8 step process followed. Logs attached, help

Status
Not open for further replies.
My apology for the delay. Do you still need help?

Multiple iexplore.exe processes are normal with IE8.

You are running adware called PowerReg Scheduler V3.exe

I recommend removing it:

Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Check Add/Remove Programs in the Control Panel. If listed there, highlight and uninstall.

Access Windows Explorer: Right click on Start> Explore> My Computer> Local Drive> go to Tools> Folder Options> View tab> check 'show hidden files and folders'> Uncheck 'hide system and protected files'> Apply> OK.

C> Users> your user name> look for the folder for Powerreg Scheduler v3 and do a right click> Delete.

Go back and hide the files and folders> Apply> OK.

Empty the Recycle Bin
Reboot and see if that makes a difference.
 
Can't find powerreg

Hi Bobbye,

I tried to find the file in safemode and was unable to do so. I checked both the add/remove programs and windows explorer and to no avail. Any ideas on how to find it?

Thanks!
 
Before I forget again: you have Windows Vista SP1. You are behind on the SP. When we finish, please Visit the Microsoft Download Site
You should get All updates marked Critical and the current SP updates: Vista> SP2.

How much RAM do you have instlled on the system? This can cause a slowdown or freeze if too low. Vista should have at least 2MB of RAM.

Here is the full path from Superantispyware:
C:\USERS\RIGNEY\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\POWERREG SCHEDULER V3.EXE

It may be a hidden file so do this first:
Control Panel> Folder Options> View tab> Check 'show hidden files and folders'> Uncheck 'hide system and operating room files- Recommended'> Apply> OK

Try the search again.

Check and see if it's still on the Startup menu: Look here first:
Right click on Start> Click on Open All Users> Click on Programs> if here>>>>

Clcik on Start> Run> type in msconfig> enter> Selective Startup> Startup menu> look for Power Reg> if found uncheck> Apply> OK

Then complete the removal while still in Safe Mode.

Go back and rehide the files.
Empty the recycle Bin

NOTE: when you reboot for the first time after hanging the Startup, you will get a nag message that you can ifnore and close after checking 'don't show this message again.' Stay in Selective Startup.

Follow with Please download ComboFix HERE:
  • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
  • Run Combo-Fix.exe and follow the prompts.
    (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
  • Wait for the scan to be completed.
  • If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Notes:

  • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Attach Combofix report.

Rescan with HijackThis and paste that report in.
 
I updated to SP2 and continued to look but could not find it, even after looking at hidden files. Where else would I be able to find it?
 
8 step process followed

Hello,
I looked in the location you asked me to and the only thing I found was a program called PMB from Sony. I deleted it because I did not use it anyway. I also remembered that the computer started acting funny after I added the software with a new camera. Anyway after deleting the program I did the Combofix and Hijack this. Logs attached. Thanks so much for your help.
 
Sees to have gotten better

Hi Bobbye,

My computer seems much better after I deleted the PMB software, it doesnot lock up on the internet. Do all of the logs looks ok now? Thanks so much for your help.
 
Okay, but I have a question:

How are you using this entry?
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.3; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; Zune 4.0)" -"http://www.freeonlinegames.com/arcade-games/police-chopper.html"

I ask because another person had a similar entry yesterday- not for the game site, but most of the rest.

You can remove the cleaning tools now:

Uninstall ComboFix.exe And all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg

Remove all of the tools we used and the files and folders they created
  • DownloadOTCleanIt by OldTimer
  • Save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

If you are prompted to Reboot during the cleanup, select Yes.

You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
  • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire.
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

More details and screenshots for Disk Cleanup in Windows Vista can be found here.

If I can be of help in the future, please let me know.
 
Status
Not open for further replies.
Back