Virus removal

Status
Not open for further replies.
Symptoms include pop ups advising of multiple threats every day. The first time it happened a 'fake' spyware downloaded every time I clicked on the pop up and then the computer couldn't be used until I removed this program.
 
Hi,

No infection !


Optimization
All of these following proposal lines to fix, are for improve the performance of your PC.
The lines 04- are processus who start automatically when the Pc start.
Some of these processus aren't necessary to start like that.
And somes other ones, can have a shortcut on desktop, to be use by double-click when the user need it.
No software process are delete, only the registry entry where process are place for start at boot.

Open HijackThis
• Select [Do a system scan only],
• Put a hook in front of each following lines,
• Close Internet Explorer ands all windows,
• And press [Fix Checked].

Fix it.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"

You can create a shortcut. - Allows you to connect your Acer laptop to a projector.
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

If you don't need - For translating Japanese/Chinese text in IE, Outlook and Word.
Oups.. I remarked your IP is from Asia, then perhaps is good for you - As you want.

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

Fix it.
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

As you want - Related to Acer_ ePower_Management Detect any Security Threat.
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

Fix it.
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

If you use it sometime, fix it and create a shortcut on your desktop.
Acer's eRecovery Management program. This program allows you to create and restore backups of your compute
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

Fix it. - can create shortcut if need, for somes.
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\Ants\Application Data\Smilebox\SmileboxTray.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office Find Fast Indexer.lnk = C:\MSOffice\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\MSOffice\Office\MSOFFICE.EXE
O4 - Global Startup: PictureMover.lnk = C:\Program Files\PictureMover\Bin\PictureMover.exe

Fix it.
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

  • Restart your PC
_______________________________________________________

Optimization too..
Open notepad (Start menu --> search.., enter notepad)
• Put these (sc... in the Quote) lines in the notepad,
• Save the notepad as ServMod.bat on your desktop,
• Run ServMod.bat
sc config "Apple Mobile Device" start= demand
sc config "Ati HotKey Poller" start= demand
sc config IDriverT start= demand
sc config "iPod Service" start= demand
sc config JavaQuickStarterService start= demand
sc config LexBceS start= demand
sc config LightScribeService start= demand

• You could uninstall Yahoo! Toolbar, if you don't use it.
You'll improve the perfomance of your pc.

• Watch software update regulary(at 2 weeks) with Update Checker.

After some update of Java, Adobe.. use StartUpLite
• For remove some process (from registry entry) at the Boot.
• List of soft manage by StartUpLite : http://www.malwarebytes.org/forums/index.php?showtopic=1248
 
Status
Not open for further replies.
Back