Let's make sure that we've removed the lot before we cleanup after the tools and do the prevention.
Step 1.
Uninstall unwanted software:
Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):
Viewpoint Media Player
Step 2.
Filescan:
- Using Internet Explorer please go to VirSCAN.org FREE on-line scan service
- Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
- C:\WINDOWS\uccspecb.sys
- Click on the Upload button
- Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
- Paste the contents of the Clipboard in your next reply.
Step 3.
OTL-fix:
Run OTL.exe
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O15 - HKLM\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone. [2007/04/24 15:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2006/01/09 22:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Rosenblatt\Application Data\.bittorrent [2006/12/07 03:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Rosenblatt\Application Data\Azureus :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "58843:TCP"=- "58843:UDP"=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Azureus\Azureus.exe"=- "C:\Program Files\BitTorrent\bittorrent.exe"=- :Commands [purity] [emptytemp] [start explorer] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
- Then post the OTL fixlog
Step 4.
Things I would like to see in your reply:
- The content of the result from the filescan in step 2.
- The content of the fixlog from OTL in step 3.
- Information on how your computer is running now.