Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojans & Worm/Generic.FX ?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby random/random » August 31st, 2006, 7:51 am

You rn the scan correctly

Let's get rid of some unecessary startup items to speed your PC up

Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

Then close all windows except Hijackthis and click Fix Checked

Restart

Post back with a new HijackThis log along with a description of the remaining problems
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm
Advertisement
Register to Remove

Unread postby Mad-Friend » August 31st, 2006, 8:28 am

:) Thankyou random/random for replying and for all your help.
I have followed your advice and PC is now working faster. How do you know all this stuff?
I am posting a new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 13:16:15, on 31/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\trish\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tesco.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by WHSmithnet
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
O15 - Trusted Zone: http://memberservices.tesco.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4E544C53-6967-6E02-BBAD-233AD71832A8} (NTLSignup1 Class) - https://tesco.autoregister.net/tesco/NTLSignup.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1075279500
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Being greedy I know but is there any way to make my word program work faster? I checked it out, it is still iffy and the "requsting virus scan" is still popping up every time I open word. I can live with this if I have too but would like to fix it if there is a way (as it never used to do that).
Thankyou again random/random :thumbright:
Mad-Friend
Regular Member
 
Posts: 42
Joined: July 29th, 2006, 2:32 pm

Unread postby random/random » August 31st, 2006, 8:32 am

Are you using microsoft word?

Is the requesting virusscan popup cooming from AVG antivirus?
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby Mad-Friend » August 31st, 2006, 9:13 am

Hi random/random,
yes to the first part of your question. I am using Microsoft word 2002.

To the second part of your question I am not sure if it is my AVG asking for the virus scan. There is no obvious clue that it is AVG. The request comes at the bottom left hand corner of the bar in small plain writing. Many times I have done scans and nothing shows in AVG or its test results that indicates a virus in word. I have tried Detect and repair but when clicking on the link it won't load even though I am online at the time. It says I have to load the disk. The only disk that came with my Medion PC was a Microsoft Works Suite 2002 and it had all the programmes on it but does not recognise the Microsoft word 2002. So I just keep hitting a blank wall and getting nowhere. Word runs slow and has glitches in it. Sometimes the prgrammes crashes and I have to save work to another file. It just behaves oddly at times. Recently (assuming I had a corruption in word) I tried to fix it by clicking on run and typing in SFC/scannow in the box. I had seen this advice given on another site and followed it thinknig it would fix the odd glitches. It didn't. Half my files became corrupted and it took me over two days and some brilliant advice from a friend to recover the lost word files. I was so glad to get them back I didn't worry about the original reasons for trying to repair word, just accepted things as they were and decided to leave well alone.

I've gone on a bit :oops: sorry, but felt it might help to be as explicit as possible.
Yours sincerely Mad-Friend with thanks.
Mad-Friend
Regular Member
 
Posts: 42
Joined: July 29th, 2006, 2:32 pm

Unread postby random/random » August 31st, 2006, 9:42 am

Do you have the install disk and licence code for microsoft word?

If so please try uninstalling and then reinstalling microsoft word

Let me know if this resolves the problem
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby Mad-Friend » August 31st, 2006, 10:14 am

Hi random/random,
I have a Microsoft Works Suite 2002 disc. It has the following on in
Microsoft Works Suite 2002.
M. Word 2002.
M. Works 6.0
M. Works Clipart.
M. Money 2002.
M. Picture it 2002 Standard.
M. Encarta Encyclopedia Standard 2002.
M. Streets & Trips 2002.
M. Pocket Steets for Windows CE.
This is in an ordianry black case with a label on the back which has Medion stamped on it & M Works Suite 2002
M. Works Suite 2002 (UK only)
Product Key: XXXXXXXXXXXXXXXXXX

On the label at the bottom it says in small print M. Certificate of Authenticity M Corporation.
There is also a number at on it X08-19081
If I uninstall word will I lose my word files?
What happens if I do this and the disc won't load?

Edited by NonSuch to remove product key.

Please do not ever post your product key in public. It could be picked up and used by unscrupulous individuals in an attempt to validate illegal copies of software.
Mad-Friend
Regular Member
 
Posts: 42
Joined: July 29th, 2006, 2:32 pm

Unread postby Mad-Friend » August 31st, 2006, 10:22 am

Dear random/random,
I have just read this on the enclosed slip:

"If you do not activate your Microsoft product within 50 product launches (after initial launch in the event the computer manufacturer has not preactivated the preinstalled product, or after certain reinstallations or computer reconfigurations) it will convert to reduced functionality mode. In reduced functionality mode you will no longer be able to create new or edit existing documents. Additional funcionality may also be reduced."
:?
Product was already installed when I bought it.
Does this mean disc will no longer work? :(
Mad-Friend
Regular Member
 
Posts: 42
Joined: July 29th, 2006, 2:32 pm

Unread postby Mad-Friend » August 31st, 2006, 10:24 am

Erm, what is the license code and where do I look for it please?
Mad-Friend
Regular Member
 
Posts: 42
Joined: July 29th, 2006, 2:32 pm

Unread postby random/random » August 31st, 2006, 12:17 pm

The licence code is the product key you just posted, please edit it out of your post or someone else will use it.

It doesn't mean your disc will no longer work, you just need to activate it online after reinstalling. I'll get back to you as sooon as I find out how to do this.
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby Mad-Friend » August 31st, 2006, 12:22 pm

Hi random/random,
not sure if you are there or have gone home to bed (we all need to rest).
I have located the cirtificate of authenticity I think. It is on the back of the disc case with a Product key number.
I enclosed above info because I was unsure if this disc is authentic and concerned if I uninstalled M. Word then tried to reinstall it and it didn't work what would happen?
If I unistall Word will I lose my files & folders?
Mad-Friend
Regular Member
 
Posts: 42
Joined: July 29th, 2006, 2:32 pm

Unread postby Mad-Friend » August 31st, 2006, 12:29 pm

Please disregard last post random/random. I've seen your message.
:shock: I had no idea. Please tell me how to edit my Product key number out. The notes at the bottom of the page say I cannot edit out.
I will do it as soon as I know how.
Mad-Friend
Regular Member
 
Posts: 42
Joined: July 29th, 2006, 2:32 pm

Unread postby random/random » August 31st, 2006, 12:30 pm

Uninstalling and reinstalling microsoft word should not cause you to lose any files

The product key needed to be removed from the post because if it is not then other people will see it and start to use it which would mean you would no longer be able too use your copy because microsoft would detect it as a pirated key when you tried to activate it. One of the site admins has removed the key for you.

If the disk came with the PC then it is highly unlikely that it will not load, however:

If you do this and the disc doesn't load, then you ask the manufacturer you got it from to supply you with a legit, working copy

Also microsoft does have a free viewer for word documents and openoffice can successfully open and edit nearly all word documents
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby random/random » August 31st, 2006, 12:40 pm

Before reinstalling microsoft word you can try this

  • Go to http://www.microsoft.com/
  • Choose for Office at the left of the webpage
  • Choose for Check for Updates at the right of that webpage
  • Choose for Check for Updates again, at the middle of that webpage
  • Just keep following the Check for Updates and update everything it finds. You'll need your Microsoft Word disk!


Let me know if this solves the problem
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby Mad-Friend » August 31st, 2006, 2:43 pm

Dear random/random,
thankyou for your advice. I followed your instructions, clicked on the updates. It took an hour for M Office workpack3 to download, installing went half way when this error came up:
"Path M Works Suite 2002 disc 1 cannot be found (I inserted it). Veritfy that you have access to this location and try again or try to find installation package 'WORDRET.MS1' in a folder from which you can install the product M Word 2002.

I did this, ran a search and it found nothing. Several more searches came up blank.
I re-loaded the disc twice more and it isn't even showing up on my desktop. :?
I clicked on M advice sections and drew a blank, going round in circles trying to resolve the reason why the disc isn't recognised and downloads are not happening.

I shall try to contact Medion and request a replacement disc.

Thankyou for all your help.
Not sure where we go from here.
Mad-Friend
Regular Member
 
Posts: 42
Joined: July 29th, 2006, 2:32 pm

Unread postby Mad-Friend » August 31st, 2006, 4:57 pm

Dear random/random,
I meant to say a BIG thankyou to the person who removed the Product key.
Thankyou Nonsuch for your advice, believe me I won't do that again.

To random/random, I am certain the virus scan request is not coming from AVG.

I have contacted Medion, told them about the Works Suite disc not being recognised by Micorsoft and will await a reply.

Thankyou once again random/random for all your help and advice. Computer is working much faster now, more like its old self.
Once I have had a reply from Medion I will let you know.
Goodnight, Mad-Friend.
Mad-Friend
Regular Member
 
Posts: 42
Joined: July 29th, 2006, 2:32 pm
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware