Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Multitude of issues [SOLVED]


Recommended Posts

You have Avast and Synantec installed. Running two antivirus us never a good idea.

 

Please uninstall one before continuing. If uninstalling Symantec be sure to remove everything:

  • LiveUpdate 3.1 (Symantec Corporation)
  • Symantec AntiVirus

Then run this tool. Download the Norton Removal Tool (SymNRT) to your desktop.

 

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

 

* Go to your desktop and double click on the 'Norton_Removal_Tool' and then click Setup.

* Once open Click Next

* Accept the license agreement and click Next

* Type in the letters/numbers that you see into the text box then click Next.

* Then click Next and the tool will start running.

* Once finished restart the PC.

* Delete the 'Norton_Removal_Tool' from your desktop.

 

----------

 

Open HijackThis and select Do a system scan only

 

Place a check mark next to the following entries: (if there)

  • F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
  • O2 - BHO: (no name) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - (no file)

Important: Close all open windows except for HijackThis and then click Fix checked.

 

Once completed, exit HijackThis.

 

----------

 

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

 

Go to Start > Run and type notepad.exe then click OK

 

Copy and paste the below into Notepad and save as fixme.reg to Your desktop

 

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mrliub]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06014c34-ac5f-11de-89cc-001fc63da70f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{459c964d-7c56-11de-89b5-001fc63da70f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66c45721-995e-11de-89c3-001fc63da70f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb0e83f1-6b2b-11de-89aa-001fc63da70f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c94b1f2b-6a23-11de-89a9-001fc63da70f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e15d771c-8fa9-11de-89bf-001fc63da70f}]

 

Locate fixme.reg on your desktop and double-click it. Answer Yes when prompted to merge with the Registry.

 

Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

 

Delete the fixme.reg from the desktop.

 

----------

 

Panda USB and AutoRun Vaccine

 

Insert your flash drive before we begin. Hold down the Shift key when inserting the flash drive until Windows detects it to bypass the autorun feature. This will keep the autorun.inf from executing automatically.

 

Download Panda USB and AutoRun Vaccine and save it to your desktop.

 

* Extract (unzip) the file to your desktop and a folder named USBVaccine will be created.

* Open that folder and double-click on USBVaccine.exe to start the program.

* Click Run

* Click the button to Vaccinate computer.

* Insert your USB flash drive.

* When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).

* Exit Panda USB and AutoRun Vaccine when done.

 

Note: Computer AutoRun Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced by malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.

 

----------

 

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

 

Do not confuse Windows Messenger with MSN Messenger or Windows Live Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

 

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

 

Exit out of MessengerDisable then delete the two files that were put on the desktop.

 

----------

 

Your Java is out of date.

 

Older versions have vulnerabilities that malicious sites can use to infect your system.

 

First install the new Sun Java Runtime Environment

 

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

 

Be sure to close all browser windows before beginning the install.

 

Remove the old version(s)

 

Download JavaRa

* Unzip the file and open the JavaRa.exe

* Click Remove Older Versions

* JavaRa will search for and remove any outdated version of Java and remove any that are found.

* Click Additional Tasks

* Place a check next to Remove Useless JRE Files and click Go

* Exit JavaRa

* Delete the JavaRa files from the desktop

 

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

 

----------

 

Clean out your temporary internet files and temp files.

 

Download TFC by OldTimer to your desktop.

 

Double-click TFC.exe to run it.

 

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

 

TFC will close all programs when run, so make sure you have saved all your work before you begin.

 

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

 

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

 

----------

 

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the <<Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Link to comment
Share on other sites

In progress

 

Going through each of these today. I am unable to remove Norton, and I can't even find a system file under Program Files folder. Not sure what's going on there. I'll continue on with the rest of these steps for now, unless this is necessary before proceeding.

Link to comment
Share on other sites

Try booting into Safe Mode and running it.

 

If that does not work then do this please.

 

Go to Start > Run, and copy/paste the following into the Open box (one line at a time) then Click OK after each.

 

sc config SavRoam start= disabled

 

sc  stop SavRoam

 

sc delete SavRoam

 

Now again go to Start > Run, and copy/paste the following into the Open box (one line at a time) then Click OK after each.

 

sc config LiveUpdate start= disabled

 

sc  stop LiveUpdate

 

sc delete LiveUpdate

 

Restart the computer and try running the Norton Removal Tool again.

Link to comment
Share on other sites

Do this please.

 

Download OTM by OldTimer to your desktop.

 

Note: If you are using Vista or Windows 7, right-click on OTM.exe and choose Run As Administrator.

 

* Save it to your Desktop.

* Double-click OTM.exe to run it.

* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

 

:Processes
explorer.exe

:services
Symantec AntiVirus
SPBBCSvc
SNDSrvc
SavRoam
LiveUpdate
SAVRT
SAVRTPEL
SYMTDI
NAVENG
NAVEX15
SymEvent
SYMREDRV
ccEvtMgr
ccSetMgr
DefWatch

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ccSetMgr"=-
"ccEvtMgr"=-
"DefWatch"=-
"Symantec AntiVirus"=-
"SPBBCSvc"=-
"SNDSrvc"=-

:files
C:\Program Files\Symantec
C:\Program Files\Symantec AntiVirus
C:\Program Files\Common Files\Symantec Shared
C:\Documents and Settings\All Users\Application Data\Norton
C:\ComboFix
C:\WINDOWS\zip.exe
C:\WINDOWS\SWREG.exe
C:\WINDOWS\sed.exe
C:\WINDOWS\PEV.exe
C:\WINDOWS\NIRCMD.exe
C:\WINDOWS\MBR.exe
C:\WINDOWS\grep.exe
C:\WINDOWS\SWXCACLS.exe
C:\WINDOWS\SWSC.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

* Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

* Click the red Moveit! button.

* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

 

* Close OTM

 

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

Link to comment
Share on other sites

I couldn't copy within OTM, this popped up after boot..

 

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== SERVICES/DRIVERS ==========

Service Symantec AntiVirus stopped successfully!

Service Symantec AntiVirus deleted successfully!

Service SPBBCSvc stopped successfully!

Service SPBBCSvc deleted successfully!

Service SNDSrvc stopped successfully!

Service SNDSrvc deleted successfully!

Error: No service named SavRoam was found to stop!

Service\Driver key SavRoam not found.

Error: No service named LiveUpdate was found to stop!

Service\Driver key LiveUpdate not found.

Service SAVRT stopped successfully!

Service SAVRT deleted successfully!

Service SAVRTPEL stopped successfully!

Service SAVRTPEL deleted successfully!

Service SYMTDI stopped successfully!

Service SYMTDI deleted successfully!

Service NAVENG stopped successfully!

Service NAVENG deleted successfully!

Service NAVEX15 stopped successfully!

Service NAVEX15 deleted successfully!

Service SymEvent stopped successfully!

Service SymEvent deleted successfully!

Service SYMREDRV stopped successfully!

Service SYMREDRV deleted successfully!

Service ccEvtMgr stopped successfully!

Service ccEvtMgr deleted successfully!

Service ccSetMgr stopped successfully!

Service ccSetMgr deleted successfully!

Service DefWatch stopped successfully!

Service DefWatch deleted successfully!

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\ccSetMgr deleted successfully.

Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\ccEvtMgr deleted successfully.

Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\DefWatch deleted successfully.

Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\Symantec AntiVirus deleted successfully.

Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\SPBBCSvc deleted successfully.

Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\SNDSrvc deleted successfully.

========== FILES ==========

File/Folder C:\Program Files\Symantec not found.

C:\Program Files\Symantec AntiVirus\SAVRT folder moved successfully.

C:\Program Files\Symantec AntiVirus\pki\roots folder moved successfully.

C:\Program Files\Symantec AntiVirus\pki\private-keys folder moved successfully.

C:\Program Files\Symantec AntiVirus\pki\certs folder moved successfully.

C:\Program Files\Symantec AntiVirus\pki\cert-signing-requests folder moved successfully.

C:\Program Files\Symantec AntiVirus\pki folder moved successfully.

C:\Program Files\Symantec AntiVirus folder moved successfully.

C:\Program Files\Common Files\Symantec Shared\VirusDefs\TextHub folder moved successfully.

C:\Program Files\Common Files\Symantec Shared\VirusDefs\incoming folder moved successfully.

C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub folder moved successfully.

C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100416.003 folder moved successfully.

C:\Program Files\Common Files\Symantec Shared\VirusDefs folder moved successfully.

C:\Program Files\Common Files\Symantec Shared\SSC folder moved successfully.

C:\Program Files\Common Files\Symantec Shared\SPManifests folder moved successfully.

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS folder moved successfully.

C:\Program Files\Common Files\Symantec Shared\SPBBC folder moved successfully.

C:\Program Files\Common Files\Symantec Shared\Help folder moved successfully.

C:\Program Files\Common Files\Symantec Shared\EENGINE folder moved successfully.

C:\Program Files\Common Files\Symantec Shared\Decomposers folder moved successfully.

C:\Program Files\Common Files\Symantec Shared folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Norton folder moved successfully.

C:\ComboFix\N_ folder moved successfully.

C:\ComboFix folder moved successfully.

C:\WINDOWS\zip.exe moved successfully.

C:\WINDOWS\SWREG.exe moved successfully.

C:\WINDOWS\sed.exe moved successfully.

C:\WINDOWS\PEV.exe moved successfully.

C:\WINDOWS\NIRCMD.exe moved successfully.

C:\WINDOWS\MBR.exe moved successfully.

C:\WINDOWS\grep.exe moved successfully.

C:\WINDOWS\SWXCACLS.exe moved successfully.

C:\WINDOWS\SWSC.exe moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 5164624 bytes

->Temporary Internet Files folder emptied: 10856595 bytes

->Java cache emptied: 9060 bytes

->FireFox cache emptied: 84904411 bytes

->Flash cache emptied: 6033 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 3090522 bytes

->Flash cache emptied: 14290 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1426118 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 34284470 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23928570 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes

RecycleBin emptied: 169029 bytes

 

Total Files Cleaned = 156.00 mb

 

 

OTM by OldTimer - Version 3.1.10.2 log created on 04242010_172948

 

Files moved on Reboot...

File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

Link to comment
Share on other sites

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the <<Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

 

----------

 

Also let me know how the computer is running now.

 

./

Link to comment
Share on other sites

If there are no more malware issues we can finish up now.

 

Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done.

 

  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox
  • Make sure there's a space between Combofix and /Uninstall
  • Then hit Enter.

 

  • The above procedure will:
  • Delete the following:
  • ComboFix and its associated files and folders.
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.

 

----------

 

Clean out your temporary internet files and temp files.

 

Download TFC by OldTimer to your desktop.

 

Double-click TFC.exe to run it.

 

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

 

TFC will close all programs when run, so make sure you have saved all your work before you begin.

 

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

 

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

 

----------

 

Use the Secunia Software Inspector to check for out of date software.

Click Start Scanner

Check the box next to Enable thorough system inspection.

Click Start

Allow the scan to finish and scroll down to see if any updates are needed.

Update anything listed.

 

----------

 

Go to Microsoft Windows Update and get all critical security updates. (you will need to use Internet Explorer to do this)

 

----------

 

If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version directly from Microsoft Internet Explorer 8: Home page.

 

----------

 

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

 

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy.

* Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

 

Learn more about how to protect yourself while on the Internet from the following link. So how did I get infected in the first place? by Tony Klien.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...