TechSpot

System Check virus?

Solved
By Timock
Jan 11, 2012
  1. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    That's the way to do it...
  2. Timock

    Timock Newcomer, in training Topic Starter Posts: 35

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0
  3. Timock

    Timock Newcomer, in training Topic Starter Posts: 35

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access
    "1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002
  4. Timock

    Timock Newcomer, in training Topic Starter Posts: 35

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Yahoo!\Messenger\YPAGER.EXE" = C:\Program Files\Yahoo!\Messenger\YPAGER.EXE:*:Enabled:Yahoo! Messenger
    "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
    "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabled:Dreamweaver MX -- (Macromedia, Inc.)
    "C:\Program Files\Ipswitch\WS_FTP Home\wsftpgui.exe" = C:\Program Files\Ipswitch\WS_FTP Home\wsftpgui.exe:*:Enabled:WS_FTP Pro Application
    "C:\Program Files\Rufus\rufus.exe" = C:\Program Files\Rufus\rufus.exe:*:Enabled:rufus
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian
    "C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
    "C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component
    "C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6
    "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
    "C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
    "C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
    "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM
    "C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
    "C:\Program Files\Raptr\raptr.exe" = C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client
    "C:\Program Files\Raptr\raptr_im.exe" = C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM
  5. Timock

    Timock Newcomer, in training Topic Starter Posts: 35

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{084709F7-38C5-4609-B55F-2417939315EB}" = Adobe Premiere Pro
    "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "{183B7569-90FB-4C56-9761-0EEB002CAB83}" = Adobe Camera Raw 4.0
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Arcade 3.0
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
    "{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
    "{2ECE7ECE-D15B-4999-8B8D-01C998F489D5}" = Adobe Encore DVD 2.0
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
    "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
    "{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
    "{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
    "{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
    "{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}" = Adobe Version Cue CS3 Client
    "{424CB226-23FE-4429-A85F-C893D381897F}" = Teaching-you Guitar Skills
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A1E81C0-83BA-45BC-9A2B-0E5CC62905DB}" = Music Coach Player
    "{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}" = Adobe ExtendScript Toolkit 2
    "{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
    "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePowerManagement
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}" = Adobe Bridge CS3
    "{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
    "{718CF0D3-DCDF-428E-9F6C-258F065C8D6D}" = McAfee Desktop Firewall 8.5
    "{733D84D6-AAFD-4368-A1D0-F2734F6B9082}" = Adobe Help Viewer CS3
    "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.4.7.121
    "{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
    "{7F3A2319-79CF-4701-95FB-034E99281808}" = Adobe Bridge Start Meeting
    "{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
    "{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.1
    "{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}" = Adobe Asset Services CS3
    "{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = TIxx21
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
    "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
    "{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
    "{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
    "{B045B608-4A47-4C77-9EAD-06C394503306}" = iTunes
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
    "{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNetManagement
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}" = Adobe Update Manager CS3
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{E12A328A-7F9C-48FB-9E98-F51549FEC2B6}" = Philips SPC 300NC PC Camera
    "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
    "{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
    "8461-7759-5462-8226" = Vuze
    "Adobe Encore DVD 2.0" = Adobe Encore DVD 2.0
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe SVG Viewer" = Adobe SVG Viewer 3.0
    "Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
    "Audacity_is1" = Audacity 1.2.6
    "avast" = avast! Free Antivirus
    "Cambridge- English Grammar in Use" = Cambridge- English Grammar in Use
    "CDisplay_is1" = CDisplay 1.8
    "Conexant PCI Audio" = Conexant AC-Link Audio
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "EPSON Printer and Utilities" = EPSON Printer Software
    "GoogleVideoPlayer" = Google Video Player
    "GridVista" = Acer GridVista
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
    "InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
    "LManager" = Launch Manager
    "Macromedia Shockwave Player" = Macromedia Shockwave Player
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PeerGuardian_is1" = PeerGuardian 2.0
    "Prism" = Prism
    "Professor Answers" = Professor Answers
    "Professor Teaches Excel 2003" = Professor Teaches Excel 2003
    "Professor Teaches Outlook 2003" = Professor Teaches Outlook 2003
    "ProInst" = Intel(R) PROSet/Wireless Software
    "SIPPS!UninstallKey" = SIPPS
    "Spotify" = Spotify
    "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
    "Switch" = Switch Sound File Converter
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TuneUpMedia" = TuneUp Companion 1.5.9
    "TVTool" = TVTool
    "TVUPlayer" = TVUPlayer 2.3.2.19
    "VLC media player" = VideoLAN VLC media player 0.8.4a
    "WIC" = Windows Imaging Component
    "Winamp" = Winamp
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Internet Mail" = Yahoo! Internet Mail
    "Yahoo! Messenger with BT Communicator" = Yahoo! Messenger with BT Communicator
    "Yahoo! Toolbar" = Yahoo! Toolbar
  6. Timock

    Timock Newcomer, in training Topic Starter Posts: 35

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/01/2012 11:16:44 | Computer Name = | Source = Application Error | ID = 1000
    Description = Faulting application acer.scr, version 0.0.0.0, faulting module kernel32.dll,
    version 5.1.2600.5781, fault address 0x00012afb.

    Error - 11/01/2012 12:54:25 | Computer Name = | Source = Application Error | ID = 1000
    Description = Faulting application acer.scr, version 0.0.0.0, faulting module kernel32.dll,
    version 5.1.2600.5781, fault address 0x00012afb.

    Error - 11/01/2012 16:49:44 | Computer Name = | Source = Application Error | ID = 1000
    Description = Faulting application acer.scr, version 0.0.0.0, faulting module kernel32.dll,
    version 5.1.2600.5781, fault address 0x00012afb.

    Error - 12/01/2012 08:49:04 | Computer Name = | Source = Application Error | ID = 1000
    Description = Faulting application acer.scr, version 0.0.0.0, faulting module kernel32.dll,
    version 5.1.2600.5781, fault address 0x00012afb.

    Error - 12/01/2012 10:56:21 | Computer Name = | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x715b9e59.

    Error - 13/01/2012 13:20:24 | Computer Name = | Source = Application Error | ID = 1000
    Description = Faulting application acer.scr, version 0.0.0.0, faulting module kernel32.dll,
    version 5.1.2600.5781, fault address 0x00012afb.

    Error - 13/01/2012 16:44:50 | Computer Name = | Source = Application Error | ID = 1000
    Description = Faulting application acer.scr, version 0.0.0.0, faulting module kernel32.dll,
    version 5.1.2600.5781, fault address 0x00012afb.

    Error - 13/01/2012 16:47:39 | Computer Name = | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 0.0.0.0, faulting module
    , version 0.0.0.0, fault address 0x00000000.

    Error - 14/01/2012 10:24:01 | Computer Name = | Source = Application Error | ID = 1000
    Description = Faulting application acer.scr, version 0.0.0.0, faulting module kernel32.dll,
    version 5.1.2600.5781, fault address 0x00012afb.

    Error - 15/01/2012 10:49:32 | Computer Name = | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module
    iexplore.exe, version 0.0.0.0, fault address 0x0008d1c0.

    [ System Events ]
    Error - 15/01/2012 09:38:56 | Computer Name = | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Fips intelppm tvtool

    Error - 15/01/2012 10:40:52 | Computer Name = | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Fips intelppm tvtool

    Error - 15/01/2012 10:49:13 | Computer Name = | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 15/01/2012 15:13:10 | Computer Name = | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    tvtool

    Error - 15/01/2012 15:15:04 | Computer Name = | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 15/01/2012 17:18:13 | Computer Name = | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 15/01/2012 17:18:22 | Computer Name = | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.0.4 for the Network Card with network
    address 00C09FB1159C has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 15/01/2012 17:18:42 | Computer Name = | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 15/01/2012 17:18:58 | Computer Name = | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Fips intelppm tvtool

    Error - 15/01/2012 17:19:00 | Computer Name = | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


    < End of report >
  7. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - [2011/06/26 08:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\Timock10426T\pev.3XE -- (PEVSystemStart)
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (Wanadoo) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
      O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found
      O4 - HKLM..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe File not found
      O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey File not found
      O4 - HKLM..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" File not found
      O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe File not found
      O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe File not found
      O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe File not found
      O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe File not found
      O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - D:\DVDREG~1\DVDShell.dll File not found
      [2012/01/07 16:02:56 | 000,000,456 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\rvn4Uw7wiU5Dge
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [resethosts]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================================

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  8. Timock

    Timock Newcomer, in training Topic Starter Posts: 35

    All processes killed
    ========== OTL ==========
    Service PEVSystemStart stopped successfully!
    Service PEVSystemStart deleted successfully!
    C:\Timock10426T\pev.3XE moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
    C:\Program Files\Spybot - Search & Destroy\SDHelper.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8B68564D-53FD-4293-B80C-993A9F3988EE} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B68564D-53FD-4293-B80C-993A9F3988EE}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E0E899AB-F487-11D5-8D29-0050BA6940E3} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0E899AB-F487-11D5-8D29-0050BA6940E3}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast5 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\McAfeeFireTray deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\McAfeeUpdaterUI deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Network Associates Error Reporting Service deleted successfully.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MySpaceIM deleted successfully.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\MySpaceIM not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{93994DE8-8239-4655-B1D1-5F4E91300429} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93994DE8-8239-4655-B1D1-5F4E91300429}\ deleted successfully.
    C:\Documents and Settings\All Users\Application Data\rvn4Uw7wiU5Dge moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: All Users

    User: NetworkService
    ->Temp folder emptied: 3952 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 348 bytes

    User: wayne
    ->Temp folder emptied: 2116396246 bytes
    ->Temporary Internet Files folder emptied: 44292576 bytes
    ->Java cache emptied: 24585813 bytes
    ->FireFox cache emptied: 44492487 bytes
    ->Flash cache emptied: 435644 bytes

    User: Application Data

    User: Administrator
    ->Temp folder emptied: 5411874 bytes
    ->Temporary Internet Files folder emptied: 7728875 bytes
    ->FireFox cache emptied: 3450604 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 39186 bytes
    %systemroot%\System32 .tmp files removed: 144913 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 3119 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 2,143.00 mb


    [EMPTYJAVA]

    User: Default User

    User: All Users

    User: NetworkService

    User: LocalService

    User: wayne
    ->Java cache emptied: 0 bytes

    User: Application Data

    User: Administrator

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Default User

    User: All Users

    User: NetworkService

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: wayne
    ->Flash cache emptied: 0 bytes

    User: Application Data

    User: Administrator

    Total Flash Files Cleaned = 0.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
    Error: Unable to interpret <[Reboot]Then click the Run Fix button at the top > in the current context!

    OTL by OldTimer - Version 3.2.31.0 log created on 01162012_025642

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3TE1GG7H\topic176020-2[1].html not found!

    Registry entries deleted on Reboot...
  9. Timock

    Timock Newcomer, in training Topic Starter Posts: 35

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 6 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Disabled!
    avast! Free Antivirus
    McAfee Desktop Firewall 8.5
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Out of date Spybot installed!
    Spybot - Search & Destroy 1.4
    Windows Defender
    Windows Defender Signatures
    TuneUp Companion 1.5.9
    Java(TM) 6 Update 18
    Java(TM) SE Runtime Environment 6 Update 1
    Java(TM) 6 Update 3
    Out of date Java installed!
    Adobe Flash Player ( 10.3.183.7) Flash Player Out of Date!
    Mozilla Firefox (3.6.25) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Windows Defender MsMpEng.exe
    ``````````End of Log````````````
  10. Timock

    Timock Newcomer, in training Topic Starter Posts: 35

    Farbar Service Scanner
    Ran by Administrator (administrator) on 16-01-2012 at 03:20:19
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Nerwork
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    Windows Update:
    ===========
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

    BITS Service is not running. Checking service configuration:
    The start type of BITS service is set to Demand. The default start type is Auto.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".

    EventSystem Service is not running. Checking service configuration:
    The start type of EventSystem service is OK.
    The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
    The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    AegisP(10) Gpc(7) IPSec(5) irda(3) NetBT(6) PSched(8) s24trans(9) Tcpip(4)
    0x0B00000005000000010000000200000003000000040000000B000000060000000700000008000000090000000A000000
    IpSec Tag value is correct.

    **** End of log ****
  11. Timock

    Timock Newcomer, in training Topic Starter Posts: 35

    I'm trying to start ESET online Scanner, doesn't want to start ?

    Click Yes, I accept the terms of use, press start nothing happens. Doesn't even have a button function when you press it. Odd.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Try different browser.
  13. Timock

    Timock Newcomer, in training Topic Starter Posts: 35

    Okay, Eset online scanner running, looks like its going to take some time. Will check back in the morning. Cheers.
  14. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    No problem :)
  15. Timock

    Timock Newcomer, in training Topic Starter Posts: 35

    Eset Scanner Log

    C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
    C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP1666\A0265306.exe a variant of Win32/Kryptik.YMN trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP1666\A0265307.exe a variant of Win32/Kryptik.YMN trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP1666\A0265308.exe probably a variant of Win32/Spy.Banker.HYQAPRP trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP1666\A0271394.exe a variant of Win32/1AntiVirus application deleted - quarantined
    C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP1667\A0285505.exe Win32/RegistryBooster application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP1667\A0285506.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
    D:\Premiere setup\Total.Com probably a variant of Win32/Agent.IPXADAE trojan deleted - quarantined
    D:\Premiere setup\Andere Software\Total.Com probably a variant of Win32/Agent.IPXADAE trojan deleted - quarantined
  16. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Update Internet Explorer to version 8.

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ============================================================

    Go Start>Run, paste this command:

    sc config bits start=auto

    Click OK.

    Restart computer.

    Post new FSS log.
  17. Timock

    Timock Newcomer, in training Topic Starter Posts: 35

    Okay explorer 8 and adobe flash player installation no problem. When it gets to Java it will not install, have tried both explorer and mozilla firefox.

    When it gets to the final installation process I get the following message

    The system adminstrator has set policies to prevent this installation.

    I ran JavaRa worked in mozilla and ran that no problem.


    Do you still wish for me to do the last part

    (Go Start>Run, paste this command:

    sc config bits start=auto

    Click OK.

    Restart computer.

    Post new FSS log. )

    I don't know what else I can do to get Java to install.
  18. Broni

    Broni Malware Annihilator Posts: 46,479   +252

  19. Timock

    Timock Newcomer, in training Topic Starter Posts: 35

    Tried Java stand alone installer, same problem.

    -------

    Farbar Service Scanner
    Ran by Administrator (administrator) on 17-01-2012 at 00:26:18
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Nerwork
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    Windows Update:
    ===========
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

    BITS Service is not running. Checking service configuration:
    The start type of BITS service is set to Demand. The default start type is Auto.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".

    EventSystem Service is not running. Checking service configuration:
    The start type of EventSystem service is OK.
    The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
    The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    AegisP(10) Gpc(7) IPSec(5) irda(3) NetBT(6) PSched(8) s24trans(9) Tcpip(4)
    0x0B00000005000000010000000200000003000000040000000B000000060000000700000008000000090000000A000000
    IpSec Tag value is correct.

    **** End of log ****
  20. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    I suggest you start new topic in Windows forum regarding Java issue.

    Other than that....

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  21. Timock

    Timock Newcomer, in training Topic Starter Posts: 35

    Unfortunately its still as it was in functionality, system check icon is still there next to the start icon. Most of the programmes are still saying empty when I click on them?

    Are those programmes lost do I have to reinstall them ?
    Here is the log you requested

    User: All Users

    User: NetworkService
    ->Temp folder emptied: 4350 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: wayne
    ->Temp folder emptied: 401 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Application Data

    User: Administrator
    ->Temp folder emptied: 1643210 bytes
    ->Temporary Internet Files folder emptied: 63342693 bytes
    ->Java cache emptied: 2040 bytes
    ->FireFox cache emptied: 44046949 bytes
    ->Flash cache emptied: 456 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 555459 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 105.00 mb


    [EMPTYFLASH]

    User: Default User

    User: All Users

    User: NetworkService

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: wayne
    ->Flash cache emptied: 0 bytes

    User: Application Data

    User: Administrator
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Default User

    User: All Users

    User: NetworkService

    User: LocalService

    User: wayne
    ->Java cache emptied: 0 bytes

    User: Application Data

    User: Administrator
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.31.0 log created on 01172012_004938

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
  22. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Right click on it, click "Delete".

    Unfortunately you'll have to fix it manually.
    See my guide HERE

    Any other issues?
  23. Timock

    Timock Newcomer, in training Topic Starter Posts: 35

    Task manager is still disabled due to administrator.

    Right clicking on desktop is unresponsive.


    Good news is mozilla is on with all my bookmarks, for that you alone you deserve high praise. I will follow your guide to manually restore programmes. Am I able to PM you or should I reply in this thread. If I have any other problems. I will sort out Java where you suggested.
  24. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    I don't see any wrong setting regarding "Task Manager".
    Can you give me more details?

    I don't lock my topics so if anything happens in the future you can always post back here.
  25. Timock

    Timock Newcomer, in training Topic Starter Posts: 35

    Also when I press start the basic icons for documents,pictures,music, network, control panel, help and surport, etc... is not there. I assume there will return when I follow you manual fix guide.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.