MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 10-13-08, 21:06
bwnvideo bwnvideo is offline
Private E-2
 
Join Date: Oct 2008
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default "vxvc" keystrokes & other lovely problems

Here's the 3 problems I'm having:
  1. Computer is slow, seems to run things in background often, not sure if that's just normal proper stuff running or not
  2. "vxvc" keystrokes appear when I return to computer after leaving for a while, mostly in Outlook subject field; I don't know if there's some kind of malware trying to execute some type of program or what but it appears again and again and I never typed it in
  3. I get an "Access Denied" type of error message when I make any changes to msconfig and click OK to get out of it; not sure what that means or how to fix it

I don't know exactly what I was doing at the time the keystroke issue started happening; I tried downloading an Elite Antikeylogger program but it doesn't seem to be doing anything. The slowness of the computer I'm not sure if that's just normal and I'm impatient more nowadays or if it's indicative of a real problem; and finally, of course, the Access Service Denied thing that happens when I try to make msconfig changes that's been happening for about a year I guess; the "vxvc" keystrokes started earlier this year.

Logs attached.

Thanks!
Attached Files
File Type: txt log.txt (23.7 KB, 5 views)
File Type: txt mbam-log-2008-10-12 (04-50-12).txt (834 Bytes, 4 views)
File Type: txt SASlog.txt (465 Bytes, 4 views)
Reply With Quote
Sponsored links
  #2  
Old 10-13-08, 21:07
bwnvideo bwnvideo is offline
Private E-2
 
Join Date: Oct 2008
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: "vxvc" keystrokes & other lovely problems

Here's the 4th log.
Attached Files
File Type: zip MGlogs.zip (122.2 KB, 4 views)
Reply With Quote
  #3  
Old 10-14-08, 00:52
bwnvideo bwnvideo is offline
Private E-2
 
Join Date: Oct 2008
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: "vxvc" keystrokes & other lovely problems

Oh yeah, it also sometimes types "Rrnvxvc" in the Recipient field and "nvxvc" in the content of the email itself...but then never apparently actually sends it.

Typically, it's done as if it's a reply to the last selected message.
Reply With Quote
  #4  
Old 10-15-08, 23:55
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,127
Thanks: 61
Thanked 7,566 Times in 4,067 Posts
Default Re: "vxvc" keystrokes & other lovely problems

Quote:
Originally Posted by bwnvideo View Post
Computer is slow, seems to run things in background often, not sure if that's just normal proper stuff running or not
Much of this is due to what you are running and we will get to some of this below where I will have you uninstall a few things.
Quote:
Originally Posted by bwnvideo View Post
"vxvc" keystrokes appear when I return to computer after leaving for a while, mostly in Outlook subject field; I don't know if there's some kind of malware trying to execute some type of program or what but it appears again and again and I never typed it in
Try using another keyboard and see if there is any change.


Do you use CinemaNow Media Manager ? I'm not saying it is malware. I'm just think about your slow PC problem.

Did you purchase the below? If not, uninstall all of them?
Uniblue PowerSuite
Uniblue RegistryBooster 2
Uniblue SpeedUpMyPC 3
Uniblue SpyEraser
Uniblue System Tweaker

Also uninstall the below:
Ad-Aware
Elite Antikeylogger 3.0 [build 123]
PrevxCSI
Windows Defender


Now the biggest problem!!!!! Your Desktop is totally cluttered with too much junk! 984 files on your Desktop!!!!! This will slow your PC down and it provides an easy hiding place for malware. In addition it makes it much much harder to find anything on your Desktop. You need to take immediate action on this and delete anything that is not needed and move anything that you do need somewhere else that is safe and more permanent and is not on your Desktop. When you finish, only link (.lnk files) and shortcuts to run necessary programs should remain. DO NOT download and save files to your Desktop except for temporary purposes.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O15 - Trusted Zone: http://*.bwnvideo.com
O15 - Trusted Zone: http://www.ebonymeat.com

After clicking Fix, exit HJT.

Now we need to use ComboFix to remove a bunch of malware files.
  • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    • If it is not on your Desktop, the below will not work.
  • Open Notepad and copy/paste the text in the below quote box into it:
Quote:
KILLALL::

File::
C:\Documents and Settings\All Users\Application Data\113.sys

Folder::
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"=-
  • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
  • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
  • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
  • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  • Follow the prompts.
  • When it finishes, a log will be produced named c:\combofix.txt
  • I will ask for this log below
Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:
  • C:\ComboFix.txt
  • C:\MGlogs.zip
Make sure you tell me how things are working now!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #5  
Old 10-16-08, 07:43
bwnvideo bwnvideo is offline
Private E-2
 
Join Date: Oct 2008
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: "vxvc" keystrokes & other lovely problems

Thanks so much!

Yeah, I have CinemaNow.

To answer your question about these: ?* Uniblue PowerSuite Uniblue RegistryBooster 2 Uniblue SpeedUpMyPC 3 Uniblue SpyEraser Uniblue System Tweaker -- yes, I bought those as a suite.

On these: *Also uninstall the below:*
Ad-Aware
Elite Antikeylogger 3.0 [build 123]
PrevxCSI
Windows Defender

I tried uninstalling Elite Antikeylogger and it failed; tried it in Ccleaner too and failed again something about the 'install' program not being present or something.

On the others there Ad-Aware and PrevxCSI I bought or downloaded those the first is Lavasoft's I believe; aren't those appropriate antispam, antivirus programs why am I deleting them? Or are they known bad for some reason?

On Windows Defender, that's the Microsoft program right -- that's bad??

Moving on from there, I moved the entire Desktop content of files except for links off to another drive; I didn't know it made a difference where I put files on the computer as far as slowing it down; I've had the desktop 'hidden' so you don't even see the files on the desktop but I guess it doesn't matter so I did that.

Windows Messenger removed, as described.

On the Trusted Zone deal, I got rid of ebonymeat but on bwnvideo that's my site bwnvideo shouldn't I leave that as trusted or is there a reason that I should get rid of it anyway?

The rest, I did. Logs attached. ;-) Thanks, how's it look and what can I do to get rid of Elite? Is that also a program you know to be bad because it sounded like it would be the exact solution to by apparent keylogging thing but I never really saw it do anything...
Attached Files
File Type: zip MGlogs.zip (97.6 KB, 4 views)
File Type: txt ComboFix.txt (16.7 KB, 4 views)
Reply With Quote
Sponsored links
  #6  
Old 10-18-08, 19:57
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,127
Thanks: 61
Thanked 7,566 Times in 4,067 Posts
Default Re: "vxvc" keystrokes & other lovely problems

Quote:
Originally Posted by bwnvideo View Post
On the others there Ad-Aware and PrevxCSI I bought or downloaded those the first is Lavasoft's I believe; aren't those appropriate antispam, antivirus programs why am I deleting them? Or are they known bad for some reason?
The main reason I'm having you uninstall some items is because you said your PC was slow and some of these will definitely slow your PC down.

In addition, the free Ad-Aware is not worth using as it is very ineffective at finding and removing real malware of any significance. You are much better off keep SUPERAntispyware and Malwarebytes around for backup scanners.

Quote:
Originally Posted by bwnvideo View Post
On Windows Defender, that's the Microsoft program right -- that's bad??
Yes it is from Microsoft but Windows Defender in Windows XP is a poor program and is not worth having.

Does PrevxCSI provide you with active realtime protection/blocking of malware or is it only a scanner. What about UniBlue's SpyEraser?

Quote:
Originally Posted by bwnvideo View Post
On the Trusted Zone deal, I got rid of ebonymeat but on bwnvideo that's my site bwnvideo shouldn't I leave that as trusted or is there a reason that I should get rid of it anyway?
If you do not need it in your Trusted Zone to do whatever you do with your website ( and odds are you don't need it) then remove it. If your website picked up an infection and it were the kind that can spread via connections to it, then you would be giving the infection full priviledges to do anything it wants on your PC.

Quote:
Originally Posted by bwnvideo View Post
and what can I do to get rid of Elite? Is that also a program you know to be bad because it sounded like it would be the exact solution to by apparent keylogging thing but I never really saw it do anything...
It is not bad! You just don't need it and since you now cannot even uninstall it after installing it, I would question whether the program was designed properly. Anything you install, should be able to be uninstalled. Does the program still work? Do you really want to keep installed?


You did not tell me how things are working. Your logs are clean.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #7  
Old 10-19-08, 01:08
bwnvideo bwnvideo is offline
Private E-2
 
Join Date: Oct 2008
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: "vxvc" keystrokes & other lovely problems

Actually, I paid for AdAware it's not the free version but I went ahead and got rid of it as well as PrevX and Windows Defender. I think PrevX was a scanner. UniBlue I also bought and it comes with 3 programs including a registry scanner that seems to find stuff each time and an optimizer and a virus scanner I think; I left it.

Did the Trusted Zone even with my own site, as advised.

Any idea how to get rid of Elite when it won't remove itself?

Things are working much, much better already much faster.

By the way, any thoughts on how to get the msconfig to accept changes without giving me the lovely 'access denied' message?

And secondly, Windows repeatedly asks me to update with the little yellow exclamation mark in the tray but it always fails and then keeps asking over and over again. It's trying to update something I don't even use I think PowerPoint or something; I had the option off at one point for those programs so it wouldn't keep asking but then a message pops up saying are you sure you want to leave these off you might need them.
Reply With Quote
  #8  
Old 10-19-08, 21:51
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,127
Thanks: 61
Thanked 7,566 Times in 4,067 Posts
Default Re: "vxvc" keystrokes & other lovely problems

Quote:
Originally Posted by bwnvideo View Post
UniBlue I also bought and it comes with 3 programs including a registry scanner that seems to find stuff each time
All registry scanners always find things since many programs are constantly changing the registry. You really don't need a paid program to fix this and in most cases, you don't need to fix them anyway. They are rarely real problems and in some cases could even cause problems by blindly fixing what they say since they could be wrong. The PC I'm typing on right now has never run a registry cleaner in 4 years and runs just fine. And yes if I run one it will find many hundreds of issues which as far as I'm concerned are minor to nothing at all.


Quote:
Originally Posted by bwnvideo View Post
Any idea how to get rid of Elite when it won't remove itself?
Try using the below and let me know if it works.

Your Uninstaller! 2008


Quote:
Originally Posted by bwnvideo View Post
By the way, any thoughts on how to get the msconfig to accept changes without giving me the lovely 'access denied' message?
Exactly what changes are you trying to make to MSconfig and are you sure your protection programs are not blocking them. Are you still really having this problem? Did you read the below from step 1 of the READ & RUN ME?
Quote:
Read this to better understand why not to use MSconfig: Dealing with Startup Processes

Run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). I want to see the current status on your PC.

Then attach the below logs:
  • C:\MGlogs.zip

Quote:
Originally Posted by bwnvideo View Post
And secondly, Windows repeatedly asks me to update with the little yellow exclamation mark in the tray but it always fails and then keeps asking over and over again. It's trying to update something I don't even use I think PowerPoint or something; I had the option off at one point for those programs so it wouldn't keep asking but then a message pops up saying are you sure you want to leave these off you might need them.
I suuggest you post problems with Windows Update in the Software Forum. There are many many reasons for issues with Windows Update.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #9  
Old 10-20-08, 01:03
bwnvideo bwnvideo is offline
Private E-2
 
Join Date: Oct 2008
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: "vxvc" keystrokes & other lovely problems

Thanks, that uninstaller worked.

It's anything I try to change there in msconfig that causes the problem; it isn't even anything important it's just the fact that it does it at all that concerns me because it never happened before and maybe there's a reason I should look into; for now, I notice it when I'm temporarily turning off all startups or something to restart without anything loading to test things. But yes, I'm still having that problem.

Ran it, and it's attached.

I posted the WUpdate thing in the software forum, thanks.
Attached Files
File Type: zip MGlogs.zip (97.3 KB, 3 views)
Reply With Quote
  #10  
Old 10-20-08, 11:23
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,127
Thanks: 61
Thanked 7,566 Times in 4,067 Posts
Default Re: "vxvc" keystrokes & other lovely problems

Do you have anyking of HP PhotoSmart type all in one printer/scanner/fax printer? If so, what model? Seems like many people have had this problem with MSConfig due to a certain service from HP running.

Also others have had this problem, and uninstall McAfee and the problem went away. You could have McAfee blocking registry changes.

See message # 39 in the below thread relating to McAfee. Also the rest of the thread is discussing this issue in general that people have like you and many thought the printer software was the problem.

http://www.techspot.com/vb/topic42578-2.html


What have you done to your PC since the first log was posted? I understand you uninstalled a few things as advised by be but you seem to be missing many other things. Many services for McAfee and other programs are no longer running. Have you been using some other tool to disable startups including services??

Your running process list used to look like the below:
Quote:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ShuttleEngine.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\Contour Shuttle\ShuttleHelper.exe
C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hewlett-Packard\Dfawep\bin\hpbdfawep.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\F-Group\Absolute StartUp\ASMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1191717036\ee\AOLSoftware.exe
C:\Program Files\ACT\ACT for Windows\Act8.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Uniblue\PowerSuite\PowerSuite.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\MGtools.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\cmd.exe
C:\MGTools\analyse.exe
And now it looks like this:
Quote:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\cmd.exe
C:\MGTools\analyse.exe
What happened to all the processes other than things from Ad-Aware, Elite AntiKeylogger, Windows Defender, Prevx CSI that I suggested uninstalling.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter

Last edited by chaslang; 10-20-08 at 11:34..
Reply With Quote
Sponsored links
  #11  
Old 10-21-08, 03:01
bwnvideo bwnvideo is offline
Private E-2
 
Join Date: Oct 2008
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: "vxvc" keystrokes & other lovely problems

I just got an HP printer and I have several photosmart printers but no combo type; though I did have an Epson combo.

I don't know what happened to those listings but when I look under msconfig now where it used to have dozens of things under startups and services now it has almost nothing in either except for Microsoft services; I don't know how that happened that's really really weird isn't it? I'm not running any other programs and did nothing except what you said, aside from not deleting a couple programs.
Reply With Quote
  #12  
Old 10-22-08, 00:13
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,127
Thanks: 61
Thanked 7,566 Times in 4,067 Posts
Default Re: "vxvc" keystrokes & other lovely problems

Quote:
Originally Posted by bwnvideo View Post
I just got an HP printer and I have several photosmart printers
It's still possible that it is related. However let's try the McAfee approach first. Uninstall McAfee, reboot and then run the below registry patch.

Copy the bold text below to notepad. Save it as fixMSC.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
Quote:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000000
Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


Any change to your ability to run MSconfig now?

Reinstall McAfee now.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #13  
Old 10-23-08, 20:47
bwnvideo bwnvideo is offline
Private E-2
 
Join Date: Oct 2008
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: "vxvc" keystrokes & other lovely problems

I uninstalled McAfee and tried it after that and it stopped giving the error message even before doing the other step; but I went ahead and did that step as well and it seems okay now; I'll re-install McAfee now and see what's up.
Reply With Quote
  #14  
Old 10-25-08, 00:00
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,127
Thanks: 61
Thanked 7,566 Times in 4,067 Posts
Default Re: "vxvc" keystrokes & other lovely problems

If you are not having any other malware problems, it is time to do our final steps:
  1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
  2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
    • "%userprofile%\Desktop\combofix" /u
      • Notes: The space between the combofix" and the /u, it must be there.
      • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    • Delete the C:\combofix folder from combofix (if it exists)
  3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
  4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
  5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
  6. Go to add/remove programs and uninstall HijackThis.
  7. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
  8. If you are running Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
  9. After doing the above, you should work thru the below link:
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #15  
Old 10-26-08, 00:22
bwnvideo bwnvideo is offline
Private E-2
 
Join Date: Oct 2008
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: "vxvc" keystrokes & other lovely problems

Well, but what about finding out what happened to all the files that were being booted up into msconfig before and have now all vanished? How did we do that?

One particular thing from that earlier list that's now not booting is the SQL thing that Outlook needs for its Business Contact Manager add-on that I've got installed...? I didn't do anything besides the steps listed and now I'm missing all those from the original loading.
Reply With Quote
Sponsored links
  #16  
Old 10-26-08, 22:03
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,127
Thanks: 61
Thanked 7,566 Times in 4,067 Posts
Default Re: "vxvc" keystrokes & other lovely problems

Quote:
Originally Posted by bwnvideo View Post
Well, but what about finding out what happened to all the files that were being booted up into msconfig before and have now all vanished? How did we do that?
They were not "booted up into MSconfig". They had nothing to do with MSconfig. They were just startup processes. Nothing that I asked you to do removed them. And the logs from all the tools also show you that they did not remove them. Perhaps it had something to do with Absolute Startup Manager that you previously had running.




You have few choices:
  1. Try the registry patch further down towards the end that will attempt to put back some items that I saw in your first logs that were not in the later logs. But it will not put back all the services that you somehow removed. Perhaps this is somehow related to whateve was done with Uniblue PowerSuite, Uniblue RegistryBooster 2, Uniblue SpeedUpMyPC 3, Uniblue SpyEraser, Uniblue System Tweaker.
  2. if you have not disable System Restore yet, then use System Restore to go back to a point in time where you first posted in this thread to see if items come back
  3. your other choice is to reinstall any software you are missing.
Here is the registry patch to try for item 1 above.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
Quote:
REGEDIT4


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"Contour Shuttle Device Helper"="C:\\Program Files\\Contour Shuttle\\ShuttleHelper.exe"
"ToolBoxFX"="\"C:\\Program Files\\Hewlett-Packard\\ToolBoxFX\\bin\\HPTLBXFX.exe\" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"hpbdfawep"="C:\\Program Files\\Hewlett-Packard\\Dfawep\\bin\\hpbdfawep.exe 1"
"HP Software Update"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"Absolute StartUp monitor"="C:\\Program Files\\F-Group\\Absolute StartUp\\ASMon.exe"
"CinemaNowMediaManagerApp"="C:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemanowShell.exe -start"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1191717036\\ee\\AOLSoftware.exe"
"AppleSyncNotifier"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe"
"Act! Preloader"="\"C:\\Program Files\\ACT\\ACT for Windows\\Act8.exe\" -stayrunning"
Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter

Last edited by chaslang; 10-26-08 at 22:26..
Reply With Quote
  #17  
Old 10-27-08, 01:01
bwnvideo bwnvideo is offline
Private E-2
 
Join Date: Oct 2008
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: "vxvc" keystrokes & other lovely problems

Aside from Shuttle Helper, I'm probably better off without that stuff loading at bootup, it just slows things down I bet; the exception is the SQL thing that Outlook needs cuz without it I can't use my Business Contact Manager for Outlook...is that there somewhere in the earlier listing?
Reply With Quote
  #18  
Old 10-27-08, 01:51
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,127
Thanks: 61
Thanked 7,566 Times in 4,067 Posts
Default Re: "vxvc" keystrokes & other lovely problems

The Shuttle Helper startup was in my last patch. I think you also need the Act! startup. You could just use the below for just these two startup processes assuming the software is still installed.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
Quote:
REGEDIT4


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"Contour Shuttle Device Helper"="C:\\Program Files\\Contour Shuttle\\ShuttleHelper.exe"
"Act! Preloader"="\"C:\\Program Files\\ACT\\ACT for Windows\\Act8.exe\" -stayrunning"
Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


However you first log also showed the below service which you will need.

O23 - Service: Contour Shuttle Device Engine (ShuttleEngine) - Unknown owner - C:\WINDOWS\system32\ShuttleEngine.exe

Click Start, Run and enter services.msc and click OK. This will bring up the Windows Services form. Look in the list for the Contour Shuttle Device Engine name and if found double click it. Set the startup type to automatic and under Service status: click the Start button if it is stopped.

Did this help?

You previously also had the below services which you may or may not need
Quote:
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Wowza Media Server Pro (WowzaMediaServerPro) - Unknown owner - C:\Program Files\Wowza Media Systems\Wowza Media Server Pro 1.2.0\bin\wrapper.exe
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #19  
Old 10-28-08, 00:31
bwnvideo bwnvideo is offline
Private E-2
 
Join Date: Oct 2008
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: "vxvc" keystrokes & other lovely problems

ACT I can do without, I don't use it anymore although I may sometimes need to back into it but I assume I can just launch it at that time...

I did the Contour Shuttle msc thing and that worked; as for having it start, I just stick in STARTUP is that okay?
Reply With Quote
  #20  
Old 10-29-08, 01:36
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,127
Thanks: 61
Thanked 7,566 Times in 4,067 Posts
Default Re: "vxvc" keystrokes & other lovely problems

Quote:
Originally Posted by bwnvideo View Post
as for having it start, I just stick in STARTUP is that okay?
You need to use the fixME.reg patch. Just leave out the line for Act! if you are sure it is not required.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Sponsored links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
"My Computer", "send to:", "save in:" Functions slow or freeze computer TonyR825 Software 6 07-19-08 11:05
"Play All" opens "Copy to" & "Move to" Kaughn Software 0 05-18-08 22:49
malware 2 icons on my dt called"live safety centre"+"online sercurity guide" plz help prepare4carnage Malware Removal 6 11-14-07 14:57
"Uncleanable" Trojan? Help, Pls / "Read Me First" > Problems hermit Malware Removal 5 02-23-05 22:44


All times are GMT -5. The time now is 07:12.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger