[RKinner]

This looks like it might apply:

http://www.sevenforu...-win32-sys.html

Appears Firefox uses Times New Roman by default. Wordpad on my PC uses something called Callabri.

See if you can change Firefox to use Arial

http://support.mozil...rs-websites-use

[Advertisements]

Changed font to areal in FF ... afraid same problem. Wow, that link to FF and wordpad was a good find. Was thinking we had some hope. Is there anything you want me to back and try again, in case I may have not done it right?
Thanks!

[soonerskies]

Changed font to areal in FF ... afraid same problem. Wow, that link to FF and wordpad was a good find. Was thinking we had some hope. Is there anything you want me to back and try again, in case I may have not done it right?
Thanks!

[RKinner]

I reread the article and it was caused by Mathematica which is not installed but there is something that might have added fonts:

Serif DrawPlus Starter Edition

This is a free download so he can always redownload if removing it doesn't do any good.

Same goes for Avery Template so uninstall it too.

There is a crash report in Firefox but I doubt it will tell us much:

type in

about:crashes

and you should get a list of numbers and dates. double click on the first one and it should eventually show you more details about the crash. Does it say anything about Crashing Thread at the bottom? (Other than No crashing thread identified.)

I found a similar article and the guy said he replaced the whole folder C:\Windows\fonts with the one from the disk and that fixed his problem.
Another guy said just looking at the folder with Explorer caused Windows to crash. Can you try that? Does it crash?

[soonerskies]

Ahhhhh ... this ...

"Another guy said just looking at the folder with Explorer caused Windows to crash"


Went to the fonts folder ... crash.

Hmmm ... I don't know if this machine came with a windows 7 disk. ???

[soonerskies]

I don't suppose it's as simple as copying the fonts folder on my laptop and copy over to my dad's machine?

[soonerskies]

Found this ... give this a shot?

To restore Windows 7 default fonts:

1. Go to start > Control Panel > Appearance and Personalization > Fonts (or you can just type “fonts” in control panel)

2. Select Font settings on the left

3. Select Restore default font settings.

[RKinner]

You can try the procedure you found or if your PC is also win 7 64 bits then you can copy the folder.

[soonerskies]

Ok ... couldn't restore fonts as above ... as when selecting "fonts" would crash the system. Couldn't access fonts directory to copy anything new/different, as accessing the fonts directory would cause crash.

Found instructions online about rebuilding the font cache. Tried that, deleted fntcache.dat and rebooted. Appears to have solved the crash problem! Can access the font directory, can run firefox, can run Wordpad w/o crashing system. Yay! Brilliant catch on bad fonts! Thanks!

Now what?!

... Mike

[RKinner]

Very strange!

Are there any more problems? If not we can clean up:

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"c:\users\Gilbert\Desktop\Fix PC Tools Feb2013\ComboFix.exe" /Uninstall

Pause the anti-virus. Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

Unpause the anti-virus.

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 17 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then you should install No-Script (Firefox) or Script-No add-ons (Chrome) and only use Firefox or Chrome to visit the site. You will need to tell No-Script/Script-No that the site is allowed to run Java.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.

If you are feeling especially paranoid you can install the free firewall called Online Armor:
http://www.online-armor.com/


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron

[soonerskies]

Ron ... some questions ... if you don't mind ...

Registry Remnants. Took a quick look at registry via regedit. Saw some entries of programs I had deleted. Any issues with these, would it be good to get rid of them or is it ok to leave as is?

HKEY_CURRENT_USER
SpeedyPC Software
SweetIM
Torch
may have been more, just took a quick look and those are the ones I recognized)


Driver Update Applications. I’ve just about gotten rid of all of the nasty “performance/security/etc”software from his machine (I don’t want to think how many $’s he’s spent on that stuff) … but I’ve so far retained a couple of driver update software routines he’s purchased, Advanced Driver Updater and DriverUpdate by slimware. Having something that serves to keep his drivers updated seems like a good idea. Doesn’t seem like there’s a need or it be desirable to have both products running. Any reasons to not keep one of these? Do you have an opinion regarding either of these products?


Cloud Backup Services. He also has two cloud backup services … MyPCBackup and Online Vault. Do you have any thoughts/experience on either service; do you recommend these types of services?


Do you know if “Akamai net session interface” safe to keep?


Printers. Also … reminder … the problem that actually prompted my dad to ask me for help was he lost ability to access his printers. I haven’t had his machine over at his place all this time, so haven’t tried … you think likely printer access was lost due to the variety of malware that was on the system? Would you speculate, maybe at most, I just reinstall the printer drivers and we should be good to go?


Parent Proofing. Also, considering my dad clicks on stuff, has downloaded lots of crapware … even paying money for it … would you have any advice for configuring his browsers, security software or some 3rd party software that could help protect himself from himself? I’m going to attempt, yet again, to have a civil discussion with him, explaining how he has these problems and mom's machine doesn't. It just seems to wear off after a while. Any advice … including references to information sites would be appreciated.

Thx! ... Mike

[RKinner]

Registry Remnants. Took a quick look at registry via regedit. Saw some entries of programs I had deleted. Any issues with these, would it be good to get rid of them or is it ok to leave as is?

HKEY_CURRENT_USER
SpeedyPC Software
SweetIM
Torch
may have been more, just took a quick look and those are the ones I recognized)

Leave them alone. They aren't bothering anything.

Driver Update Applications. I’ve just about gotten rid of all of the nasty “performance/security/etc”software from his machine (I don’t want to think how many $’s he’s spent on that stuff) … but I’ve so far retained a couple of driver update software routines he’s purchased, Advanced Driver Updater and DriverUpdate by slimware. Having something that serves to keep his drivers updated seems like a good idea. Doesn’t seem like there’s a need or it be desirable to have both products running. Any reasons to not keep one of these? Do you have an opinion regarding either of these products?

Don't know much about either. Cnet reviews seem to imply they are both scams.
http://download.cnet...830.html#rateit
http://download.cnet...106.html#rateit
Old drivers aren't normally a big problem (unless they cause BSODs). Old Programs are more a problem which is why I recommend FileHippo's updatechecker.

Cloud Backup Services. He also has two cloud backup services … MyPCBackup and Online Vault. Do you have any thoughts/experience on either service; do you recommend these types of services?

If he needs something like that then one is enough. Two would just slow things down. My feeling is that buying an external hard drive and using it for backup is a lot cheaper in the long run so I don't bother with them. If there is something I really don't want to lose then I email it as an attachment to my gmail.com account. These are subscription things so make sure they get canceled.

Do you know if “Akamai net session interface” safe to keep?

Appears to be a downloader. It's safe but you can remove it if you want to.

"Akamai NetSession Interface is a tool that can help you you enjoy faster, more reliable downloads from a variety of sources you choose. When you download software from companies like Autodesk®, or other companies offering PDF files, documents, and media streams, there’s a good chance that download is powered by Akamai NetSession Interface. The NetSession Interface is installed on your computer with your permission and can be removed at any time."

Printers. Also … reminder … the problem that actually prompted my dad to ask me for help was he lost ability to access his printers. I haven’t had his machine over at his place all this time, so haven’t tried … you think likely printer access was lost due to the variety of malware that was on the system? Would you speculate, maybe at most, I just reinstall the printer drivers and we should be good to go?

It's likely that a reinstall would do the job. I would uninstall the old drivers completely and reboot then download the latest drivers. Is the printer connected directly to his PC or is it on Mom's?

Parent Proofing. Also, considering my dad clicks on stuff, has downloaded lots of crapware … even paying money for it … would you have any advice for configuring his browsers, security software or some 3rd party software that could help protect himself from himself? I’m going to attempt, yet again, to have a civil discussion with him, explaining how he has these problems and mom's machine doesn't. It just seems to wear off after a while. Any advice … including references to information sites would be appreciated.

Create a new Admin login with a password. Then log in as the new Admin and change his account to a simple user.
Windows also has Parental Controls that you can put on his login but I don't know much about them. http://windows.micro...rental-controls
You might also want to try a full install of TeamViewer on his PC. http://www.teamviewe...m/en/index.aspx
Then when you can log in once in a while and run a few scans and check up on him without his knowing. Maybe tell Avast to do a boot-time scan once in a while:
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

For what it is worth most porn sites are less likely to give him a virus than church sites.
http://www.wyff4.com...92/-/index.html
He just needs to visit them with Firefox with Ad-Block Plus add-on and without Java. (Must have Avast running and up-to-date Flash too.) That way he won't see the ads which often link to sites that do have malware.

[soonerskies]

Thank you so much for all your help and advise in getting this machine cleaned up. I hope my dad and I can keep it clean!

One more issue plz ... regarding wallpaper/background image ...
I can select wallpaper/background image … but it doesn’t show on screen. Just a black background. Checking “Personalization” … it shows the image I had selected for “Desktop Background”. When I shutdown, as soon as start, the black background disappears and the selected background image appears … then goes to shutdown. On bootup … the selected background never appears, always goes to the black background. I haven't found anything online that would seem to address this one. Any thoughts? Thx!

[RKinner]

Looks like
Scenario 3
You see a black background even though you change your background picture.

See if this helps:

http://support.micro....com/kb/2504610

[soonerskies]

Thank you! …
“Method 5: Check the Remove background setting under the Ease of Access settings”
… got the background back.

FixCleaner issue ...
I left his machine up running today, when I checked it “FixCleaner” had run … or at least it had a window open telling me the number of problems it had found. I just know I uninstalled it the other day, but it still ran?? It doesn’t show up in Windows Uninstall, Revo Uninstall, in “All Programs”, nor does a search for “FixCleaner” show up any executables. However, it does show up in the windows toolbar.

Anything suggestions to get rid of this?


I installed teamviewer ... it works and looks good, haven't figured out yet how to set up so he doesn't have to do something on his end ... I haven't looked all the way through the documentation yet.

[RKinner]

I expect it is a scheduled task. OTL shows a scheduled task for it and several of the other snake oil programs and often when you uninstall the program they don't remove the task.

"[2013/03/02 18:00:00 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/03/02 16:41:50 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2013/03/02 16:41:08 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\FixCleaner Startup.job
[2013/03/02 16:38:37 | 000,000,520 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/03/02 16:38:33 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2013/02/28 00:15:41 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\AdvancedDriverUpdater.job
[2013/02/27 10:43:03 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\AdvancedDriverUpdater_UPDATES.job"

In (Start) All Programs, Accessories, System Tools there is a Scheduled Task which will let you view and delete them. Note what program they run then also delete the program as well as the task.

If you install the full version there is an option to set a password where it says Use your personal password to access this computer. That should set it up so that you can always get to it.