Please Help

Hi.

Have had serious issues for past week. Problems include the following:

1.Internet access extremely slow, if working at all.
2.Runtime error relating to a startup file for PC Cillin antivirus keeps coming up during boot, and from then on, relating to pcctlcom.exe, stating 'this application has requested the runtime to terminate it in an unusual way.' Keeps appearing every minute or so, until i manage to end all pc cillin related processes.
3.Also getting messages relating to low resources, and not being able to load windows profiles, or other apps.
4.When i have tried to uninstall pc cillin, and other programs, the uninstall program says it is 'interrupted' and can't continue. This ties in with various other messages about the windows installer not working.

At this point, i've followed all the steps outlined in the removal guide, and this seems to have fixed many problems. Internet access speed okay, and the only message i'm getting now is the pc ctl.exe one outlined above, and i still can't uninstall it, so i'm thinking there is probably a couple of problems on my machine.

The only log file i can't attack is from panda active scan, i could not conduct this test in internet explorer, just kept getting a blank popup (i did follow the instructions), and i tried to lower security/privacy settings etc, but nothing seeemed to work. All the other log files are, or will be attached in next message.

Thanks
Leigh

 

Extra logs

Extra logs attached.

p.s. any opinions on pc cillin as an antivirus would also be appreciated.

 

Re: Extra logs

i also forgot, that one of the programs detected was rustock, so i ran the special removal procedure and that seemed to work, the log files for that are attached here.

 

Welcome to MG's!

Let's start by running ComboFix.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Attach this log to your next reply

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Once you complete the above, attach fresh logs from the below.

• GetRunKey
• ShowNew
• HijackThis

 

ok, thanks for that. have run combofix, and attached the logs below. By the way, since my original post i downloaded the new version of pccillin, as all the problems seemed to exist around this program. installed that, and weird stuff kept occurring. First it told me a malicious program was stopping it from installing, ran a scan, and found a heap of stuff, then seemed to install it's own firewall, but told me it could not. Next thing i could not access net at all until i uninstalled pc cillin firewall through xp control panel. And the whole time, pccillin 2008 could not seem to uninstall 2007 version, as i had found earlier. error messages keep coming up about windows installer. Anyway, here are logs, hope u can help.

 

one more log file.

 

okay, please ignore this thread, as it seems i've resolved my problems.

Thanks very much for the site tho, a lot of the info, and the recommended programs have helped me deal with the tragic results of having a 13 y.o. son who has just discovered internet porn.

Thanks alot, great to see people willing to help others with their expertise and advice.

 

As I have stated many times before, just because they are no obvious problems doesn't necessarily mean there are no infections. There are tons of infections today that are very hard to detect, they are so stealth it makes it difficult to find them.

I will finish going thru your logs and post back if I find anything that needs removing.

 

Re: Extra logs

TrendMicro has very good security suites that does including PC-Cillin. I have never personally used it but I do know it's very good. TrendMicro has came along way in my opinion and today they are one of the best.

 

It appears that you had AVG installed? I see some signs of this in your logs, if you have not already please uninstall AVG as running more than one antivirus will cause conflicts on your system.

First, please disable any antivirus and/or antispy programs you have installed so they will not block this fix.

Step 1:
Please look in Add/Remove Programs for the following and uninstall if found. If you get any errors just make a note and proceed.

Step 2:
Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

Again, make sure ALL browser windows are closed when you click FIX.

Step 3:
Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Step 4: Begin here after rebooting from Step 3!
Next Reset Web Settings & Default Security Settings

Note for IE 6 users:
To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK

To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites. For IE 7 users, simply click the "Reset all zones to default level" button.

Note for IE 7 users:
Select Internet Options, then the Advanced Tab and then the Reset button under Reset Internet Explorer Settings.


Step 5:
Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


Step 6:
After you have completed ALL of the above in the correct order, please attach the following logs.

• HijackThis Log
• ShowNew Log
• GetRunKey Log
• Avenger Log

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

okay done all that, thanks again for the help but unfortunately i can't attach logs because manage attachments is bringing up a blank page in ie, and doesn't even show up in firefox. can you help?

Leigh

 

Close all browsers, run ATF-Cleaner and try again. If that doesn't work, reboot and try again. If it still doesn't work then post them inline and I will convert them for you.

 

okay, attachments worked after 2nd reboot.

have attached logs.

As far as AVG goes, i've used that in the past, and had it installed recently because it seems to detect stuff that pc cillin doesn't. I've used pc cillin for a long time, because i get it for free, and it has had a few problems like this, where it's files or processes seem to cause problems. Additionally, it never seems to pick up the amount of stuff that other spyware/virus programs do.

Have not used trendmicro 2008 - maybe that is better.

I simply deleted the files that were getting constant runtime errors, and now have AVG instead of pc cillin as main antivirus. instead of uninstalling pc cillin, which i couldn't do, i deleted the files and cleared the registry entries using registry mechanic - don't know if this was good idea or not, but it has stopped that file pc ctl.exe from loading and causing errors.

my current setup is avg with pc tools firewall, and a paid-for superantispyware, as well as the other programs u advised - spybot and spyware blaster.

 

final log attached.

 

First, have HJT fix the below entries.

Next, If possible I would recommend reinstalling TrendMicro and then using the below procedure to completely uninstall. Doing this should remove everything, the way you did it left a good bit of files/services.

Download Your Uninstaller! 2006 5.0.0.360, save to desktop and install.

Locate Trend Micro PC-cillin Internet Security 2007 and uninstall this way.