: PC Reoovery

Unread postby Dakeyras » April 1st, 2010, 4:55 am

OK thanks for the update, if at all possible I would like to be able to review one of the Trend-Micro report logs to see exactly what it is flagging apart from tracking cookies.

With regard to what you mentioned about being unable to reply back again for some time, giving the situation I am prepared to allow some leeway but cannot leave this topic open indefinitely. If you think it is going to be longer than anticipated before you can complete my last set of instructions please let myself know, thank you. :)
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: PC Reoovery

Unread postby Curley » April 1st, 2010, 9:21 pm

I tried to get this done this evening. I had to disable the MicroTrend in order to run Kapersky online. I ended up getting an unexpected page pop up (junk advertisement). I tried to exit out of it. When it did, it shortly thereafter blacked out the pc. When the pc came back to, I was no longer on the internet, of course. I renableld the Microtrend and then shut the pc down and may not be able to return until this weekend of Monday as previously conveyed.

When this happened, Kapersky was about 28% done with hits scan and it was not showing any threats found.

I did save the MicroTrend log from 3/29/10 to my hotmail before all of this happened.

Here it is.

MicroTrend spyware scan log from 3-29-10

"Spyware Scan Logs" "Mar 29, 2010" ""
"Time" "Type" "Threat Name" "Infected File" "Name" "Action" "Status" "Detected by" "Source Type"
"19:24" "" "Cookie_2o7" "Internet Explorer Cache" "2o7.net" "Quarantined Success" "Cookie_2o7" "Manual Scan" "Bad Internet Browser Cookies"
"19:24" "" "Cookie_YieldManager" "Internet Explorer Cache" "ad.yieldmanager.com" "Quarantined Success" "Cookie_YieldManager" "Manual Scan" "Bad Internet Browser Cookies"
"19:24" "" "Cookie_Pointroll" "Internet Explorer Cache" "ads.pointroll.com" "Quarantined Success" "Cookie_Pointroll" "Manual Scan" "Bad Internet Browser Cookies"
"19:24" "" "Cookie_Advertising" "Internet Explorer Cache" "advertising.com" "Quarantined Success" "Cookie_Advertising" "Manual Scan" "Bad Internet Browser Cookies"
"19:24" "" "Cookie_Atwola" "Internet Explorer Cache" "atwola.com" "Quarantined Success" "Cookie_Atwola" "Manual Scan" "Bad Internet Browser Cookies"
"19:24" "" "Cookie_BurstNet" "Internet Explorer Cache" "burstnet.com" "Quarantined Success" "Cookie_BurstNet" "Manual Scan" "Bad Internet Browser Cookies"
"19:24" "" "Cookie_Profiling" "Internet Explorer Cache" "casalemedia.com" "Quarantined Success" "Cookie_Profiling" "Manual Scan" "Bad Internet Browser Cookies"
"19:24" "" "Cookie_DoubleClick" "Internet Explorer Cache" "doubleclick.net" "Quarantined Success" "Cookie_DoubleClick" "Manual Scan" "Bad Internet Browser Cookies"
"19:24" "" "Cookie_FastClick" "Internet Explorer Cache" "fastclick.net" "Quarantined Success" "Cookie_FastClick" "Manual Scan" "Bad Internet Browser Cookies"
"19:24" "" "Cookie_Hitbox" "Internet Explorer Cache" "hitbox.com" "Quarantined Success" "Cookie_Hitbox" "Manual Scan" "Bad Internet Browser Cookies"
"19:24" "" "Cookie_Pointroll" "Internet Explorer Cache" "pointroll.com" "Quarantined Success" "Cookie_Pointroll" "Manual Scan" "Bad Internet Browser Cookies"
"19:24" "" "Cookie_Questionmarket" "Internet Explorer Cache" "questionmarket.com" "Quarantined Success" "Cookie_Questionmarket" "Manual Scan" "Bad Internet Browser Cookies"
"19:24" "" "Cookie_RealMedia" "Internet Explorer Cache" "realmedia.com" "Quarantined Success" "Cookie_RealMedia" "Manual Scan" "Bad Internet Browser Cookies"
"19:24" "" "Cookie_Revsci" "Internet Explorer Cache" "revsci.net" "Quarantined Success" "Cookie_Revsci" "Manual Scan" "Bad Internet Browser Cookies"
"19:24" "" "Cookie_SpecificClick" "Internet Explorer Cache" "specificclick.net" "Quarantined Success" "Cookie_SpecificClick" "Manual Scan" "Bad Internet Browser Cookies"
"19:24" "" "Cookie_StatCounter" "Internet Explorer Cache" "statcounter.com" "Quarantined Success" "Cookie_StatCounter" "Manual Scan" "Bad Internet Browser Cookies"
"19:24" "" "Cookie_Tacoda" "Internet Explorer Cache" "tacoda.net" "Quarantined Success" "Cookie_Tacoda" "Manual Scan" "Bad Internet Browser Cookies"
"19:24" "" "Cookie_Profiling" "Internet Explorer Cache" "trafficmp.com" "Quarantined Success" "Cookie_Profiling" "Manual Scan" "Bad Internet Browser Cookies"
"19:24" "" "Cookie_Profiling" "Internet Explorer Cache" "tribalfusion.com" "Quarantined Success" "Cookie_Profiling" "Manual Scan" "Bad Internet Browser Cookies"
"19:24" "" "Cookie_BurstNet" "Internet Explorer Cache" "www.burstnet.com" "Quarantined Success" "Cookie_BurstNet" "Manual Scan" "Bad Internet Browser Cookies"
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am

Re: PC Reoovery

Unread postby Dakeyras » April 2nd, 2010, 5:28 am

OK and thanks for the update. :)
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: PC Reoovery

Unread postby Curley » April 4th, 2010, 8:53 pm

I am going to assume the changes made to Kapersky lately is a source of the issue. I can't pull a report. As you know, last time I tried running the Kapersky scan my mom's computer went kapoot. I tried again and when I went back there is no report.

Pop-up blocker is disabled. If you have another AV you want to run, let me know.

I spent 2 hours waiting on Kapersky for it to not give me a report.
Adobe and java is upated.


Here is Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:23 PM, on 4/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Wireless Desktop\LgWDskTp.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [TVTunerLib] C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [LgWDskTp] C:\Program Files\Wireless Desktop\LgWDskTp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8692211156
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 9946 bytes
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am

Re: PC Reoovery

Unread postby Dakeyras » April 5th, 2010, 6:03 am

Hi. :)

Sometimes Kaspersky will not work correctly on some machines, not a problem we will merely try a alternative scan.

Next

Run ATF Cleaner again as outlined here please.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: PC Reoovery

Unread postby Curley » April 5th, 2010, 7:53 pm

ESET Log - No threats found.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1441f5735e581447982be0a0e26b0760
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-18 01:23:43
# local_time=2010-03-17 09:23:43 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=514 16776533 100 97 0 104551830 0 0
# compatibility_mode=8192 67108863 100 0 619139 619139 0 0
# scanned=61985
# found=0
# cleaned=0
# scan_time=5093
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1441f5735e581447982be0a0e26b0760
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-22 08:40:01
# local_time=2010-03-22 04:40:01 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=514 16776533 100 97 0 104966454 0 0
# compatibility_mode=8192 67108863 100 0 1033763 1033763 0 0
# scanned=61953
# found=0
# cleaned=0
# scan_time=5442
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1441f5735e581447982be0a0e26b0760
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-05 09:06:22
# local_time=2010-04-05 05:06:22 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=514 16776869 100 97 0 106179202 0 0
# compatibility_mode=8192 67108863 100 0 2246511 2246511 0 0
# scanned=55720
# found=0
# cleaned=0
# scan_time=3879
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am

Re: PC Reoovery

Unread postby Dakeyras » April 6th, 2010, 6:39 am

Hi. :)

The online scan results are good so that is a positive.

Random Access Memory Advice:
Total RAM: 511 MB (23% free)
Though Microsoft claims XP will run with a mere 128 MB installed in my opinion a minimum of 1 GB is far better.

If you wish to upgrade the installed memory, Crucial have a small scanner(CrucialScan.exe)which is perfectly safe to download and run. Which will advise if the system can support any upgraded memory modules. They cater for the US/UK and Europe.

Install WinPatrol:

Download it from here

You can find information about how WinPatrol works here

It is very simple to use and quite effective and will advise about any unnecessary system startups and services that can be safely removed.

Note: I advise hold off installing this until completed my clean-up/safety advice below.

Next:

Re-enable the CD Emulation drivers, the process is the opposite of the instructions outlined here.

Next:

Congratulations your mother's computer now appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well. Plus bare in mind my prior advice about upgrading the presently installed RAM(Random Access Memory).

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Clean up with OTM:

  • Double-click OTM to start the program.
  • Close all other programs apart from OTM as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Reset the System Restore points:

  • Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed combination security application, Trend Micro Internet Security automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:


Be careful when opening attachments and downloading files:

  • Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  • Never open emails from unknown senders.
  • Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  • Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:


Only use one of the above!

Finally a educational source:

This is a excellent resource I recommend reading:- How to prevent Malware

Any questions? If so feel free to ask. If not stay safe!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: PC Reoovery

Unread postby Dakeyras » April 7th, 2010, 8:14 am

As this topic is resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware