Highlighted
2 Bronze

Re: Computer crashes (blue screen) often; computer may have infected yesterday with a trojan. hijack this attached.

Kevin,

Another roadblock...Tried uninstalling TM in safe mode but got the following message: "Windows installer service could not be accessed. This can occur if the installer is not correctly installed......"  Will wait to hear from you before i continue on with the other steps.  Have not worked on the router yet. 

0 Kudos
Highlighted
4 Beryllium

Re: Computer crashes (blue screen) often; computer may have infected yesterday with a trojan. hijack this attached.

Hiya Robin,

I feel the best way to remove the unwanted TM entries with the following tool.. we shouldn`t have any issues with the Internet connection this time because the firewall driver has already gone.

Please download OTM by OldTimer.
Alternative Mirror
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
  • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy😞
    -------------------------------------------------------------------

    :Reg
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
    "pccguide.exe"=-
    :Services
    pavboot
    Tmntsrv
    :Files
    c:\windows\system32\drivers\pavboot.sys
    c:\program files\trend micro
    :Commands
    [EmptyTemp]

    ---------------------------------------------------------------------
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red user posted image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

You should be able to run Secunia after OTM.

Let me see the OTM log in your reply, also any remaining issues/concerns that remain.

Kevin

[img]http://en.community.dell.com/cfs-file.ashx/__key/communityserver-components-userfiles/00-00-87-63-64-Attached+Files/0172.dellrsnew.jpg[/img]
 

 

0 Kudos
Highlighted
2 Bronze

Re: Computer crashes (blue screen) often; computer may have infected yesterday with a trojan. hijack this attached.

Hi Kevin.  Here is the OTM log.  TM seems to be gone now.  Currently running Secunia scan.  Will let you know it goes.  Also, still have not attempted to re-install router yet, maybe this weekend.

 

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pccguide.exe deleted successfully.
========== SERVICES/DRIVERS ==========
Error: Unable to stop service pavboot!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pavboot deleted successfully.
Service Tmntsrv stopped successfully!
Service Tmntsrv deleted successfully!
========== FILES ==========
c:\windows\system32\drivers\pavboot.sys moved successfully.
c:\program files\Trend Micro\Internet Security 14\TmpxTmp folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\VsapiDriver\AU_Backup folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\VsapiDriver folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\VsapiDll\AU_Backup folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\VsapiDll folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\TscEngine64 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\TscEngine\AU_Backup folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\TscEngine folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\TmufEngine folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\SsapiEngine folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\product\TMAS_OL64 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\product\TMAS_OL32 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\product\TMAS_OE64 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\product\TMAS_OE32 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\product\AU_Backup\1\125 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\product\AU_Backup\1 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\product\AU_Backup folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\product folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\CfwDriver\AU_Backup folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\CfwDriver folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\AntiSpamPattern\AU_Backup folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\AntiSpamPattern folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\AntiSpamEngine folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Temp\5836_3256\AU_Down\pattern folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Temp\5836_3256\AU_Down folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Temp\5836_3256 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Temp\4108_2136\AU_Down\pattern folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Temp\4108_2136\AU_Down folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Temp\4108_2136 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Temp folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Log folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Data\AU_Temp folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Data\AU_Log folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Data\AU_Cache\pccdell14-p.activeupdate.trendmicro.com folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Data\AU_Cache folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Data folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Cache\pccdell14-p.activeupdate.trendmicro.com folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Cache folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\TASK folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\SpyBackup\{DDC6A8D4-1F77-46A6-8B37-E6C220760C45} folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\SpyBackup\{893B802D-8D83-45B8-A163-D483FAEE9BD2} folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\SpyBackup folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Quarantine\Backup folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Quarantine folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Profile folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\PFW folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\NEW\2 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\NEW\1 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\NEW\0 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\NEW folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\log folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\L10N folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\FastScan folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\drivers\VsapiDriver folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\drivers\TdiDriver folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\drivers\CfwDriver folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\drivers folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\AU_Backup\3\536875008 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\AU_Backup\3\524288 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\AU_Backup\3\4 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\AU_Backup\3\2048 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\AU_Backup\3\1048576 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\AU_Backup\3 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\AU_Backup folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\AspmData folder moved successfully.
c:\program files\Trend Micro\Internet Security 14 folder moved successfully.
c:\program files\Trend Micro\HijackThis\backups folder moved successfully.
c:\program files\Trend Micro\HijackThis folder moved successfully.
c:\program files\Trend Micro folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temporary Internet Files folder emptied: 402 bytes
 
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guest
->Temporary Internet Files folder emptied: 804 bytes
 
User: Public
 
User: Robin
->Temporary Internet Files folder emptied: 462633006 bytes
->Flash cache emptied: 1931844 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 276368 bytes
Windows Temp folder emptied: 676429 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 657692 bytes
RecycleBin emptied: 624128 bytes
 
Total Files Cleaned = 445.00 mb
 
 
OTM by OldTimer - Version 3.1.17.2 log created on 02102011_185833

Files moved on Reboot...

Registry entries deleted on Reboot...

0 Kudos
Highlighted
4 Beryllium

Re: Computer crashes (blue screen) often; computer may have infected yesterday with a trojan. hijack this attached.

OK, Let me know how you get on, also what issues/concerns remain...

[img]http://en.community.dell.com/cfs-file.ashx/__key/communityserver-components-userfiles/00-00-87-63-64-Attached+Files/0172.dellrsnew.jpg[/img]
 

 

0 Kudos
Highlighted
2 Bronze

Re: Computer crashes (blue screen) often; computer may have infected yesterday with a trojan. hijack this attached.

Hi Kevin,

I am up and running wireless again.  Had to update my drivers.  So, am I looking OK or do we still have work to do.  Did you detect anything malicious going on with my system? I haven't had any more system crashes.

Thanks.

0 Kudos
4 Beryllium

Re: Computer crashes (blue screen) often; computer may have infected yesterday with a trojan. hijack this attached.

 

Logs are clean, nothing to worry you. As follows :-


  • Re-open user posted image to run it. (Vista and Win 7 users, right click on OTL and "Run as administrator")
  • Click on the user posted image button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes


Make sure you run Secunia as instructed in previous reply, carry out all suggested updates. Let me know if you have any remaining issues or concerns...


Kevin


[img]http://en.community.dell.com/cfs-file.ashx/__key/communityserver-components-userfiles/00-00-87-63-64-Attached+Files/0172.dellrsnew.jpg[/img]
 

 

0 Kudos
Highlighted
2 Bronze

Re: Computer crashes (blue screen) often; computer may have infected yesterday with a trojan. hijack this attached.

I ran the OTL.  And I made updates suggested by Secunia.  I have no other issues so i guess this is the end of our journey.  Thank you very much and I appreciate all your help.

Robin

0 Kudos
Highlighted
4 Beryllium

Re: Computer crashes (blue screen) often; computer may have infected yesterday with a trojan. hijack this attached.

Since this issue appears to be resolved  the topic has been closed. Glad we could help.:emotion-21: 

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

The fixes and advice in this thread are for this System only. Do not apply the instructions from this thread to your own System. Please start a new thread describing your issue and someone will be along to assist you.

[img]http://en.community.dell.com/cfs-file.ashx/__key/communityserver-components-userfiles/00-00-87-63-64-Attached+Files/0172.dellrsnew.jpg[/img]
 

 

0 Kudos
Highlighted
4 Ruthenium

Re: Computer crashes (blue screen) often; computer may have infected yesterday w

This ancient thread has been up for several days now with no apparent response. Just checking to see if the forum is functioning OK.

0 Kudos
Highlighted
7 Gold

Re: Computer crashes (blue screen) often; computer may have infected yesterday w

Dale,

I replied to this thread on 5/14, stressing its ancient nature.   

I'm not sure if posts are showing up in chronological order...

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos