pvnsmfor still in drop-down bar choices

I have followed step-by-step of the READ AND RUN ME FIRST Malware removal guide --- however I still have the dropdown bar in IE that list the pvnsmfor.

HELP

 

Hi tkufeldt,
Welcome to Major Geeks!

I need your MGlogs.zip which should be located directly under C with the files. Just upload the whole zip file.

When you upload the MGlogs.zip, please see if you can upload your image as an attachment as well.

abri

 

Abri,

I ran a search for MGlogs.zip when I could not find this file under C (Where the MGTools.exe is located). Should I run MGTools again?

Attached is the jpg of the dropdown bar with pvnsmfor.

Tim

 

I ran MGTools...maybe for the first time, I don't remember. Anyway, here is the MGlogs.zip file.

 

As my routine has been for the past week, I ran spy-bot before I call it a day and cleaned 44 problems. This has become normal for me. I somehow think that the pvnsmfor is giving malware a wide-open cyber-space welcome to my
computer.

Attached is my report.

 

Hi tkufeldt,

You still have a lot of malware on your computer. It's been regenerated probably by the file you've identified. It takes some time for us to go through your logs and make up a set of instructions for you, so thanks for being patient. While you're waiting, please use your computer as little as possible and try not to do any unnecessary reboots as this causes the problem to get worse.

Thanks.
abri

 

Hi tkufeldt,

Your computer is better than I thought. I have a few things for you to do still:


1) Please delete the following two folders:

C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Program Files\Enigma Software Group

2) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (Note: if using Vista, don't double click, use right click and select Run As Administrator). Select Do a system scan only). In the box that opens, find the following entries and put a checkmark next to them (if you need some of them to be in the trusted zone, leave them). After check-marking them, close all your open browser windows and click on FIX:

O3 - Toolbar: pvnsmfor - {2B99C85C-1A51-4117-B481-BEA6F99D2BBF} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O20 - Winlogon Notify: opnopNfc - opnopNfc.dll (file missing)


Does the following program need to load at startup? If not, please fix them as well.


O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"


After you click fix, just close hijackthis.



3) Download and install Erunt. Use it to create a backup of your registry.

4) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the File Type is set to "all files" Once you have saved it, look for it on your desktop and when you find it, double-click it and allow it to merge with the registry.

5) Now run CCleaner at the default setting with the Windows tab as the top one.


6) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip. Also, please let me know if you got a success message with the registry patch (REGEDIT4).


Let me know how things are running now?

abri

 

Abri,

Thanks for your easy step-by-step process. Attached is my MGlogs.zip. The pvnsmfor is now gone from the drop-down bar. Thanks.

Do I keep all the downloaded programs on my computer. I did not know what to do concerning putting Erunt in the background running, so I did.

Thanks!
Tim

 

Hi tkufeldt,

One more file. Please do the following:

1) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (Note: if using Vista, don't double click, use right click and select Run As Administrator). Select Do a system scan only). In the box that opens, find the following entries and put a checkmark next to them (if you need some of them to be in the trusted zone, leave them). After check-marking them, close all your open browser windows and click on FIX:

O20 - Winlogon Notify: opnopNfc - C:\WINDOWS\

After you click fix, just close hijackthis.

2) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the File Type is set to "all files" Once you have saved it, look for it on your desktop and when you find it, double-click it and allow it to merge with the registry.

3) Now run CCleaner at the default setting with the Windows tab as the top one.


4) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip. Also, please let me know if you got a success message with the registry patch (REGEDIT4).


Let me know how things are running now?

abri

 

Attached is new MGlogs.zip. All the steps were sucessful. ~ tim

 

Hi tkufeldt,
Your logs look good. Please go ahead with the final cleanup instructions that will remove all the tools and logs we had you put on your computer and clear all your previous restore points and set a clean one.

abri

 

Abri,
I now have a small issue I am unable to figure out. When I go to Windows Update it does not prompt me to install the ActiveX. I have made sure I was logged into my administors account. I have been unable to update windows.
tjk

 

Hi tkufeldt,
It sounds like you go to get the updates manually. If you set your computer to get the updates automatically, does it work? You can set it to prompt you that there are new ones or you can set it to download them but not install them until you want them or you can set it to download and install them all.
abri

 

Abri,
Let me explain more about not being able to download the Windows updates. When I go to the Windows update site there is a brief window that says it is checking my computer, then it immediately goes to the page that tells me to install the ActiveX Control (attached screenshotACTIVEX) I have done this many times before. HOWEVER, now there is no IE Information Bar appearing which I am suppose to right click and give permission to download.

I don't know if this is a related issue, but when I go to the classic view of the Control page on the left side panel is a link to Windows update but when I click it an error message tells me that windows cannot find 'null'.

I do have the computer set on automatic updates. I just want to make sure that I have done all I can to keep my laptop running smoothly.

Thanks for your help.
tim

 

Hi tkufeldt,

Please check if you disabled the IE Information bar. Also, in the screen shot you posted, there are links for options, settings, etc. Do you still get those and can you see if they offer possible solutions?

I'm going to be away, so I would like to ask you to seek help for this problem in the Software Forum where you'll get more feedback. Tell them you've been through malware removal and that your computer is clean, but this one problem remains.

Thanks.
abri