Reply
Stone Emissary
rhc123
Posts: 32
Registered: ‎11-06-2011

Re: cpv.servefed.info

Yes still have popups

Please use plain text.
Epic Talent
malwarekiller
Posts: 3,835
Registered: ‎08-08-2011

Re: cpv.servefed.info

  • Re-run AVPTool 
  • Select the Manual Disinfection tab and press Script execution tab
  • Where it states  Insert text  script in the following box copy/paste the below script and press Run script
    Copy from Begin until End
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 TerminateProcessByName('c:\program files (x86)\conceiva\mezzmo\mezzmomediaserver.exe');
 TerminateProcessByName('c:\program files (x86)\lexmark 8300 series\lxcjmon.exe');
 TerminateProcessByName('lxcjcoms.exe');
 TerminateProcessByName('c:\program files (x86)\outlook messenger\outlookmessenger.exe');
 DeleteService('is3srv');
 DeleteFile('c:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe');
 DeleteFile('C:\Users\Robert\AppData\Local\Temp\_uninst_87574724.bat');
end.
  • Your system will reboot on completion, if it does not please do so yourself   
  • On completion please run another analysis scan and attach the zip file 
—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
rhc123
Posts: 32
Registered: ‎11-06-2011

Re: cpv.servefed.info

[ Edited ]

Here is the log. Script did not run very smooth. It locked up the computer.

 

edited to remove .zip file.  

Please use plain text.
Epic Talent
malwarekiller
Posts: 3,835
Registered: ‎08-08-2011

Re: cpv.servefed.info

Hi the zip file was removed by moderator can u please upload the zip file here:

www.mediafire.com

 

and post the sharing link on next reply.

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
rhc123
Posts: 32
Registered: ‎11-06-2011

Re: cpv.servefed.info

OoooKay. Here is the link.

http://www.mediafire.com/?bzyszgjxa8np2rl

 

Please use plain text.
Epic Talent
malwarekiller
Posts: 3,835
Registered: ‎08-08-2011

Re: cpv.servefed.info

  • Re-run AVPTool 
  • Select the Manual Disinfection tab and press Script execution tab
  • Where it states  Insert text  script in the following box copy/paste the below script and press Run script
    Copy from Begin until End
begin
SetAVZPMStatus(True);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 QuarantineFile('c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe','');
 QuarantineFile('HPHC_Service.exe','');
 DeleteFile('c:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe');
 DeleteFile('C:\Users\Robert\AppData\Local\Temp\_uninst_91409298.bat');
end.
  • Your system will reboot on completion, if it does not please do so yourself   
  • On completion please tell me if u are still having pop ups.
—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
rhc123
Posts: 32
Registered: ‎11-06-2011

Re: cpv.servefed.info

Sorry it took so long to get back. Ran the script but still have popups.

Please use plain text.
Epic Talent
malwarekiller
Posts: 3,835
Registered: ‎08-08-2011

Re: cpv.servefed.info

Hi we need to run frst again....

 

Note: Please don't run any scanner or cleaner or making any change after the system booted or you may loose some files or folders.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

 

Start
HKU\daddy\...\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [x]
c:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
end.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

NEXT

 

 

Download OTL  to your Desktop.

http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
netbt.sys
atapi.sys
volsnap.sys
redbook.sys
lsi_sas.sys
lsi_scsi.sys
cdrom*
tcpip.sys
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs 
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
CREATERESTOREPOINT


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs
—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
rhc123
Posts: 32
Registered: ‎11-06-2011

Re: cpv.servefed.info

These are the only logs the programs created.

Please use plain text.
Stone Emissary
rhc123
Posts: 32
Registered: ‎11-06-2011

Re: cpv.servefed.info

I think I found it. I did a complete clean of Firefox. Took out all toolbars and have not had a cpv popup for an hour or so. Will keep trying to see if i can get a popup. This is very strange because I have not installed any toolbars for about a year.

Please use plain text.