[Carleea]

Hello Geeks

 

Thanks in advance for any helpful soul available:

 

I have a Sony Vaio running Windows 7.

 

I was stupid enough to click through on a dodgy Hotmail message telling me that an old friend had left me a message on Wikipedia. I know that's not even possible but 'd had a beer and I wasn't thinking as I surfed. (Thought it might helo to know the origin.)

 

 

Since then, my PC has been afflicted:

 

When it boots I know have to select the Windows 7 operating system from a list with only that on it.

Cursor goes crazy - jumps to end of line and moves things around

Hard drive wheezes and gets hot

Cursor flickers

 

 

I've tried: OTL (have log but am not technical enough to correct).

HujackThis - I delete files (if the cursor lets me highlight them) and BHOs

MalwareBytes has not helped

ZoneAlam snoozes

 

Tried various others I can't remember.

 

Hiujack this says I might have a virus in the Hosts file but I don't know how to take action.

 

If anyone can help I'd be so grateful

 

I was so desperate that I reformatted the whole PC - wiped the lot - years of work (*fortunately I had clen back uos) - but the malware is still there.

 

Can anybody help? Thanks so much

 

Charlotte

[Advertisements]

Hi,

Let's see what we can do.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[azarl]

Hi,

Let's see what we can do.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[Carleea]

Thanks so much, Teacher. excuse typos - cursor bad.

Attached Files

•  Addition.txt   83.8KB   153 downloads
•  FRST.txt   268.58KB   150 downloads

[Carleea]

In case this helps, I forgot to mention.....

 

Half of the times I turn it on the PC hangs and reboots with "Installing Windows Updates" or "Configuring Windows Uodate 1 out of 20" - or similar.

[azarl]

Hi Carleea

 

If you can, please post the logs in your post, it makes it easier for me. If not you can attach them

 

Firstly I'd remove Reimage Repair - if you search the Internet it doesn't have a great reputation.
 
So plan of action
 
Step #1
Uninstall Reimage Repair

Go to Start Menu>Control Panel>Add or Remove Programs and remove the following program:

• Reimage Repair

 

Step #2
Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs and click on the AdwCleaner icon.



Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt
 

Finally

Step #3

Run FRST again, like you did earlier and post the log again please

 

[Carleea]

Thanks, Azarl.

 

Log 1:

 

# AdwCleaner v3.216 - Report created 26/07/2014 at 10:28:22
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Charlotte - CHARLOTTE-VAIO
# Running from : C:\Users\Charlotte\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files\Reimage
Folder Deleted : C:\Users\Charlotte\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Charlotte\AppData\Local\SearchProtect
File Deleted : C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\9dxcacg7.default\searchplugins\trovi-search.xml
File Deleted : C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\9dxcacg7.default\searchplugins\zonealarm.xml
File Deleted : C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\9dxcacg7.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\GlobalUpdate
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\9dxcacg7.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MB39CB7FB-05BF-4E19-AC29-7831617AA79C&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP8B05A2B1-EE02-43C[...]
Line Deleted : user_pref("browser.search.defaultenginename", "Trovi search");
Line Deleted : user_pref("browser.search.selectedEngine", "Trovi search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MB39CB7FB-05BF-4E19-AC29-7831617AA79C&SearchSource=55&CUI=&UM=6&UP=SP8B05A2B1-EE02-43C2-A1BF[...]
Line Deleted : user_pref("extensions.crossrider.bic", "147556b5d3246c9b58c703a4b62bab47");

*************************

AdwCleaner[R0].txt - [5554 octets] - [26/07/2014 10:25:10]
AdwCleaner[S0].txt - [5358 octets] - [26/07/2014 10:28:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5418 octets] ##########
 

 

 

 

Log 2:

 

# AdwCleaner v3.216 - Report created 26/07/2014 at 10:35:41
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Charlotte - CHARLOTTE-VAIO
# Running from : C:\Users\Charlotte\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\9dxcacg7.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [5554 octets] - [26/07/2014 10:25:10]
AdwCleaner[R1].txt - [909 octets] - [26/07/2014 10:33:39]
AdwCleaner[S0].txt - [5518 octets] - [26/07/2014 10:28:22]
AdwCleaner[S1].txt - [831 octets] - [26/07/2014 10:35:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [890 octets] ##########
 

[azarl]

OK, that's cleared a lot of junk
 
» Step 1«

• Click on Start > Run
• In the "Run" Box type chkdsk /r (note the space between the 'k' and the '/' ) and hit the enter key
• If you get the message "chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? <y/n>" , answer Y
• You will get the message: "This volume will be checked the next time the system restarts"
• Reboot the system and chkdsk will start to run allow it to complete.

Notes:

• It may take a considerable time to complete
• Do not run any other programs or use the pc whilst chkdsk is running
• Do not switch of the PC, it may damage the system.

When it finishes ...
 
» Step 2«

 Scan with ListChkDskResult

Please download ListChkDskResult by SleepyDude and save it to your desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• A message about checking Windows Event Log will pop-up. Click OK.
• Wait patiently until a notepad window will open. This won't take long.
• The displayed logfile will be also saved to your desktop as ListChkDskResult.txt.

Please include the content of this file in your next reply.

[Carleea]

I've followed the instructions to run checkdisk but nothing seems to be happening.

 

I can see what looks like the black Command Prompt window flash uo very briefly then it disappears and nothng happens. I can see white text in it but the window disappears too quickly for me to read it.

 

If I go to Task Manager there is no indication I can see that checkdisk is running (but that doesn't mean anything - I'm no expert).

 

I'll reboot and get back to you.

 

.

[Carleea]

First, my cursor is alreadty much better - thanks.

 

Rebooted and nothing happened but Vaio was running a Vaio Care Process. I wonder if that is the equivalent of checkdisk?

 

Please advise.

[azarl]

• Click on Start > Run
• In the "Run" Box type CMD
• A box will open type chkdsk /r
  (note the space between the 'k' and the '/' ) and hit the enter key
• If you get the message "chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? <y/n>" , answer Y
• You will get the message: "This volume will be checked the next time the system restarts"
• Reboot the system and chkdsk will start to run allow it to complete.

[Carleea]

When I try to run chkdsk I get: Access Denied as you do not have sufficient privileges. You have to invoke this utility running in elevated role.

 

There is only one user account on this laptop - I am the Administrator but it does not seem to grant me full access.

 

Is there any way round this? I've logged out and back in again (as the same person) and looked at the administrator stuff in Windows - but I AM the administrator.

 

Sorry to hold things up with what are probably Vaio/Windows issues.

[Carleea]

Sorry - ignore - sorted it

[Carleea]

Chkdsk does not run on reboot - I tried it twice.

[azarl]

OK. let's have a look at the system files

 

• Click on Start > Run
• In the "Run" Box type CMD
• A box will open, this time type sfc /scannow
  (note the space between the 'c and the '/' ) and hit the enter key
• Follow the on-screen instructions
• When it finishes it should tell you if problems were encountered

[Carleea]

No - it did not find any integrity violations.