Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

CPU powers on by itself

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

CPU powers on by itself

Unread postby jennick8707 » February 27th, 2008, 6:02 am

Just did an upgrade, new MB, CPU, Ram. Used same HD and did not formatt. Validated XP and the system runs fine except for one thing: Computer turns itself on almost every night sometime after midnight. Any ideas?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:57:58 AM, on 2/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hamptonroads.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... ase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 5410341265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5410313296
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 6767 bytes
jennick8707
Regular Member
 
Posts: 18
Joined: April 20th, 2007, 4:50 pm
Advertisement
Register to Remove

Re: CPU powers on by itself

Unread postby Elrond » March 3rd, 2008, 7:00 am

Hi and welcome

I'm Elrond and I'll be glad to help you with your computer problems.

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please only use this topic for your replies on this problem. Do not start another thread.
Please note that the fixes we will use are specific to your problems on this computer and should only be used for this problem on this computer.
These things need to be properly researched and a complete fix for many malware problems can take some time and be spread over a number of posts, so please be patient and try to see it through to the end.

Before we start: Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.
  • Please note that you should have Administrator rights to perform the fixes. (XP accounts are Administrator by default) Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.



Please note that I will be off line for about 26 hours (sundown Friday until nightfall Saturday my local time) every week.


Open "HijackThis". Click on "Open Misc.Tool Section".
Use the scroll bar on the right and scroll down to "Open Uninstall Manager". Click it.
On the right you will find "Save List". Click it.
The log that you just saved will appear.
Use "Copy" and "Paste" to add it to your next post.


I can not see anything that is not legitimate of any consequense in your log. It sounds as if it could be some setting in XP that maked the computer do that. However before we do anything else I want to as far as possible rule out malware.

Download Deckard's System Scanner (DSS)
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply

Once complete, please post both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.


I would also like you to
Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Please post the two logs from Deckards System Scaner and the log from ESET online scanner. That will give us a better idea of what is going on.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: CPU powers on by itself

Unread postby jennick8707 » March 4th, 2008, 6:08 am

Elrond, thanks for helping.

Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS
Adobe Photoshop CS2
Adobe Reader 8.1.0
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe® Photoshop® Album Starter Edition 3.0
AnyDVD
AVG Anti-Spyware 7.5
AVG Anti-Virus 7.1
CDDRV_Installer
COMODO Firewall Pro
ContextTool
Documents To Go
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EA Download Manager
EA SPORTS online 2008
Google Earth
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
Java DB 10.2.2.0
Java(TM) 6 Update 3
Java(TM) SE Development Kit 6 Update 3
KhalInstallWrapper
Logitech Gaming Software
Logitech Registration
Logitech SetPoint
McAfee SiteAdvisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Visual C++ 2005 Redistributable
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Nero 6 Ultra Edition
NHL07
NVIDIA Drivers
NVIDIA nTune
oggcodecs 0.71.0946
Palm
PowerDVD
PowerISO
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Skype 2.5
Spam Bully 3 for Outlook 3.0.0.30
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
TeamSpeak 2 RC2
TeamSpeak Overlay BETA 2 (#63)
Tiger Woods PGA TOUR 08
TuneUp Utilities 2006
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781


Deckard's System Scanner v20071014.68
Run by Owner on 2008-03-04 05:02:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
69: 2008-03-04 10:02:47 UTC - RP91 - Deckard's System Scanner Restore Point
68: 2008-03-03 10:13:24 UTC - RP90 - System Checkpoint
67: 2008-03-02 09:04:25 UTC - RP89 - System Checkpoint
66: 2008-03-01 08:04:31 UTC - RP88 - System Checkpoint
65: 2008-02-29 07:09:54 UTC - RP87 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-12-06 21:32:57 UTC - RP23 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:49 AM, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\9E4JYIY2\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hamptonroads.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... ase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 5410341265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5410313296
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 6807 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - c:\windows\system32\drivers\sfsync03.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>

S0 szkg - c:\windows\system32\drivers\szkg.sys (file missing)
S2 zntport (NTPort Library Driver) - c:\windows\system32\zntport.sys (file missing)
S3 AmdLLD (AMD Low Level Device Driver) - c:\windows\system32\drivers\amdlld.sys (file missing)
S3 AmdTools (AMD Special Tools Driver) - c:\windows\system32\drivers\amdtools.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>

S3 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "c:\program files\tuneup utilities 2006\winstylerthemesvc.exe" <Not Verified; TuneUp Software GmbH; TuneUp Utilities>
S4 Rdscamtnch -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-04 02:08:37 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-02-29 17:15:00 390 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2006-11-12 22:57:14 342 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1140666975.job


-- Files created between 2008-02-04 and 2008-03-04 -----------------------------

2008-02-29 22:25:23 0 d-------- C:\THE_GAME_PLAN
2008-02-27 04:57:44 0 d-------- C:\Program Files\Trend Micro
2008-02-23 03:21:57 0 d-------- C:\Program Files\Windows Live Safety Center
2008-02-19 19:33:44 0 d-------- C:\Documents and Settings\JENNY\Application Data\Logitech
2008-02-15 13:32:09 0 d-------- C:\Documents and Settings\Owner\Application Data\Logitech
2008-02-15 13:32:02 0 d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2008-02-15 13:32:01 0 d-------- C:\Program Files\Common Files\LogiShared
2008-02-15 13:30:09 69632 --a------ C:\WINDOWS\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-02-15 13:30:09 110592 --a------ C:\WINDOWS\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-02-15 13:30:09 135168 --a------ C:\WINDOWS\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-02-15 13:30:09 163840 --a------ C:\WINDOWS\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-02-15 13:29:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-02-15 13:29:38 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-02-15 13:29:27 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-02-14 19:48:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Move Networks
2008-02-13 19:51:09 0 d-------- C:\Program Files\TSO


-- Find3M Report ---------------------------------------------------------------

2008-03-01 20:05:14 0 d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-02-15 13:32:01 0 d-------- C:\Program Files\Common Files
2008-02-15 13:30:20 0 d-------- C:\Program Files\Common Files\Logitech
2008-02-15 13:29:48 0 d-------- C:\Program Files\Logitech
2008-02-15 13:29:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-08 22:30:11 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-02-02 14:14:26 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-02-02 10:28:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-02-02 06:11:25 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-02-02 02:44:21 0 d-------- C:\Program Files\Realtek
2008-02-02 02:44:12 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-02-01 16:23:59 0 d-------- C:\Program Files\Yahoo!
2008-02-01 16:23:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-01 16:20:05 0 d-------- C:\Program Files\EA SPORTS
2008-02-01 16:18:21 0 d-------- C:\Program Files\Microsoft Games
2008-02-01 16:18:04 0 d-------- C:\Program Files\LimeWire
2008-02-01 16:17:53 0 d-------- C:\Program Files\GameSpy Arcade
2008-02-01 16:13:55 0 d-------- C:\Program Files\CLSetup07
2008-02-01 16:13:51 0 d-------- C:\Program Files\CLSetup06
2008-02-01 16:11:41 0 d-------- C:\Program Files\Brunswick Bowling
2008-02-01 16:10:51 0 d-------- C:\Program Files\Azureus
2007-12-05 01:41:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-12-05 01:41:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-12-05 01:41:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 01:41:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-12-05 01:41:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-12-05 01:41:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 01:41:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-12-05 01:41:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/19/2007 02:31 PM]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [06/03/2004 03:51 AM]
"@"="" []
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [10/21/2007 03:24 PM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [01/30/2007 09:54 PM C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 09:43 PM C:\WINDOWS\ALCMTR.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 03:32 PM C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 03:32 PM C:\WINDOWS\KHALMNPR.Exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [4/9/2003 6:21:38 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2/15/2008 1:30:08 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide
"SiteAdvisor"=C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
"SoundMan"=SOUNDMAN.EXE
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"SkyTel"=SkyTel.EXE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa24e53e-a32e-11da-b705-806d6172696f}]
AutoRun\command- D:\Setup\rsrc\autorun.exe
dinstall\command- D:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa24e53f-a32e-11da-b705-806d6172696f}]
AutoRun\command- E:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c018db8d-d6f9-11da-b7c9-000b06b20fa5}]
AutoRun\command- F:\vp3launch.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 localhost #***Inserted By STOPzilla***
127.0.0.1 2005-search.com # ***Inserted By STOPzilla***
127.0.0.1 600pics.com # ***Inserted By STOPzilla***
127.0.0.1 a1.interclick.com # ***Inserted By STOPzilla***
127.0.0.1 absolutepics.net # ***Inserted By STOPzilla***
127.0.0.1 ad.yieldmanager.com # ***Inserted By STOPzilla***
127.0.0.1 all-tgp.org # ***Inserted By STOPzilla***
127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
127.0.0.1 apps.deskwizz.com # ***Inserted By STOPzilla***
127.0.0.1 awmdabest.com # ***Inserted By STOPzilla***

7 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-03-04 05:04:19 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
CPU 1: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
CPU 2: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
CPU 3: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of Memory in Use: 17%
Physical Memory (total/avail): 2814.46 MiB / 2310.97 MiB
Pagefile Memory (total/avail): 4701.46 MiB / 4348.64 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.46 MiB

C: is Fixed (NTFS) - 186.3 GiB total, 153.38 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2000JS-00MHB0 - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 186.3 GiB - C:



-- Security Center -------------------------------------------------------------

Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: COMODO Firewall Pro v2.3.035 (COMODO)
AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\EA SPORTS\\Tiger Woods PGA TOUR 06\\bin\\TW2006.exe"="C:\\Program Files\\EA SPORTS\\Tiger Woods PGA TOUR 06\\bin\\TW2006.exe:*:Enabled:Tiger Woods PGA TOUR® 06"
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"="C:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe:*:Enabled:Halo"
"C:\\Program Files\\EA SPORTS\\NHL06\\nhl06.exe"="C:\\Program Files\\EA SPORTS\\NHL06\\nhl06.exe:*:Enabled:nhl06"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Brunswick Bowling\\Bowling.exe"="C:\\Program Files\\Brunswick Bowling\\Bowling.exe:*:Enabled:Bowling"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\ABC\\abc.exe"="C:\\Program Files\\ABC\\abc.exe:*:Enabled:abc"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Interplay\\Virtual Pool 3\\VP3.ICD"="C:\\Program Files\\Interplay\\Virtual Pool 3\\VP3.ICD:*:Enabled:Virtual Pool 3"
"C:\\Program Files\\EA SPORTS\\NASCAR SimRacing\\NASCAR SimRacing.exe"="C:\\Program Files\\EA SPORTS\\NASCAR SimRacing\\NASCAR SimRacing.exe:*:Enabled:NASCAR SimRacing"
"C:\\Program Files\\EA SPORTS\\MVP Baseball 2005\\mvp2005.exe"="C:\\Program Files\\EA SPORTS\\MVP Baseball 2005\\mvp2005.exe:*:Enabled:mvp2005"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Disabled:Windows Media Player"
"C:\\Program Files\\EA SPORTS\\NHL07\\nhl2007.exe"="C:\\Program Files\\EA SPORTS\\NHL07\\nhl2007.exe:*:Enabled:nhl2007"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\EA SPORTS\\Tiger Woods PGA TOUR 07\\bin\\TW2007_P.exe"="C:\\Program Files\\EA SPORTS\\Tiger Woods PGA TOUR 07\\bin\\TW2007_P.exe:*:Enabled:Tiger Woods PGA TOUR® 07"
"C:\\Program Files\\EA SPORTS\\Tiger Woods PGA TOUR 07\\bin\\TW2007.exe"="C:\\Program Files\\EA SPORTS\\Tiger Woods PGA TOUR 07\\bin\\TW2007.exe:*:Enabled:Tiger Woods PGA TOUR® 07"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo! Games\\Bejeweled 2 Deluxe\\WinBej2.exe"="C:\\Program Files\\Yahoo! Games\\Bejeweled 2 Deluxe\\WinBej2.exe:*:Enabled:Bejeweled2"
"C:\\Program Files\\Steam\\steamapps\\ltnick2k6\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\ltnick2k6\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\HOME
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\STOPzilla!
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=HOME
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
JENNY (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{47813E93-F2A0-484A-838E-47EC1B28D190}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVG Anti-Virus 7.1 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
COMODO Firewall Pro --> C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln
ContextTool --> C:\Program Files\ContextTool\uninstall.exe
Documents To Go --> MsiExec.exe /X{EB807EB6-5179-48B7-98D4-7B4934A57A81}
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EA Download Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
EA SPORTS online 2008 --> C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 1200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series --> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
Java DB 10.2.2.0 --> MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Development Kit 6 Update 3 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160030}
KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9242864-2841-4ADE-86E0-8F90F91B04DD}\setup.exe" -l0x9
Logitech Registration --> MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\4979\uninstall.exe
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348) --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NHL07 --> C:\Program Files\EA SPORTS\NHL07\EAUninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuide.exe UninstallGUI
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
oggcodecs 0.71.0946 --> C:\Program Files\illiminable\oggcodecs\uninst.exe
Palm --> MsiExec.exe /X{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x9 -removeonly REMOVE
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe"
Spam Bully 3 for Outlook 3.0.0.30 --> C:\Program Files\Axaware\Spam Bully 3 for Outlook\uninst.exe
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
TeamSpeak Overlay BETA 2 (#63) --> "C:\Program Files\TSO\uninstall.exe"
Tiger Woods PGA TOUR 08 --> C:\Program Files\EA Sports\Tiger Woods PGA TOUR 08\EAUninstall.exe
TuneUp Utilities 2006 --> MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type8508 / Error
Event Submitted/Written: 03/04/2008 02:08:36 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80072ee2, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Event Record #/Type8504 / Error
Event Submitted/Written: 03/03/2008 08:10:36 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application OUTLOOK.EXE, version 10.0.6822.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8489 / Error
Event Submitted/Written: 03/02/2008 05:42:01 AM
Event ID/Source: 0 /
Event Description:
1

Event Record #/Type8488 / Error
Event Submitted/Written: 03/02/2008 05:42:01 AM
Event ID/Source: 0 /
Event Description:
1

Event Record #/Type8487 / Error
Event Submitted/Written: 03/02/2008 05:42:01 AM
Event ID/Source: 0 /
Event Description:
1



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7243 / Error
Event Submitted/Written: 03/04/2008 00:00:46 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
szkg

Event Record #/Type7242 / Error
Event Submitted/Written: 03/04/2008 00:00:45 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The NTPort Library Driver service failed to start due to the following error:
%%2

Event Record #/Type7241 / Error
Event Submitted/Written: 03/04/2008 00:00:45 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Parallel port driver service failed to start due to the following error:
%%1058

Event Record #/Type7216 / Error
Event Submitted/Written: 03/03/2008 06:47:00 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
szkg

Event Record #/Type7215 / Error
Event Submitted/Written: 03/03/2008 06:47:00 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The NTPort Library Driver service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-03-04 05:04:19 ------------
jennick8707
Regular Member
 
Posts: 18
Joined: April 20th, 2007, 4:50 pm

Re: CPU powers on by itself

Unread postby jennick8707 » March 4th, 2008, 6:47 am

Scanner log

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2920 (20080304)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=d6cbf88245b4c040bd80f9bc5e74a8e8
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-03-04 10:45:10
# local_time=2008-03-04 05:45:10 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=285371
# found=1
# scan_time=1944
C:\Documents and Settings\JENNY\Local Settings\Temporary Internet Files\Content.IE5\PTBKS96N\popup1[1].htm HTML/TrojanClicker.Agent.F trojan 2D2D40106A925C8AA074CF7B9313B533
jennick8707
Regular Member
 
Posts: 18
Joined: April 20th, 2007, 4:50 pm

Re: CPU powers on by itself

Unread postby Elrond » March 4th, 2008, 3:30 pm

I am niot completely through with your logs. there is a lot of information in them.
However I would like to make some points and ask a question.

Use of P2P (Person to Person) file sharing programs

We have noticed an increasing number of people coming to us with infections contracted from the use of P2P programs.

Because of this, we felt we needed to introduce a policy on the persistent use of P2P file sharing programs.

    If your helper detects the presence of such programs on your computer he/she will advise you to remove them. We reserve the right to withdraw our help should you not agree to their removal.

    If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may also choose to withdraw our help.


We do not ask you to do this without reason.

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P program is not configured correctly you may be sharing more files than you realize. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/ ... eft_1.html

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You have the following P-2-P programs on your computer both of which are clean in themselfs but as said above are a major risk in spite of that fact.
LimeWire
Azureus

Neither seems to be active anymore but there are traces of them on the computer.

The following programs need updating to the latest version:
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Java(TM) 6 Update 3
Java(TM) SE Development Kit 6 Update 3

As it looks as you are quite knowlgable about computers i leave it for you to do so. If you need help with it I will do my best to help you.


What type of drives are D:, E:, and F:. It looks as if one of them is a CD/DVD drive that has some sort of disk in it, could well be a game. Please let me know because then I will know which drives I will have to do more research on.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: CPU powers on by itself

Unread postby jennick8707 » March 4th, 2008, 9:50 pm

Thanks sir. Azureus and Limewire were downloaded by one of my kids. I uninstalled them previously but as I look at the log it does appear there is still some trace of them. I will use tune up utilities and see if it removes the traces still in the registry.
D: DVD burner (Halo)
E: DVD Player
F: Removable stick which is not in the computer
jennick8707
Regular Member
 
Posts: 18
Joined: April 20th, 2007, 4:50 pm

Re: CPU powers on by itself

Unread postby jennick8707 » March 4th, 2008, 11:11 pm

Sir all the listed software below has been updated
The following programs need updating to the latest version:
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Java(TM) 6 Update 3
Java(TM) SE Development Kit 6 Update 3
jennick8707
Regular Member
 
Posts: 18
Joined: April 20th, 2007, 4:50 pm

Re: CPU powers on by itself

Unread postby jennick8707 » March 5th, 2008, 5:44 am

Sir, checked the bios this morning and found that the "Power on by alarm" was enabled. There was no time setting, however, it was 0 0 00. I wonder if that is Midnight. I disabled that function and saved.

Nick
jennick8707
Regular Member
 
Posts: 18
Joined: April 20th, 2007, 4:50 pm

Re: CPU powers on by itself

Unread postby Elrond » March 5th, 2008, 6:45 am

Excellent. That sounds as if it was the reason for the problem. 0:00:00 Is the 24 hour way of showing midnight. It looks as if the time is set to within a tenth of a second in this case. :D


There does not seem to be any malware on the computer of any importance and damage.
As long as the P-2-P programs are inactive they can do no damage. If they can be removed thru Tune-Up it is good but I will not start cleaning them out with any other methods. :)

There is however one thing you should check as it can give rise to serious problems. From the Deckard System Scan it seems that you are running both Comodo Firewal and Windows built in Firewall. IF that is the case please disable the Windows Firewall.
Go to Start > Control Panel > Windows Firewall
If On (Recommended) is marked and you have Comodo Firewall activated, then mark Off (Not Recommended).


Let's clear out the programmes we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.

  • Please download the OTMoveIt2 by OldTimer.
  • Double click OTMoveIt.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTMoveIt will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTMoveIt
  • Now delete OTMoveIt.exe (if still present)

Your computer now seems to be clean. Therefore please

  1. Set correct settings for files that should be hidden in Windows XP
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
    • If unchecked please checkHide protected operating system files (Recommended)
    • If necessary check "Display content of system folders"
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK

  2. Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download.

  3. As you are using Internet Explorer v. 7 please read and follow the recommendations at this site. http://surfthenetsafely.com/ieseczone8.htm

  4. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

  5. Update your Anti Virus Software - It is imperative that you update your Anti virus software at least a few times a week (Once a day is a good idea). If you do not update your anti virus software it will not be able to catch new variants that come out.

  6. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Windows Firewall is not recommended.
    Be restrictive with granting access to the Internet. If you are unsure if the program really needs the access, test it by denying the access and see if this has any negative effects. If not, make the block permanent.

  7. Never run two Antivirus programs or two Firewalls at the same time. They can interfere with each other and cause problems.

  8. Visit Microsoft's Windows Update Site Frequently or better yet set computer for automatic updates.

  9. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

  10. Read and follow the suggestions given at this web site by Miekiemoes http://users.telenet.be/bluepatchy/miek ... ntion.html that will give you more information on some of the points above.

  11. Please check out Tony Klein's article "How did I get infected in the first place?"


Follow this list and your potential for being infected again will reduce dramatically.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: CPU powers on by itself

Unread postby jennick8707 » March 5th, 2008, 9:39 pm

Thanks sir. I have completed all the tasks you provided. I will post in the morning, hopefully my CPU will not be on when I get up.

Thanks
Nick
jennick8707
Regular Member
 
Posts: 18
Joined: April 20th, 2007, 4:50 pm

Re: CPU powers on by itself

Unread postby jennick8707 » March 6th, 2008, 5:43 am

I am happy to inform that my CPU was off this morning. Thanks for all the help.

Nick
jennick8707
Regular Member
 
Posts: 18
Joined: April 20th, 2007, 4:50 pm

Re: CPU powers on by itself

Unread postby Elrond » March 6th, 2008, 5:58 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 63 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware