Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Acting Up [RESOLVED]


  • This topic is locked This topic is locked

#1
ComputerAdvocate

ComputerAdvocate

    Member

  • Member
  • PipPip
  • 46 posts
After visiting my relatives then on the trip home attempting to connect to the web at a hotel my laptop started acting very strange. It was taking an unusual amount of time for the desktop to start up and I wasn't able to open my network and sharing center or the control panel (the windows froze). I was also unable to access system restore, so I attempted to do it straight from safe mode with the command prompt but was also unsuccessful. After restarting in normal mode to run hijack this and post the log from another computer it started up normally, and connected to the internet fine. I'm not sure what is up so I want to make sure everything is okay. P.S. I am running windows vista home premium.

Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:39 PM, on 8/8/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Compal\Smart Battery\SMBTray.exe
C:\Program Files\Elantech\KTP.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [SMBTray] C:\Program Files\Compal\Smart Battery\SMBTray.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Noto.lnk = C:\Program Files\Window Gadgets\Noto.exe
O4 - Global Startup: aveosti.exe.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TVTonic RSS (WXRSS) - Wavexpress, Inc - C:\Program Files\Wavexpress\TVTonic\WXRSS.exe

--
End of file - 8750 bytes
  • 0

Advertisements


#2
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
Hi ComputerAdvocate :)

Sorry about your wait time :) things are a little busy around here. I'm in training right now so I am posting under supervision, there may be a lag between my replies as they have to be checked before I say them to you. I have gone through your log and will be posting help for you shortly :)

If you have already resolved this problem or are receiving help elsewhere please let us know so this topic can be closed ;)
  • 0

#3
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
Hi again :)

Your log looks good so far. I'd like to get some different logs just to be sure though.

Post DSS Logs
Please download Deckard's System Scanner (DSS) and transfer it to the other computer's Desktop.
- Close all other windows before proceeding.
- Double-click on dss.exe and follow the prompts.
- If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
- When the scan has finished, two notepad files will open named main.txt and extra.txt. Please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt in one reply and extra.txt in a separate reply.
  • 0

#4
ComputerAdvocate

ComputerAdvocate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-08-15 18:32:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
14: 2008-08-15 17:56:52 UTC - RP261 - Windows Update
13: 2008-08-15 08:00:18 UTC - RP260 - Windows Update
12: 2008-08-10 19:05:55 UTC - RP259 - Scheduled Checkpoint
11: 2008-08-09 16:49:29 UTC - RP258 - Scheduled Checkpoint
10: 2008-08-08 21:07:45 UTC - RP257 - Windows Update


-- First Restore Point --
1: 2008-07-29 16:30:57 UTC - RP248 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:35:50 PM, on 8/15/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Compal\Smart Battery\SMBTray.exe
C:\Program Files\Elantech\KTP.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Users\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [SMBTray] C:\Program Files\Compal\Smart Battery\SMBTray.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Noto.lnk = C:\Program Files\Window Gadgets\Noto.exe
O4 - Global Startup: aveosti.exe.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TVTonic RSS (WXRSS) - Wavexpress, Inc - C:\Program Files\Wavexpress\TVTonic\WXRSS.exe

--
End of file - 8724 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 enecir (ENE CIR Receiver) - c:\windows\system32\drivers\enecir.sys <Not Verified; ENE TECHNOLOGY INC.; ENE Consumer IR Driver for eHome>
S3 ENTECH - \??\c:\windows\system32\drivers\entech.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R2 WXRSS (TVTonic RSS) - "c:\program files\wavexpress\tvtonic\wxrss.exe" <Not Verified; Wavexpress, Inc; TVTonic>

S3 HP Port Resolver - c:\windows\system32\spool\drivers\w32x86\3\hpbpro.exe <Not Verified; Hewlett-Packard Company; PortResolver Module>
S3 HP Status Server - c:\windows\system32\spool\drivers\w32x86\3\hpboid.exe <Not Verified; Hewlett-Packard Company; HP Status Server>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description:
Device ID: ACPI\ENE0100\3&33FD14CA&0
Manufacturer:
Name:
PNP Device ID: ACPI\ENE0100\3&33FD14CA&0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-08-15 18:35:31 434 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{6DDF3607-BAD1-4436-B245-16CD543AA1C5}.job


-- Files created between 2008-07-15 and 2008-08-15 -----------------------------

2008-08-07 20:06:13 0 d-------- C:\Users\All Users\Malwarebytes
2008-08-07 20:06:13 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 20:05:44 0 d-------- C:\Program Files\Trend Micro
2008-08-07 20:05:41 0 d-------- C:\Program Files\Common Files\Download Manager
2008-08-07 18:48:49 0 d-------- C:\Windows\pss
2008-08-06 00:02:01 0 d-------- C:\Program Files\QuickTime
2008-08-06 00:01:55 0 d-------- C:\Program Files\Xilisoft
2008-07-31 14:13:01 1513 --a------ C:\Windows\checkip.dat
2008-07-25 21:40:30 0 d-------- C:\Program Files\TomTom HOME 2
2008-07-25 20:20:04 0 d-------- C:\Program Files\TomTom HOME
2008-07-20 20:22:38 0 d-------- C:\Program Files\Common Files\Copernic
2008-07-20 20:22:36 109782 --a------ C:\Windows\CopernicAgentUninstall.exe
2008-07-20 20:22:36 0 d-------- C:\Program Files\Copernic Agent
2008-07-19 20:59:59 0 d-------- C:\Users\Administrator\Bluetooth Software
2008-07-19 20:55:16 233472 --a------ C:\Windows\system32\BtwRSupport.dll <Not Verified; Broadcom Corporation.; Bluetooth Software>
2008-07-19 20:54:50 0 d-------- C:\Windows\system32\es-MX
2008-07-19 20:54:50 0 d-------- C:\Windows\system32\es-AR
2008-07-19 20:54:43 0 d-------- C:\Program Files\WIDCOMM
2008-07-19 20:54:05 12 --a------ C:\Windows\bthservsdp.dat
2008-07-19 20:44:15 106557 --a------ C:\Windows\system32\btw_ci.dll <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.2400>
2008-07-19 15:23:26 0 d-------- C:\Users\All Users\Rapidsolution
2008-07-19 15:22:43 0 d-------- C:\Program Files\PixiePack Codec Pack


-- Find3M Report ---------------------------------------------------------------

2008-08-15 12:37:55 192847 --a------ C:\Users\Administrator\AppData\Roaming\nvModes.001
2008-08-15 03:09:00 0 d-------- C:\Program Files\Windows Mail
2008-08-14 22:37:46 192847 --a------ C:\Users\Administrator\AppData\Roaming\nvModes.dat
2008-08-07 20:06:16 0 d-------- C:\Users\Administrator\AppData\Roaming\Malwarebytes
2008-08-07 20:05:41 0 d-------- C:\Program Files\Common Files
2008-08-07 18:38:40 0 d-------- C:\Program Files\Steam
2008-08-07 18:34:30 0 d-------- C:\Users\Administrator\AppData\Roaming\OpenOffice.org2
2008-08-06 01:57:15 0 d-------- C:\Users\Administrator\AppData\Roaming\dvdcss
2008-08-03 23:29:21 0 d-------- C:\Program Files\Java
2008-08-01 13:29:21 0 d-------- C:\Program Files\C-Organizer Pro
2008-07-31 14:31:35 0 d-------- C:\Program Files\Common Files\Steam
2008-07-27 14:28:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-25 21:40:48 0 d-------- C:\Users\Administrator\AppData\Roaming\TomTom
2008-07-21 17:37:01 0 d-------- C:\Users\Administrator\AppData\Roaming\CyberLink
2008-07-20 20:22:39 0 d-------- C:\Users\Administrator\AppData\Roaming\Copernic
2008-07-13 15:59:30 0 d-------- C:\Program Files\Songbird
2008-07-13 15:52:32 0 d-------- C:\Users\Administrator\AppData\Roaming\Songbird2
2008-07-08 18:08:16 0 d-------- C:\Program Files\Funcom
2008-07-07 01:23:16 0 d-------- C:\Users\Administrator\AppData\Roaming\TrueCrypt
2008-07-06 23:07:00 0 d-------- C:\Program Files\TrueCrypt
2008-07-04 01:50:38 0 d-------- C:\Program Files\StarWarsGalaxies
2008-07-04 01:49:59 0 d-------- C:\Program Files\Window Gadgets
2008-06-30 21:05:45 0 d-------- C:\Program Files\FirstClass
2008-06-30 20:13:04 0 d-------- C:\Program Files\TAMUScan
2008-06-28 19:47:24 174 --ahs---- C:\Program Files\desktop.ini
2008-06-28 19:38:58 0 d-------- C:\Program Files\Windows Sidebar
2008-06-28 19:38:58 0 d-------- C:\Program Files\Windows Calendar
2008-06-28 19:38:58 0 d-------- C:\Program Files\Movie Maker
2008-06-28 19:38:56 0 d-------- C:\Program Files\Windows Photo Gallery
2008-06-28 19:38:56 0 d-------- C:\Program Files\Windows Journal
2008-06-28 19:38:56 0 d-------- C:\Program Files\Windows Collaboration
2008-06-28 19:38:54 0 d-------- C:\Program Files\Windows Defender
2008-06-28 16:47:22 0 d-------- C:\Program Files\SystemRequirementsLab
2008-06-28 16:47:15 0 d-------- C:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
2008-06-26 17:20:26 0 d-------- C:\Users\Administrator\AppData\Roaming\Realtime Soft
2008-06-26 17:20:24 0 d-------- C:\Program Files\UltraMon
2008-06-23 18:01:49 0 d-------- C:\Program Files\Sony
2008-06-06 17:05:20 967 --a------ C:\Windows\ScUnin.pif
2008-06-06 17:05:20 94208 --a------ C:\Windows\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-06-06 17:05:20 33021 --a------ C:\Windows\scunin.dat
2008-05-18 12:50:35 0 -rahs---- C:\MSDOS.SYS
2008-05-18 12:50:35 0 -rahs---- C:\IO.SYS


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/19/2008 02:38 AM]
"snp2uvc"="C:\Windows\vsnp2uvc.exe" [12/29/2006 02:48 PM]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [03/28/2007 10:23 PM]
"SMBTray"="C:\Program Files\Compal\Smart Battery\SMBTray.exe" [06/04/2007 08:22 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/06/2006 01:55 AM]
"KTPWare"="C:\Program Files\Elantech\ktp.exe" [02/27/2007 06:52 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 06:27 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/19/2008 09:38 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [01/11/2008 07:43 AM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [01/11/2008 07:43 AM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [01/11/2008 07:43 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/19/2008 02:33 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [01/19/2008 02:33 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/19/2008 02:33 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableCAD"=1 (0x1)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Windows\system32\psqlpwd.dll 03/28/2007 10:46 PM 90112 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TVTonic Tray.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TVTonic Tray.lnk
backup=C:\Windows\pss\TVTonic Tray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UltraMon.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
backup=C:\Windows\pss\UltraMon.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^StartUp^OpenOffice.org 2.3.lnk]
path=C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\OpenOffice.org 2.3.lnk
backup=C:\Windows\pss\OpenOffice.org 2.3.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AveoKeySti]
"C:\Program Files\\AVEO\AVEO_UVC_FILTER_DRIVER_KIT\AveoSTI.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
"C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
"C:\Program Files\TomTom HOME 2\HOMERunner.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f3d860e-c45b-11dc-afc9-806e6f6e6963}]
AutoRun\command- D:\autorun.exe -auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2da378b-5942-11dd-8bb0-001b386f8b69}]
AutoRun\command- G:\InstallTomTomHOME.exe

*Newly Created Service* - SBP2PORT

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-08-15 18:37:09 ------------
  • 0

#5
ComputerAdvocate

ComputerAdvocate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T7500 @ 2.20GHz
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 3069.7 MiB / 1803.36 MiB
Pagefile Memory (total/avail): 2972.86 MiB / 1884.09 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1891.7 MiB

C: is Fixed (NTFS) - 149.05 GiB total, 39.28 GiB free.
D: is CDROM (CDFS)
E: is Fixed (Unformatted) - 0 GiB total, 0 GiB free.
F: is Fixed (NTFS) - 111.81 GiB total, 69.12 GiB free.

\\.\PHYSICALDRIVE0 - SAMSUNG HM160HI ATA Device - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.05 GiB - C:

\\.\PHYSICALDRIVE1 - SDC CrossFire IEEE 1394 SBP2 Device - 111.81 GiB - 1 partition
\PARTITION0 - Unknown - 111.81 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.8.1229 [VPS 080815-0] v4.8.1229 (ALWIL Software)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: avast! antivirus 4.8.1229 [VPS 080815-0] v4.8.1229 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CYPHERACE
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Administrator
LOGONSERVER=\\CYPHERACE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\ADMINI~1\AppData\Local\Temp
TMP=C:\Users\ADMINI~1\AppData\Local\Temp
ULTRAMON_LANGDIR=C:\Program Files\UltraMon\Resources\en
USERDOMAIN=CYPHERACE
USERNAME=Administrator
USERPROFILE=C:\Users\Administrator
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Age of Conan - Hyborian Adventures --> "C:\Program Files\Funcom\Age of Conan\unins000.exe"
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AV Voice Changer Software DIAMOND 6.0 --> C:\PROGRA~1\AVVCS6~1.0DI\UNWISE.EXE C:\PROGRA~1\AVVCS6~1.0DI\INSTALL.LOG
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AveoCap --> C:\Program Files\InstallShield Installation Information\{23F76BD5-9DD6-4121-900B-FBBDF81DC74A}\setup.exe -runfromtemp -l0x0009 -removeonly
BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe
C-Organizer Pro v 3.7.0 --> "C:\Program Files\C-Organizer Pro\unins000.exe"
Copernic Agent Basic --> "C:\Windows\CopernicAgentUninstall.exe" /ARGSFILE="C:\Program Files\Copernic Agent\unwise.dat"
DreamStripper Game --> MsiExec.exe /I{7E4D9F60-AAD0-424B-B6FB-8EEB75E23137}
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
FLV Player 2.0, build 24 --> C:\Program Files\FLV Player\uninst.exe
GameTap --> C:\Program Files\InstallShield Installation Information\{67E158AF-8856-4337-B483-EA21930786AF}\setup.exe -runfromtemp -l0x0009 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Guild Wars --> "C:\Program Files\Guild Wars\Gw.exe" -uninstall
Half-Life 2: Deathmatch --> "C:\Program Files\Steam\steam.exe" steam://uninstall/320
HB_Door_1600_03 Screen Saver --> C:\Windows\HB_Door_1600_03.scr /u
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Jade Empire --> C:\Windows\Uninstall Jade Empire.exe
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KTP Ware PS/2-x86 5.0.3.13 --> rundll32.exe "C:\Program Files\Elantech\KTUninst.dll",KTech_Uninstall 0
L&H TTS3000 British English --> RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\LHTTSENG.inf, Uninstall
LoveChess Age Of Egypt --> C:\Program Files\LoveChess Age Of Egypt\Uninst_LoveChess Age Of Egypt.exe /U "C:\Program Files\LoveChess Age Of Egypt\Uninst_LoveChess Age Of Egypt.log"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaShow 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
Microsoft .NET Framework 3.5 --> C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5 --> MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
Open Clip Art Library --> "C:\Program Files\Open Clip Art Library\Uninstall Open Clip Art Library.exe"
OpenOffice.org 2.3 --> MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
Oxin's Style! 3D Sexvilla 2 --> "C:\Program Files\Oxin's Style!\3D Sexvilla 2\Binaries\unins000.exe"
PhotoNow! 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
PixiePack Codec Pack --> MsiExec.exe /I{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}
Portal --> "C:\Program Files\Steam\steam.exe" steam://uninstall/400
Power2Go 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerBackup 2.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADD5DB49-72CF-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Protector Suite QL 5.6 --> MsiExec.exe /I{A2289997-10A3-48F2-AA03-99180D761661}
RapidLeecher --> MsiExec.exe /I{B3940EA5-7872-487E-AF15-CF20DBD65F1B}
RapidLeecher Ultimate 2007 --> "C:\Program Files\RapidLeecher Ultimate 2007\Uninstall.exe"
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Rome - Total War™ --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A642BB6B-CA1D-4142-8DD4-318C3F3DC834} /l1033
SecondLife (remove only) --> "C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smart Battery --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{449A16C4-83B3-426C-AA4A-00A34E80C093}
Songbird 0.6.1 (20080623) --> "C:\Program Files\Songbird\Songbird-Uninstall.exe"
Starcraft --> C:\Windows\SCunin.exe C:\Windows\SCunin.dat
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TAMUScan 1.0 --> C:\Program Files\TAMUScan\uninst.exe
thriXXX 3DSexVilla2-051.001 --> "C:\Program Files\thriXXX\3D SexVilla 2 - Everlust\Binaries\Uninstall-3DSexVilla2-Everlust-051.001.exe"
thriXXX WebLaunch --> C:\Program Files\thriXXX\WebLaunch\WebLaunchUninstall.exe
TomTom HOME --> C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TouchChip USB Driver 2.10 --> MsiExec.exe /I{3E42ED1C-9790-416C-8B0D-8FF7498FDD40}
TrueCrypt --> "C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u
UltraMon --> MsiExec.exe /I{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}
USB Video Device --> C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly
VC_MergeModuleToMSI --> MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
vEmotion - VoIP audio assistant --> C:\Program Files\freebird\vEmotion\Uninstall.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software 6.0.1.5300 --> MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Xilisoft DVD Ripper Platinum 4 --> C:\Program Files\Xilisoft\DVD Ripper Platinum 4\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type6487 / Error
Event Submitted/Written: 08/15/2008 00:42:57 PM
Event ID/Source: 3002 / LoadPerf
Event Description:
:16

Event Record #/Type6485 / Error
Event Submitted/Written: 08/15/2008 00:37:56 PM
Event ID/Source: 1542 / profsvc
Event Description:
Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Event Record #/Type6483 / Error
Event Submitted/Written: 08/15/2008 00:37:03 PM
Event ID/Source: 1542 / profsvc
Event Description:
Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Event Record #/Type6479 / Error
Event Submitted/Written: 08/15/2008 00:36:56 PM
Event ID/Source: 1542 / profsvc
Event Description:
Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Event Record #/Type6476 / Success
Event Submitted/Written: 08/15/2008 00:36:40 PM
Event ID/Source: 5617 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type123776 / Warning
Event Submitted/Written: 08/15/2008 06:36:03 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%CYPHERACE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %CYPHERACE27 can't undo changes that you allow.

For more information please see the following:
%CYPHERACE275

Scan ID: {FE7DBF12-DC56-4640-AA58-E6BDB7D43F7D}

User: CYPHERACE\Administrator

Name: %CYPHERACE271

ID: %CYPHERACE272

Severity ID: %CYPHERACE273

Category ID: %CYPHERACE274

Path Found: %CYPHERACE276

Alert Type: %CYPHERACE278

Detection Type: 1.1.1600.02

Event Record #/Type123775 / Warning
Event Submitted/Written: 08/15/2008 06:36:03 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%CYPHERACE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %CYPHERACE27 can't undo changes that you allow.

For more information please see the following:
%CYPHERACE275

Scan ID: {E22CB908-60D0-41D4-918A-40FF66C49462}

User: CYPHERACE\Administrator

Name: %CYPHERACE271

ID: %CYPHERACE272

Severity ID: %CYPHERACE273

Category ID: %CYPHERACE274

Path Found: %CYPHERACE276

Alert Type: %CYPHERACE278

Detection Type: 1.1.1600.02

Event Record #/Type123774 / Warning
Event Submitted/Written: 08/15/2008 06:36:03 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%CYPHERACE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %CYPHERACE27 can't undo changes that you allow.

For more information please see the following:
%CYPHERACE275

Scan ID: {F25A234B-872E-4915-9847-5118A4C41C1B}

User: CYPHERACE\Administrator

Name: %CYPHERACE271

ID: %CYPHERACE272

Severity ID: %CYPHERACE273

Category ID: %CYPHERACE274

Path Found: %CYPHERACE276

Alert Type: %CYPHERACE278

Detection Type: 1.1.1600.02

Event Record #/Type123773 / Warning
Event Submitted/Written: 08/15/2008 06:36:01 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%CYPHERACE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %CYPHERACE27 can't undo changes that you allow.

For more information please see the following:
%CYPHERACE275

Scan ID: {BF154082-8FE6-43BF-A61B-300BB13EE30A}

User: CYPHERACE\Administrator

Name: %CYPHERACE271

ID: %CYPHERACE272

Severity ID: %CYPHERACE273

Category ID: %CYPHERACE274

Path Found: %CYPHERACE276

Alert Type: %CYPHERACE278

Detection Type: 1.1.1600.02

Event Record #/Type123772 / Warning
Event Submitted/Written: 08/15/2008 06:36:01 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%CYPHERACE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %CYPHERACE27 can't undo changes that you allow.

For more information please see the following:
%CYPHERACE275

Scan ID: {7EEE1709-F4C2-419D-84C8-5964DCB31899}

User: CYPHERACE\Administrator

Name: %CYPHERACE271

ID: %CYPHERACE272

Severity ID: %CYPHERACE273

Category ID: %CYPHERACE274

Path Found: %CYPHERACE276

Alert Type: %CYPHERACE278

Detection Type: 1.1.1600.02



-- End of Deckard's System Scanner: finished at 2008-08-15 18:37:09 ------------
  • 0

#6
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
Hi ComputerAdvocate :) Just a few things to do.

Step 1: Please do an online scan with Kaspersky WebScanner
- Click on "Kaspersky Online Scanner" and click "Accept"

You will be prompted to install an ActiveX component from Kaspersky, Click "Yes".
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on "NEXT"
- Next click on "Scan Settings"
- In the scan settings make that the following are selected:
"Scan using the following Anti-Virus database:"
"Extended" (if available otherwise "Standard")

- Scan Options:
"Scan Archives"
"Scan Mail Bases"

- Click "OK"

- Now under "select a target to scan" select "My Computer"
- The program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.

Next click on the "Save as Text" button:
- Save the file to your desktop.
- Copy and paste that information in your next post.

Step 2: Please Download OTMoveIt2 by OldTimer
- Save it on your desktop.
- Double-click "OTMoveIt2.exe" to run it. (Vista users, please right click on "OTMoveit2.exe" and select "Run as an Administrator")
- Copy the text in the code box below to the clipboard by highlighting all of it and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
[kill explorer]
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f3d860e-c45b-11dc-afc9-806e6f6e6963}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2da378b-5942-11dd-8bb0-001b386f8b69}
purity
[start explorer]
- Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose "Paste".
- Click the red "Moveit!" button.
- A log of files and folders moved will be created in the "c:\_OTMoveIt\MovedFiles" folder in the form of Date and Time ("mmddyyyy_hhmmss.log"). Please open this log in Notepad and post its contents in your next reply.
- Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes"

Step 3: You have old java installations still that need to be removed as well.
- Please go to Start > Control Panel > Add/Remove Programs and remove the following:
- J2SE Runtime Environment 5.0 Update 9
- Java™ 6 Update 3
- Java™ 6 Update 5
  • 0

#7
ComputerAdvocate

ComputerAdvocate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
I'll take care of all this tomorrow night, sorry for delay but I'm moving into my new place so things are wild.
  • 0

#8
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
No problems :) Good luck with the move.
  • 0

#9
ComputerAdvocate

ComputerAdvocate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Here is the Kaspersky Log:


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 18, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 17, 2008 23:49:41
Records in database: 1103275
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 164153
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:07:02


File name / Threat name / Threats count
C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\DRDld\mbam-setup.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1

The selected area was scanned.
  • 0

#10
ComputerAdvocate

ComputerAdvocate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Here is the MoveIT log, by the way I can't find the J2SE Runtime Environment 5 Update 9 to uninstall it.

Explorer killed successfully
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f3d860e-c45b-11dc-afc9-806e6f6e6963} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f3d860e-c45b-11dc-afc9-806e6f6e6963}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2da378b-5942-11dd-8bb0-001b386f8b69} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2da378b-5942-11dd-8bb0-001b386f8b69}\\ deleted successfully.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08182008_085933
  • 0

#11
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
Hi ComputerAdvocate :)

Don't worry about the java install you can't find. That was my fault, you didn't have it installed :) Now just cleaning up what we've done and you're good :)

Step 1: Remove Tools We Used
- Make sure you have an Internet Connection.
- Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
- Click on the CleanUp! button
- A list of tool components used in the Cleanup of malware will be downloaded.
- If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
- Click Yes to begin the Cleanup process and remove these components, including this application.
- You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Step 2: Reset and Re-enable your System Restore
This removes infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore
- On the Desktop, right-click My Computer.
- Click Properties.
- Click the System Restore tab.
- Check Turn off System Restore.
- Click Apply, and then click OK.

2. Restart your computer

3. Turn ON System Restore
- On the Desktop, right-click My Computer.
- Click Properties.
- Click the System Restore tab.
- UN-Check Turn off System Restore.
- Click Apply, and then click OK.

System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you do the following:
  • Update and run a full scan weekly with your antivirus. Remember to only have one antivirus program installed at a time.
     
  • Update and run a full scan weekly with your anti-spyware/anti-malware. A couple good free programs are: Superantispyware, Spybot, Malwarebytes Anti-Malware, and SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.
     
  • To reduce malware infection in the future try using these free programs: SpywareBlaster protects against bad ActiveX and IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Have a look at this tutorial for IE-Spyad here
     
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
     
  • Make Internet Explorer more secure
    - Click "Start" > "Run"
    - Type "Inetcpl.cpl" & click "OK"
    - Click on the "Security" tab
    - Click "Reset all zones to default level"
    - Make sure the "Internet Zone" is selected & Click "Custom level"
    - In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    - Next Click "OK", then "Apply" button and then "OK" to exit the Internet Properties page.
     
  • To keep your operating system up to date visit Microsoft Windows Update monthly.
     
  • To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?
Have a safe and happy computing day! ;)
  • 0

#12
ComputerAdvocate

ComputerAdvocate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Thanks so much, everything is great.
  • 0

#13
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
You're welcome :)
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP