Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cloudfront.net [Solved]


  • This topic is locked This topic is locked

#31
khphoto1

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
In add remove I found a program called INFOSEEKER created on 6/28/13. Big Water Applications LLC. Might this be it?
  • 0

Advertisements


#32
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts

In add remove I found a program called INFOSEEKER created on 6/28/13. Big Water Applications LLC. Might this be it?


Sorry for the weekend delay.

That's not it, but please uninstall that, as it needs to go too. Also, if you see anything about a "We-Care Reminder," uninstall it as well.

The one we were looking for doesn't exist, so just delete the folder:
C:\Program Files\TelevisionFanaticEI


And let's find out about the PAV.job:

Please download autoruns here and double-click autoruns.exe inside the folder to run the program. Please navigate to the "Scheduled Tasks" tab and tell me the information that is listed for PAV.job. I am specifically interested in the executable (.exe program) that it runs.
  • 0

#33
khphoto1

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Television Fanatic is removed, We-Care is removed, Autoruns displays PAV as a file not found. Autoruns also shows 'we-care' as a file not found in key: HKCU\Software\Microsoft\ie\extensions. There are several others displaying in yellow with 'file not found'. Is there a registry cleaner you would recommend?

Over the weekend I did some more investigation and 'pav' stands for personal anti virus.

p.s. we-care and xyz are in the _OTL folder. I'm guessing we'll be removing that folder in the last stages of clean-up.
  • 0

#34
khphoto1

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
In the results of Security checks:
What is 'UAC is disabled'
Should I delete or update Hijack This,
Should I update JAVA and Adobe Reader and Adobe Flashplayer?
  • 0

#35
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts

Television Fanatic is removed, We-Care is removed, Autoruns displays PAV as a file not found. Autoruns also shows 'we-care' as a file not found in key: HKCU\Software\Microsoft\ie\extensions. There are several others displaying in yellow with 'file not found'. Is there a registry cleaner you would recommend?


If the executable is not found, then go ahead and delete the C:\Windows\Tasks\PAV.job

We don't recommend using registry cleaners here, as they really produce no benefit in the speed of your computer, and they can often go awry and make your computer unbootable. If you want to to save a txt file from the autoruns report, I can take a look and see.


Over the weekend I did some more investigation and 'pav' stands for personal anti virus.

p.s. we-care and xyz are in the _OTL folder. I'm guessing we'll be removing that folder in the last stages of clean-up.



The _OTL quarantine will be removed at the end, also we will take care of the below:

In the results of Security checks:
What is 'UAC is disabled'
Should I delete or update Hijack This,
Should I update JAVA and Adobe Reader and Adobe Flashplayer?




  • 0

#36
khphoto1

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
PAV folder is deleted. A short version of the 'yellowed' reg items are:

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" "" "11/2/2006 8:46 AM"
+ "rdpclip" "" "" "File not found: rdpclip" ""


HKCU\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "7/8/2013 10:27 AM"
+ "We-Care Add-on" "" "" "File not found: C:\ProgramData\WeCareReminder\IEMenuItem.dll" ""


+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs" "1/20/2008 10:32 PM"
+ "\PAV" "" "" "File not found: C:\Program Files\PAV\pav.exe" ""



"HKLM\System\CurrentControlSet\Services" "" "" "" "6/29/2013 10:49 PM"
+ "AtiPcie" "ATI PCIE Driver for ATI PCIE chipset" "ATI Technologies Inc." "c:\windows\system32\drivers\atipcie.sys" "10/30/2006 2:23 PM"
+ "BCM42RLY" "" "" "File not found: system32\drivers\BCM42RLY.sys" ""



+ "HSXHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsxhwazl.sys" "5/8/2008 4:05 PM"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys" ""


+ "mdmxsdk" "Diagnostic Interface x86 Driver" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys" "6/19/2006 5:26 PM"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys" ""
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys" ""
  • 0

#37
khphoto1

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Infoseeker was also removed.
  • 0

#38
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
I will post later on today when I get a chance. Most of those things I think are better left alone. They shouldn't hurt your system.
  • 0

#39
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Can you tell me what tab this entry was found under:

+ "\PAV" "" "" "File not found: C:\Program Files\PAV\pav.exe" ""
  • 0

#40
khphoto1

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Here is more of the file. Looks like it is part of HKLM...

"HKCU\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "7/8/2013 10:27 AM"
+ "We-Care Add-on" "" "" "File not found: C:\ProgramData\WeCareReminder\IEMenuItem.dll" ""
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "7/3/2013 2:00 AM"+ "HP Smart Select" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll" "3/26/2008 6:25 PM"
+ "Sun Java Console" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre1.6.0_05\bin\ssv.dll" "2/22/2008 6:33 AM"
"Task Scheduler" "" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe" "7/25/2008 6:09 PM"
+ "\Google Software Updater" "gusvc" "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe" "3/2/2012 5:13 PM"
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe" "8/22/2008 3:35 PM"
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe" "8/22/2008 3:35 PM"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe" "1/25/2013 12:25 AM"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs" "1/20/2008 10:34 PM"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs" "1/20/2008 10:32 PM"
+ "\PAV" "" "" "File not found: C:\Program Files\PAV\pav.exe" ""+ "\RealPlayerRealUpgradeLogonTaskS-1-5-21-4093085210-3276581103-882992531-1000" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe" "4/16/2013 3:45 PM"
+ "\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4093085210-3276581103-882992531-1000" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe" "4/16/2013 3:45 PM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "6/29/2013 10:49 PM"
+ "Ati External Event Utility" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe" "11/24/2006 10:36 PM"
+ "ATTRcAppSvc" "RcAppSvc, Service Helper" "PCTEL" "c:\program files\at&t\communication manager\rcappsvc.exe" "3/6/2008 5:10 PM"
+ "CAATT" "ConAppsSvc" "PCTEL" "c:\program files\at&t\communication manager\conappssvc.exe" "3/6/2008 5:09 PM"
+ "gupdate1c9b89a511223e2" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe" "8/22/2008 3:35 PM"
  • 0

Advertisements


#41
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Okay. Please open the Task Scheduler:

  • Click the Start button.
  • Click Control Panel .
  • Click System and Maintenance .
  • Click Administrative Tools .
  • Double-click Task Scheduler .
Then see if you can find the PAV task. If so, select Actions -> Delete. If not, then we don't need to worry about it.

Also, let's reset IE.

After this, we should be ready for updates and cleanup!








  • 0

#42
khphoto1

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Found the PAV in the Task Scheduler. Deleted it.
Reboot computer.
Ran Autoruns again - PAV is no longer there.
Reset IE
On shutdown it had 13 updates from Windows, Restart took awhile, and so did starting up IE. Everything seems to be running much more quickly.
I think we're ready for clean-up.
  • 0

#43
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Congratulations, khphoto1 :). Your computer now appears to be clean. Please complete the followings steps to finalize the cleaning process.

Please update these programs, as old versions pose a security risk.
  • Java

    WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
    See this article and this article.
    I would recommend that you completely uninstall Java unless you need it to run an important software.
    In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

    If you do need java, then you should definitely update to the latest version:

    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe, then click Remove JRE.
    • Run the built-in uninstallers for all copies of java listed
    • Click the Next button
    • Click the Next button again
    • Click the Java Manual Download link
    • A browser window will open with the Java download page
    • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
    • Run the installer
    • Close JavaRa
  • Adobe Flash -> Always keep updated with the latest version here.
  • Adobe Reader -> You can get the latest version here.

    I would recommend securing Adobe Reader against the latest exploits as follows:

    • Launch Adobe Reader.
    • Click on Edit and select Preferences.
    • On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
    • Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
    • Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
    • Click the OK button.
  • HijackThis can be uninstalled. It is outdated and no longer used.

Clean up OTL:
  • Open OTL and select the "CleanUp" button.
  • Allow the computer to reboot.
  • Any logs or removal tools left over can be deleted now. If ESET is still installed, you can uninstall it from the "Programs and Features" menu in the control panel.

Delete possibly infected restore points. Your computer may have saved a restore point while it was infected, so we need to delete the old restore points and create a new, clean one.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access.
  • Turn off System Restore.
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Protection tab.
    • Un-check the boxes next to your hard drives.
    • Click Apply, and then click OK.
  • Reboot.
  • Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Protection tab.
  • Check the boxes next to your hard drives.
  • Click Apply, and then click OK.

Empty temp files. I would recommend doing this every so often to free up some space on your computer.

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean


Turn on UAC: You have UAC disabled on your computer. I would recommend turning it on, because it provides additional protection to keep malicious software from running on your computer with higher privileges. To turn it on, do the following:
  • Open User Account Control Settings by clicking the Start button, and then clicking Control Panel. In the search box, type uac, and then click Change User Account Control settings.
  • Move the slider to the default position, and then click OK. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Ensure that Windows is always updated. Keeping Windows updated is very important to prevent security vulnerabilities. I recommend turning on automatic updates following the instructions below:
  • First, click on Start and click onAll Programs, then Windows Update.
  • Click on Change Settings in the left pane and then check the option for Automatic Updates.

Always ensure that your firewall and anti-virus program are updated and running. These are your first line of defense against infection.

Make sure that you keep all of your programs updated. Out-of-date programs can make your computer more vulnerable to infection. Software manufacturers release updates to fix security problems as they are discovered. Secunia Personal Software Inspector, free to download here, is a good program that will scan your computer looking for programs that need to be updated.

This article has good information about how computers get infected. You can read it for good tips on staying clean and safe.
  • 0

#44
khphoto1

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Thank you for all your time and help. The cleanup list will be done tomorrow. I'll post back IF there are any problems.
Kathy
  • 0

#45
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Glad to help. Posted Image
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP