Advice needed!

Hi folks,
I have just been past an old PC that i was hoping to give to my daughter. I have tried to clean it up a bit…*being a relative dunce with all matters IT!
I downloaded avast this AM and run a full scan…and found literally hundred of problems…which i moved to the chest. Eventually got rid of the old eksplorasi etc etc.
The problem happened after the advice of a boot time scan afterwards…which found to or three other corrupted files. Everything hung up at windows shutting down, i manually shut down and restarted…avast wouldnt run citing something to do with mapping points_ *sorry I am translating from the spanish. There was no record of the boot time scan no anything in the chest.I run mbam, and hijack this…but avast is still saying the same thing.
I also downloaded winpatrol to try and see what was happening. It is telling me winlogn>shell is trying to get in on the act…
Any advice appreciated…although things are running…If I cannot sort the problem myself, I don´t think it worth bothering!
Thanks in advance

welcome to the forum.

someone will check that log for you im not an expert on them.

could you post the malwarebyte log so we could have a look on that.

you could give superantispyware a shot for a second opion.

http://filehippo.com/download_superantispyware/.

good luck.

why don’t you give it a boot time scan…?

and you should try reading the post again :wink:

The problem happened after the advice of a boot time scan afterwards.....
There was no record of the boot time scan no anything in the chest......

Many thanks,

seems I am getting somewhere! After reading through some other threads, I reinstalled and now things are moving.

I have got task manager, regedit back…etc…etc and so far…things seem to be ticking.

I still have a problem with the PC not shutting down before, or restarting after the bootscan but at least avast is opening and running.

Am just doing a quick scan then will try another bootscan.

mbam log attached.

Many thanks

@ jonnyboy1970,

Don’t go anywhere. I’m reviewing your MBAM log and will give you further instructions.

Based on your MBAM log, you obviously has a lot of malware.

How is your machine running now? Do not bother with the bootscan at this point if you are having difficulty with it.

I’d like to do additional testing because you had a large amount of malware and I want to be sure you are clean. Please follow the directions below:

Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0.

Follow the directions for obtaining the OTS logs (save them as ANSI and not Unicode). Post the OTS log as an attachment (Additional Options > Attach > Post).

I am going to refer you to our Certified Malware expert, named Essexboy. He will also review your logs and give you further instructions, however he comes on the forum late UK time. He will respond to you in this thread, so remember to check this thread daily.

Please do not make any further changes to your machine after you have provided the logs.

IMPORTANT: If you are on a home network, disconnect the affected machine from the network. Do not share a USB/flash drive with this affected machine. Do not use this machine unless Essexboy instructs you do to malware removal instructions; use a different machine to check email, sync your phone, etc. if possible.

Let me know if you have any questions. Thank you.

Edit: Essexboy has been notified.

Many, many thanks.

Seems quite stable at the moment, and certainly alot faster! Altough I´m still quite nervous about what may turn up in these logs!

I failed to mention that I have not fixed oe deleted anything that turned up in the previous scans.

OTS log attached.

Thanks

Did you have Symantec (Norton) on your machine (even as a trial) at some time?

I reviewed your OTS log. As I mentioned earlier, you have a lot going on.

You can run CCleaner (just the cleaner part, not the registry part) now.

Let us know the answer to my previous post re: Symantec.

Essexboy will give you further instructions. In the meantime, do not use the machine or sync it with anything; try to use a different machine if possible. However you will need the machine to perform the malware removal instructions Essexboy will give you. He comes on the forum late UK time. Thank you for providing the OTS log.

Quite possibly…I was only given the tower yesterday.

I think i recall seeing some files pop up somewhere during the long night! with the name symantec?

Will do as I am told!

Thanks again Sir.

Download and run the Norton removal tool from here to clear them http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN, then reboot your machine. After rebooting, run CCleaner (cleaning part only; not the registry part).

Just to say i have done as told.

Did a boot/time scan…this time all finished and the scan was logged when avast opened without a problem.

Also did a full scan and no threats were found.

PC is running fine now and all seems back to normal. Although used Nero 7 as a test and it told me would have to re/install because of probable virul complications.

Thanks.

Hi still a few elements to remove, also did you turn off system restore ?

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

[Unregister Dlls]
[Processes - Safe List]
YY -> symlcsvc.exe -> C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
[Win32 Services - Safe List]
YN -> (Programador de LiveUpdate automático) Programador de LiveUpdate automático [Auto | Stopped] -> 
YY -> (Symantec Core LC) Symantec Core LC [Auto | Running] -> C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
[Driver Services - Safe List]
YY -> (symlcbrd) symlcbrd [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\symlcbrd.sys
[Registry - Safe List]
< HOSTS File > ([2011/05/10 08:36:28 | 000,012,513 | ---- | M] - 123 lines) -> C:\WINDOWS\system32\drivers\etc\hosts
YN -> Reset Hosts -> 
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-823518204-688789844-1060284298-1003\] > -> HKEY_USERS\S-1-5-21-823518204-688789844-1060284298-1003\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [&Yahoo! Toolbar]
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{CCA281CA-C863-46ef-9331-5C8D4460577F}" [HKLM] -> [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{CCA281CA-C863-46ef-9331-5C8D4460577F}" [HKLM] -> [Reg Error: Key error.]
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\
YN -> .com [@ = comfile] -> Reg Error: Key error.
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YY -> nodenable hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Archivos de programa\ESET\nodenable.exe
YN -> UserFaultCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\
YN -> .bat [@ = batfile] -> Reg Error: Key error.
YN -> .cmd [@ = cmdfile] -> Reg Error: Key error.
YN -> .com [@ = comfile] -> Reg Error: Key error.
YN -> .pif [@ = piffile] -> Reg Error: Key error.
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-823518204-688789844-1060284298-1003\SOFTWARE\Classes\<extension>\
YN -> .html [@ = ChromeHTML] -> Reg Error: Key error.
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
YN -> VideoEgg -> VideoEgg Publisher
[Files/Folders - Created Within 30 Days]
NY ->  Bron.tok-12-6 -> C:\Documents and Settings\Yola-Clara\Configuración local\Datos de programa\Bron.tok-12-6
NY ->  Bron.tok-12-3 -> C:\Documents and Settings\Yola-Clara\Configuración local\Datos de programa\Bron.tok-12-3
NY ->  Bron.tok-12-2 -> C:\Documents and Settings\Yola-Clara\Configuración local\Datos de programa\Bron.tok-12-2
NY ->  Bron.tok-12-1 -> C:\Documents and Settings\Yola-Clara\Configuración local\Datos de programa\Bron.tok-12-1
NY ->  Bron.tok-12-30 -> C:\Documents and Settings\Yola-Clara\Configuración local\Datos de programa\Bron.tok-12-30
NY ->  Bron.tok-12-29 -> C:\Documents and Settings\Yola-Clara\Configuración local\Datos de programa\Bron.tok-12-29
NY ->  Bron.tok-12-28 -> C:\Documents and Settings\Yola-Clara\Configuración local\Datos de programa\Bron.tok-12-28
[Files - No Company Name]
NY ->  JCJAZZ.xspf -> C:\Documents and Settings\Yola-Clara\Escritorio\JCJAZZ.xspf
NY ->  Bron.tok.A12.em.bin -> C:\Documents and Settings\Yola-Clara\Configuración local\Datos de programa\Bron.tok.A12.em.bin
NY ->  jokpapbqbi.dat -> C:\WINDOWS\System32\jokpapbqbi.dat
[File - Lop Check]
NY ->  avg7 -> C:\Documents and Settings\All Users\Datos de programa\avg7
NY ->  AVG7 -> C:\Documents and Settings\LocalService\Datos de programa\AVG7
NY ->  AVG7 -> C:\Documents and Settings\Yola-Clara\Datos de programa\AVG7
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
  

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Can’t thank you all enough…

Log attached.

How is it running now ?

Could you turn on system restore please to confirm that it is working

Just activated system restore and set new recoupaeracion point.

No Problem?

Thanks

OFF TOPIC: lol recoupaeracion. De donde eres?

jonnyboy1970,

Now that you turned on your System Restore, is your machine working normally now? If not, please tell us what is wrong with the machine?

Also, is Avast updating and working normally now? Thank you.

linux731 - from the UK, Living in Spain. Between Spanish, English and computer speak, i may as well be illiterate at the moment !!!

All seems fine now, avast seems to be working fine. Except…

I have been checking if all the programs are functioning ok. I opened a word doc. (MS office pro 2003 installed) and since i closed the doc I keep getting a window saying (sorry linux731! translation again!)

“the function which is trying to use this ?network? which is not available” then asking for a new path…and I cant get rid of it! popping up every 30 secs!

Also, tried to replay a conventional DVD (with wmp, vlc etc) and it´s choppy and slow…which it wasnt before? MP4´s etc are playing fine.

I don´t know much about codecs etc…but something seems to have changed.

I got a message whilst checking Nero 7 premium (which was installed) saying something was wrong “probably because of a virus” I have just written some word docs to disc with no problems. Still checking things!

Thanks again for all the help