Tech Support Forum banner
Status
Not open for further replies.

PC Optimizer Pro - HELP!!

11K views 32 replies 2 participants last post by  amateur 
#1 · (Edited)
Hi


I posted yesterday about what appears to be an infection by a piece of malware called PC Optimizer Pro. It appeared out of nowhere in the form of a “pop up” in the bottom right of my screen. It stated that there were 3,000 or so factors slowing down my machine, but as it was an unsolicited pop-up I wondered whether it was malware, which one of your members, Amateur, confirmed. It has even installed a desktop logo, which needless to say I have not clicked!


Amateur suggested I undertook the “Pre-Posting” process,. Although I am not hugely computer-literate, I think I have managed to complete this – with one proviso; BitDefender. I was unable to disable this because the process said to “On the left panel click >> Virus Shield”, but there is no such option so I can only hope this hasn't been a problem when I went on to do the scan. I had SuperAntiSpyware and MalwareBytes, which I have now disabled, and u-torrent whioch I uninstalled from the Control Panel.


I should also point out (I don't know whether it's related) but I have had intermittent interruptions to my broadband connection, and whenever I scan with one of the above utilities, scores of “tracking” malware, which the software assures me are not serious, are always detected.


As requested, I have pasted the text of DDS.txt below and attached the other two logs. The checklist asks whether I have access to a Windows Install disk or Boot CD - the answer, I'm afraid, is "No".


Many thanks in advance for any assistance. I am desperate to become more “PC-savvy” and would also appreciate any suggestions to “beginner tutorials” which would assist me in understanding basic security issues to avoid these kinds of issues recurring.


All the best,


Peter.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 22:37:54 on 2012-04-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1136 [GMT 3:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
C:\Program Files\Optimizer Pro\OptProReminder.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.co.uk/
mStart Page = about:blank
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Bitdefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2011\IEToolbar.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Optimizer Pro] c:\program files\optimizer pro\OptProLauncher.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2011\ieshow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2011\bdagent.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Lexmark 3100 Series] "c:\program files\lexmark 3100 series\lxbrbmgr.exe"
mRun: [LXBRKsk] c:\progra~1\lexmar~1\LXBRKsk.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [ctfmon.exe] ctfmon.exe
dRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoInstrumentation = 1 (0x1)
dPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
dPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{046D1E8B-33EF-45C7-B40D-439E58C7BA29} : DhcpNameServer = 194.168.4.100 194.168.8.100
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: schannel.dll, credssp.dll, digest.dll
.
============= SERVICES / DRIVERS ===============
.
R1 BdRawPr;BdRawPr;c:\windows\system32\drivers\bdrawpr.sys [2006-1-10 12960]
R1 Bdvedisk;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2006-1-10 2253120]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2006-1-10 583640]
R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2011\updatesrv.exe [2011-3-24 43936]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-4-22 153440]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2010-8-20 111696]
S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2010-11-30 307544]
S4 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2010-11-29 535824]
S4 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2010-11-29 1066232]
.
=============== Created Last 30 ================
.
2012-04-10 18:31:43 178176 ------w- c:\windows\system32\dllcache\wintrust.dll
2012-04-10 18:31:43 148480 ------w- c:\windows\system32\dllcache\imagehlp.dll
2012-04-10 18:23:06 -------- d-----w- c:\documents and settings\administrator\application data\Optimizer Pro
2012-04-10 18:16:09 -------- d-----w- c:\documents and settings\all users\application data\Premium
2012-04-10 18:16:01 -------- d-----w- c:\program files\Optimizer Pro
2012-04-10 18:15:20 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2012-04-02 01:27:21 -------- d-----w- c:\windows\system32\C2MP
2012-04-02 01:17:14 -------- d-----w- C:\DECCHECK
2012-04-01 17:55:17 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Identities
2012-03-31 12:11:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-03-31 12:09:28 286720 ----a-w- c:\windows\system32\lxbrf2k.dll
2012-03-31 12:09:28 155648 ----a-w- c:\windows\system32\flashshl.dll
2012-03-31 12:09:27 4608 ----a-w- c:\windows\DelShell.exe
2012-03-31 12:09:27 21504 ----a-w- c:\windows\LXBRSET.EXE
2012-03-31 12:09:27 208896 ----a-w- c:\windows\system32\smshell.dll
2012-03-31 12:09:27 -------- d-----w- c:\program files\Lexmark 3100 Series
2012-03-31 12:09:25 306688 ----a-w- c:\windows\IsUninst.exe
2012-03-31 12:06:34 299520 ----a-w- c:\windows\uninst.exe
2012-03-31 12:06:33 -------- d-----w- c:\documents and settings\administrator\WINDOWS
2012-03-31 12:06:21 -------- d-----w- C:\Lxk3100Series
2012-03-28 16:22:54 -------- d-----w- c:\program files\IrfanView
2012-03-18 11:12:47 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Adobe
.
==================== Find3M ====================
.
2012-04-05 12:11:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-05 12:11:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-08 12:21:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 10:58:17 919552 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:58:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 10:58:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:08:49 178176 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:08:49 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:30:16 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:26:17 1869184 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-15 20:47:20 3478016 ----a-w- c:\windows\system32\ffdshow.ax
2012-01-15 20:44:50 4354048 ----a-w- c:\windows\system32\ffmpeg.dll
2010-07-08 08:37:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe
.
============= FINISH: 22:39:26.76 ===============
 

Attachments

See less See more
#27 ·
Glad that AVG didn't find any threats. Since you've already installed AVG, keep it.

Did you try a different keyboard yet?

It's normal for the Run box to disapper. The output.txt should be placed on your desktop.

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text (including the quotation marks) into the run box & click OK.

"%userprofile%\desktop\output.txt"

Post the contents of the text file in your next reply.
 
#28 ·
Ok, will keep it, thanks.

Not had a chance to try another keyboard yet - will borrow one from College on Monday! You wouldn't believe I've started a computing course there would you... :)

Here's the log:

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Control Panel\Accessibility\Keyboard Response]
"AutoRepeatDelay"="1000"
"AutoRepeatRate"="500"
"BounceTime"="0"
"DelayBeforeAcceptance"="1000"
"Flags"="126"
 
#30 ·
OK, sounds like a plan. Yes other than that all seems fine thanks - the Optimizer pop ups are history and even the intermittent internet access that I've suffered since buying the machine has stopped. Now it's a question of finding out as much as I can about these issues to minimise the chances of anything like this happening again!

Will post again when I've got a keyboard. Meanwhile, cheers again ...
 
#33 ·
The thread is re-opened as per PM note.

I managed to borrow a keyboard, which seemed to work fine, but then put mine back in and … that worked fine too! So I seem to be all back to normal! Unless there's anything left we have to do?
Glad to hear that.

You can delete this leftover folder from BitDefender manually (navigate to it, right click and delete).

C:\Program Files\Common Files\BitDefender

=================

We can now clean up our tools and finish up.

If you have no further malware issues, you're all set to go. The logs are clean.

Please disable all protection applications as before .

  • Click Start thenRun
  • Now type ComboFix /Uninstall in the run box and click OK. Notice the space between the Combofix and the /

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore to prevent reinfection from old restore points.

You may re-enable your security applications now.

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article:

Strong passwords: How to create and use them


You may also consider a password keeper, to keep all your passwords safe.

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

It's vital that you keep all your software up-to-date as older versions may have some security vulnerabilities. Secunia Software Inspector Scan can help you find out which programs need to be updated.

Please respond to this thread one more time so we can mark this thread as resolved.

Surf Safely and Think Prevention! :wave:
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top