Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Recovery Virus


  • Please log in to reply
15 replies to this topic

#1 pi1983

pi1983

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 01 November 2011 - 06:37 PM

Hello! I hope you're well. A few months ago bleepingcomputer helped me remove the Windows Vista Recovery Virus from my laptop. When my sister-in-law told me what was happening to her computer I knew exactly what it was, except she has XP not Vista.

I was able to install Malwarebytes and I ran it. I installed Microsoft Security Essentials and ran it as well. I currently have that setup for the real-time protection. I manually removed all unwanted and unnecessary programs and cleaned the registry of known associations with the Recovery Virus. I took extreme care to only remove the registry items I could verify were the virus.

I know there's still things wrong with it even though Malwarebytes and MSE tell me the computer's clean. I can see random letter processes running that I don't think should be there. I know there's cleanup tools but I'm not sure what the next step is. That's why I'm here :)

The outstanding issues on the computer are as follow...

1) The computer runs extremely slow. So slow that I'm using my laptop to post this because the infected computer crashed before I could click "Post..."
2) There's an annoying "Coupons" bar that shows up while using Google Chrome. I removed it from the Programs list but the bugger still pops up on Chrome.
3) The Start Menu items are empty. I think I may have screwed this one up. I read that the virus moves the items to the TEMP folder. Sadly, I read that after I deleted the TEMP folder contents and emptied the Recycling Bin.

Help is greatly appreciated. I have her computer here at my house so I will be able to reply to posts before the three day deadline :)

Hope to hear from you soon. Thanks again.

Edited by hamluis, 01 November 2011 - 06:50 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:41 AM

Posted 01 November 2011 - 08:24 PM

Hello can you post one of those processes,It is probsbly the clue.
Yes do not run a Temp file or reg cleaner now.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 pi1983

pi1983
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 03 November 2011 - 07:42 PM

Sorry it's taken a bit. The virus came back full strength so I'm trying to work through it. I ran the ESET scan and it found 2 threats which it said it removed but then the whole thing crashed. I'm trying to run it again now.

#4 pi1983

pi1983
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 03 November 2011 - 07:59 PM

ESET is giving me an error 101 saying the program has already been run. It then sits there at 50% and won't do anything. I'm trying to run Malwarebytes again to see if I can clear it up so I can reboot without the virus running. Hopefully that will make things a little easier.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:41 AM

Posted 03 November 2011 - 08:42 PM

How do I uninstall the ESET Online Scanner components from my computer?

After every scan an option to uninstall ESET Online Scanner with all its components is provided. It is easy, convenient and can be done directly via the graphic user interface by clicking on the corresponding check box and hitting the "uninstall on close" button.

To remove the ESET Online Scanner components from your computer, start the Add or Remove Programs (filename: appwiz.cpl) applet from Control Panel, select the ESET Online Scanner entry and click Remove. A restart may be required to complete uninstallation.

Manual Uninstall: Run the Online Scanner Uninstaller (filename: OnlineScannerUninstaller.exe) program, located in the C:/WINDOWS/SYSTEM32 directory on computers running 32-bit (x86) editions of Microsoft Windows and in the C:/WINDOWS/SYSWOW64 directory on computers running 64-bit (x64) editions of Microsoft Windows.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 pi1983

pi1983
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 03 November 2011 - 09:59 PM

Malwarebytes cleaned it up and allowed me to run a clean reboot. I uninstalled and reinstalled ESET and now I'm running it. 31% and 1 threat found so far.

#7 pi1983

pi1983
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 03 November 2011 - 10:50 PM

Here's the results.


C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\13\77137ecd-3dd3f579 a variant of Java/Agent.DW trojan deleted - quarantined
Operating memory a variant of Win32/Olmarik.AWO trojan

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:41 AM

Posted 04 November 2011 - 09:57 AM

Good let me see if this shows something.
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 pi1983

pi1983
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 06 November 2011 - 09:07 PM

Here's the results :)


MiniToolBox by Farbar
Ran by User (administrator) on 06-11-2011 at 20:06:53
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 4"

set address name="Wireless Network Connection 4" source=dhcp
set dns name="Wireless Network Connection 4" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 4" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : HP30394189102

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.fl.comcast.net.



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

Physical Address. . . . . . . . . : 00-13-21-F3-A5-7C



Ethernet adapter Wireless Network Connection 4:



Connection-specific DNS Suffix . : hsd1.fl.comcast.net.

Description . . . . . . . . . . . : Belkin Basic Wireless USB Adapter

Physical Address. . . . . . . . . : 94-44-52-DD-0A-4B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 75.75.75.75

75.75.76.76

Lease Obtained. . . . . . . . . . : Sunday, November 06, 2011 8:05:56 PM

Lease Expires . . . . . . . . . . : Monday, November 07, 2011 8:05:56 PM

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 74.125.65.104, 74.125.65.105, 74.125.65.106, 74.125.65.103
74.125.65.99, 74.125.65.147



Pinging google.com [74.125.65.103] with 32 bytes of data:



Reply from 74.125.65.103: bytes=32 time=40ms TTL=49

Reply from 74.125.65.103: bytes=32 time=42ms TTL=49



Ping statistics for 74.125.65.103:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 40ms, Maximum = 42ms, Average = 41ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 67.195.160.76, 72.30.2.43, 98.137.149.56, 98.139.180.149
209.191.122.70



Pinging yahoo.com [98.139.180.149] with 32 bytes of data:



Reply from 98.139.180.149: bytes=32 time=92ms TTL=46

Reply from 98.139.180.149: bytes=32 time=100ms TTL=47



Ping statistics for 98.139.180.149:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 92ms, Maximum = 100ms, Average = 96ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 21 f3 a5 7c ...... Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler Miniport
0x10004 ...94 44 52 dd 0a 4b ...... Belkin Basic Wireless USB Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.101 192.168.1.101 25
192.168.1.101 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.101 192.168.1.101 25
224.0.0.0 240.0.0.0 192.168.1.101 192.168.1.101 25
255.255.255.255 255.255.255.255 192.168.1.101 2 1
255.255.255.255 255.255.255.255 192.168.1.101 192.168.1.101 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/06/2011 08:05:52 PM) (Source: LoadPerf) (User: )
Description: Installing the performance counter strings for service WmiApRpl (%2) failed. The
Error code is the first DWORD in Data section.

Error: (11/06/2011 08:05:52 PM) (Source: LoadPerf) (User: )
Description: Unable to update the performance counter strings of the 009 language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Error: (11/06/2011 08:05:49 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (11/06/2011 08:05:49 PM) (Source: LoadPerf) (User: )
Description: Unable to update the performance counter strings of the 009 language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Error: (11/03/2011 10:52:40 PM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 14.0.835.202, faulting module chrome.dll, version 14.0.835.202, fault address 0x00276f1e.
Processing media-specific event for [chrome.exe!ws!]

Error: (11/03/2011 08:38:06 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module Flash10q.ocx, version 10.3.181.14, fault address 0x003bd21a.
Processing media-specific event for [svchost.exe!ws!]

Error: (11/03/2011 07:32:28 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759303, P2 unspecified, P3 scanfile, P4 3.0.8402.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/03/2011 07:32:27 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 3.0.8402.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/03/2011 07:32:24 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759303, P2 unspecified, P3 scanfile, P4 3.0.8402.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/03/2011 07:31:56 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 3.0.8402.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.


System errors:
=============
Error: (11/06/2011 08:05:36 PM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (11/06/2011 08:04:44 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt

Error: (11/06/2011 08:04:42 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service failed to start due to the following error:
%%3

Error: (11/06/2011 08:04:42 PM) (Source: Service Control Manager) (User: )
Description: The System Restore Service service terminated with the following error:
%%5

Error: (11/06/2011 08:04:42 PM) (Source: Service Control Manager) (User: )
Description: The AVG WatchDog service failed to start due to the following error:
%%3

Error: (11/06/2011 08:04:40 PM) (Source: SRService) (User: )
Description: The System Restore initialization process failed.

Error: (11/03/2011 06:38:10 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt

Error: (11/03/2011 06:38:07 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service failed to start due to the following error:
%%3

Error: (11/03/2011 06:38:07 PM) (Source: Service Control Manager) (User: )
Description: The System Restore Service service terminated with the following error:
%%5

Error: (11/03/2011 06:38:07 PM) (Source: Service Control Manager) (User: )
Description: The AVG WatchDog service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================
Error: (11/06/2011 08:05:52 PM) (Source: LoadPerf)(User: )
Description: WmiApRpl

Error: (11/06/2011 08:05:52 PM) (Source: LoadPerf)(User: )
Description: 009

Error: (11/06/2011 08:05:49 PM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl

Error: (11/06/2011 08:05:49 PM) (Source: LoadPerf)(User: )
Description: 009

Error: (11/03/2011 10:52:40 PM) (Source: Application Error)(User: )
Description: chrome.exe14.0.835.202chrome.dll14.0.835.20200276f1e

Error: (11/03/2011 08:38:06 PM) (Source: Application Error)(User: )
Description: svchost.exe5.1.2600.5512Flash10q.ocx10.3.181.14003bd21a

Error: (11/03/2011 07:32:28 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry2152759303unspecifiedscanfile3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (11/03/2011 07:32:27 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry2152759308unspecifiedscanfile3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (11/03/2011 07:32:24 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry2152759303unspecifiedscanfile3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (11/03/2011 07:31:56 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry2152759308unspecifiedscanfile3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL


=========================== Installed Programs ============================

Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.14)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Shockwave Player 11.5 (Version: 11.5.6.606)
ArcSoft PhotoImpression 6 (Version: 6)
ArcSoft Print Creations
AVG 2011 (Version: 10.0.1411)
AVG 2011 (Version: 10.0.2092)
Broadcom Management Programs (Version: 7.58.01)
Business-in-a-Box (Version: 5.0.3)
EPSON CX8400 User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX8400 Series Scanner Driver Update
ESET Online Scanner v3
HP Help and Support (Version: 3.100.6.1)
Intel® Graphics Media Accelerator Driver
InterVideo WinDVD (Version: 5.0-B11.417)
Java™ 6 Update 29 (Version: 6.0.290)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
McAfee Security Scan Plus (Version: 2.0.181.2)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Norton Security Scan (Version: 3.1.1.6)
OpenOffice.org 3.2 (Version: 3.2.9483)
PDF Complete
Photo Transport (Version: 1.0.1)
Software Setup
SoundMAX (Version: 5.12.01.4070)
Swift Platinum Invoices & Estimates
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 1015.43 MB
Available physical RAM: 539.85 MB
Total Pagefile: 1292.13 MB
Available Pagefile: 843.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.55 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:37.27 GB) (Free:18.95 GB) NTFS
3 Drive e: () (Removable) (Total:0.96 GB) (Free:0.95 GB) FAT

========================= Users: ========================================

User accounts for \\HP30394189102

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0 User

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:41 AM

Posted 07 November 2011 - 02:58 PM

How is it now>
Do you see anything "Coupons" in the ADD/Remove section in Control Panel that you can remove?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 pi1983

pi1983
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 07 November 2011 - 10:12 PM

There was no Coupons in the Add/Remove but I was able to find a forum of other people having the same problem with an easy fix. I had to right click the icon next to the Chrome settings wrench instead of clicking the actual bar. The Uninstall was right there.

I'm having trouble with losing internet if the computer is on for extended periods. I've been afraid to reboot in fear of the virus taking back over but I have to sometimes just get the internet working again. Usually disabling and re-enabling the adapter and flushing/renewing the dns works but today it didn't. I even tried pulling out the USB wifi thing and plugging it back in. I ended up having to reboot.

Some of the weird processes running are:

User
ctfmon.exe
msseces.exe
hkcmd.exe
igfxtray.exe

System
lsass.exe
csrss.exe
smss.exe
SMAgent.exe
jqs.exe

Local Service
alg.exe

ALG I believe was a former anti-malware program installed. It was a nightmare trying to remove that program and I think from the looks of it it's still here...

Edited by boopme, 07 November 2011 - 10:48 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:41 AM

Posted 07 November 2011 - 10:52 PM

The processes are ok.

ALG I believe was a former anti-malware program installed. It was a nightmare trying to remove that program and I think from the looks of it it's still here...
Did you mean AVG?

For the connection try these...
Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 pi1983

pi1983
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 08 November 2011 - 07:05 PM

Awesome. I ran the command. I am also going to run unhide.exe to restore the hidden files.

Is there anything else we need to run/do to make sure this computer's good to go?

Thanks!

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:41 AM

Posted 08 November 2011 - 11:24 PM

You can update to Java7.
Did you fix this?

ALG I believe was a former anti-malware program installed. It was a nightmare trying to remove that program and I think from the looks of it it's still here

...
Did you mean AVG?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 pi1983

pi1983
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 10 November 2011 - 07:11 PM

I'll update Java tonight.

Yes, I'm sorry, I meant AVG :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users