Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Respawning, Multiple Infection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Respawning, Multiple Infection

Unread postby antijkc » January 8th, 2014, 3:58 pm

A: No problems

B: Yes HKCU:Run cdloader magicJack L.P. "C:\Users\Sharon\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
Yes HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Yes HKLM:Run AVG_UI AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
Yes HKLM:Run LifeCam Microsoft Corporation "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
Yes HKLM:Run NUSB3MON Renesas Electronics Corporation "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
Yes HKLM:Run SoundMAXPnP Analog Devices, Inc. C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
No HKLM:Run Total Defense PC Tuneup Reminder PC Pitstop LLC C:\Program Files (x86)\Total Defense\PC Tune-Up\Reminder-PCTuneup.exe
No HKLM:Run VX3000 Microsoft Corporation C:\Windows\vVX3000.exe
Yes Startup Common Microsoft Office.lnk Microsoft Corporation C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE

C: All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Total Defense PC Tuneup Reminder not found.
C:\Program Files (x86)\Total Defense\PC Tune-Up\Reminder-PCTuneup.exe moved successfully.
========== FILES ==========
C:\Program Files (x86)\Total Defense\PC Tune-Up folder moved successfully.
C:\Program Files (x86)\Total Defense folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 14787 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jim
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sharon
->Temp folder emptied: 398223 bytes
->Temporary Internet Files folder emptied: 9033927 bytes
->FireFox cache emptied: 39340658 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6928 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 47.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01082014_145004

Files\Folders moved on Reboot...
C:\Users\Sharon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

D: No more pop-up on boot.
antijkc
Active Member
 
Posts: 9
Joined: January 6th, 2014, 12:46 am
Advertisement
Register to Remove

Re: Respawning, Multiple Infection

Unread postby pgmigg » January 8th, 2014, 6:53 pm

Hello antijkc,

D: No more pop-up on boot.
Great news!!! :D

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 1.
OTL - Run Fix Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    
  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 2.
OTL-Cleanup
You should still have OTL on your desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.

Optional:
You can continue to use CCleaner for periodical cleanup or simply uninstall application.
If you would like to use it, please do the following:

To Run CCleaner:
  1. Right-click on CCleaner desktop icon and select "Run As Administrator..." to run it. If prompted by UAC, please allow it...
  2. Before first regular use, check under Options, Advanced, and UNCHECK "Only delete files in Windows Temp folder older than 48 hours".
  3. A pop up box (if occurred) will appear advising this process will permanently delete files from your system.
  4. Select the items to clean up:
      In the Windows Tab:
    • Clean all entries in the "Internet Explorer".
      Note: "Cookies"...box. If checked will require re-entry of user names, passwords on "next" visit to sites that require users log in.
    • Clean all the entries in the "Windows Explorer" section.
    • Clean all entries in the "System" section...except "Start Menu Shortcuts" and "Desktop Shortcuts" uncheck these 2 items.
    • *Uncheck* the "Advanced" section.
      In the Applications Tab:
    • Clean first 5 positions ending by Session in the "Firefox" section. (if you use it)
      Firefox Caution: "Saved Form Information" and "Saved Passwords boxes. If checked will remove all your saved passwords, if you use that feature.
    • Clean all in the "Opera" section. (if you use it)
    • Clean first 5 positions ending by Session in the "Google Chrome" section. (if you use it)
      Google Chrome Caution: "Saved Form Information" and "Saved Passwords boxes. If checked will remove all your saved passwords, if you use that feature.
    • Clean all in the "Applications" section.
    • Clean all in the "Internet" Section.
    • Clean all in the "Multimedia" section. (if you use them)
    • Clean all in the "Utilities" section. (if you use them)
    • Clean all in the "Windows" section.
  5. Then click the Analyze button and it will scan your system. Wait for a while until it finished.
  6. Then click on Run Cleaner button and it will clean your system.
  7. Close CCleaner when finished.
FYI...You may see some files "marked" for deletion when Windows restarts...this is because they are "in use" by the system and can't be removed until restart.
CAUTION: Please do NOT use the "Registry" button in the left pane.
This is a built-in registry cleaner. Removing certain entries can render your computer inoperable!

Then:
Please don't forget to enable and update all your defense software!

Finally:
Please click HERE to
find a short guide to staying safer online.


Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3188
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Respawning, Multiple Infection

Unread postby antijkc » January 8th, 2014, 11:31 pm

A thousand thank-you's pgmigg!

One final question: since those logs contain identifying information, can the thread be deleted or made MRU private rather than marked closed (especially since the instructions are infection specific)? Thanks again!
antijkc
Active Member
 
Posts: 9
Joined: January 6th, 2014, 12:46 am

Re: Respawning, Multiple Infection

Unread postby Gary R » January 9th, 2014, 6:14 am

I'm sorry, it is not the policy of MWR to remove or alter posts that are posted in this help forum.

The busy staff of this forum do not have time to edit or remove topics to preserve people's privacy before, during or after cleaning your computer of infection.

If this is not acceptable to you, we suggest you seek your help from somewhere that can give you the privacy and anonymity you desire.


Our policy is clearly spelled out in the forum rules ... viewtopic.php?p=491380#p491380 ... which everyone is requested to read before posting for help. (look under "Help topics and privacy")
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Respawning, Multiple Infection

Unread postby Cypher » January 9th, 2014, 12:01 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 66 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware