new guy with a HJT log

[phasmaluna]

when ever an expert gets some free time can you please review my hijackThis log and let me know if i should do anything. i try and stay on top of removing and staying away from spyware/trojans/viruses just wondering if i missed anything because the past week my CPU usage has been out of control and my processor seems to be constantly "crunching" slowing down whatever apps i am using greatly. I have no error messages, however sometimes explorer freezes where the desktop icons, start menu, quick launch, and sys tray disappear and then reappear after 30 or so seconds.

Thank you.

Jason

 

[howard_hopkinso]

Hello and welcome to Techspot.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how HERE.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Viewpoint
Viewpoint Toolbar
Viewpoint Manager
PartyGaming
PartyPoker
TRISNA~1

Close control panel.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

SysEnforce

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

SYSENF~1.EXE
ViewMgr.exe
RunApp.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe

O11 - Options group: [INTERNATIONAL] International*

O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
C:\program files\PartyGaming<Delete the entire folder.
C:\Program Files\Viewpoint<Delete the entire folder.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log as well as an AVG Antispyware log. See HERE for instructions on downloading, installing and running AVG Antispyware.

Regards Howard :wave: :wave:

This thread is for the use of phasmaluna only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[phasmaluna]

thank you

i did as you directed and i am running the AVG scan right now in the mean time i found something in my add/remove progs a file named :Q its not a colon in the front its like 2 vertical lines instead of dots and when i tried to uninstall it i got an error message

Unable to locate the installation log file 'C:\TSURUSHI\Uninst.isu

i was wondering what is that all about?

looks like i got another 5-10 or so mins on the AVG scan ill post a new HJT and AVG scan log when its done

once again i appreciate your assistance and knowledge

Jason

 

[howard_hopkinso]

Once I have your log files, I`ll be in a better position to advise you.

Can you upload a pic of your add remove programmes list?

Regards Howard

This thread is for the use of phasmaluna only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[phasmaluna]

screen shot

still waiting on the AVG scan

here is the screen shot

attached

 

[howard_hopkinso]

I can`t find any info on ¦Q so I haven`t a clue what it is.

Do a search of your system for ¦Q and see what comes up.

Regards Howard

This thread is for the use of phasmaluna only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[phasmaluna]

HJT and AVG reports

here you go...

as far as ¦Q i searched and found nothing as well both on google and a search on my computer

 

[howard_hopkinso]

Your HJT log is clean.

However, we need to get rid of the following.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how HERE.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

thriXXX
VirtuallyJenna

Close control panel

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

SetupDTSB.exe
VirtuallyJenna-017.002-start.exe

Close task manager.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\DAEMON Tools\SetupDTSB.exe
C:\Program Files\thriXXX\VirtuallyJenna<Delete the entire folder.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Run the Ccleaner programme as per the instructions in this thread HERE.

Let me know how your system is running.

Regards Howard

This thread is for the use of phasmaluna only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[phasmaluna]

applause

thank you very much for all your help. my system seems to be running a lot faster. i need my computer for my only source of income so it is very important to my livelyhood.

final question is there a program that can "shred" all the files i have deleted in the past make everything i threw away in the recycle bin never be able to come back even with a data recover program?

Thank you once again

Jason

 

[howard_hopkinso]

The Ccleaner programme can do that. Run the programme and click options/settings, click the secure file deletion button and set the file deletion to whatever level of security you want from the options available. Instructions for downloading and running Ccleaner can be found in this thread HERE.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of phasmaluna only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.