Free Malware Removal Forum

[Hiwatt]

Hi folks,every time I boot up my computer my system restore points have gone.I done an online scan and it said my computer is infected with Adware MEMWATCHER.I would really appreciate your help here to return my computer to normal.Many thanks.

[MWR 3 day Mod]

Hi, Hiwatt

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

[Carolyn]

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please reply to this thread, do not start another.
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

As I am still in training, everything that I post to you must be checked by one of the teachers. Thus, there may be a bit of a delay between posts, but it shouldn't be too long.

If you follow these instructions, everything should go smoothly.


Download and Run HijackThis
Download HJTInstall.exe to your Desktop.

• Doubleclick HJTInstall.exe to install it.
  
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
  
• Click on Install.
  
• It will create a HijackThis icon on the desktop.
  
• Once installed, it will launch Hijackthis.
  
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  
• Copy/Paste the log to your next reply please.
  

Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.

[Hiwatt]

Hi there,thanks for helping me with my computer problems.Here are the logs you asked for.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:02, on 16/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/r ... ey=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 5169 bytes

Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Shockwave Player
a-squared Anti-Malware 3.5
AusLogics Disk Defrag
AusLogics Registry Defrag
AVG 7.5
Browser Address Error Redirector
CCleaner (remove only)
Creator 9
Flash Player plugins 9
Google BAE
Google Desktop
GoogleDesktop
GoogleToolbar
HDReg
HijackThis 2.0.2
Infocentre Rev. 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Works
Microsoft Works 8.5
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
NVIDIA Drivers
Packard Bell - Skype 2.5
Packard Bell Updator
Realtek HD Audio V6.0.1.5322
Realtek High Definition Audio Driver
Roxio Creator 9 LE
RTC Client API v1.2
SetUp My PC
Shockwave player 10
Skype 2.5.2.151
Spybot - Search & Destroy
SpywareBlaster 4.0
Video NVIDIA v97.46
Viewpoint Media Player
Winamp
WinASO Registry Optimizer 3.2

[Carolyn]

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):

1. Click Start, Control Panel > Programs and Features..
   
2. Highlight Viewpoint Manager or Viewpoint Media Player , click Remove.
   
3. Do the same for each Viewpoint component.

Please verify that System Restore is Turned on:
Turn ON System Restore-Vista

• Click the Vista/Start icon
  
• Right Click >> Computer
  
• Click Properties.
  
• Click the System Protection tab.
  
• Checkmark All drives then click "Apply".
  

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
   
2. Right click on dss.exe and select Run as administrator, then follow the prompts.
   
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
   
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.
   

Run Kaspersky Online AV Scanner
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

• Read the Requirements and limitations before you click Accept.
  
• Allow the ActiveX download if necessary.
  
• Once the database has downloaded, click Next.
  
• Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  
• Click on "My Computer" and then put the kettle on!
  
• When the scan has completed, click Save Report As...
  
• Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  
• Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
  

Copy and paste the report into your next reply along with a description of how your PC is behaving.

Please post the following:

• The contents of main.txt
• The contents of extra.txt
• The Kaspersky report
• A description of how your computer is behaving.

[Hiwatt]

Hi there,thanks for your reply.I've uninstalled viewpoint media.I see that you want me to have system restore enabled before I run deckards system scanner but one of the problems I'm having is that every time I reboot the computer system restore has no SR points availiable.I'm able to create them manually and the computer creates them too but as soon as I reboot system restore deletes all restore points.Please advise as to what to do next.Will I carry on with DSS scanner anyway?Thankyou.

[Carolyn]

Yes, please scan with DSS and Kaspersky. Post the three logs when available.

[Hiwatt]

Hi there.Here are the DSS scans,I will run kaspersky now and post back the results.Thankyou.
Deckard's System Scanner v20071014.68
Run by liz on 2008-05-18 14:44:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 1 Restore Point(s) --
1: 2008-05-18 09:49:44 UTC - RP65 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 766 MiB (1024 MiB recommended).


-- HijackThis (run as liz.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:45:20, on 18/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\liz.paul-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVL0E3GT\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\liz.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/r ... ey=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 5158 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB CF Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#
Manufacturer: Generic
Name: USB CF Reader
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#
Service: WUDFRd


-- Scheduled Tasks -------------------------------------------------------------

2008-05-18 14:30:00 336 --a------ C:\Windows\Tasks\Recovery DVD Creator.job


-- Files created between 2008-04-18 and 2008-05-18 -----------------------------

2008-05-16 18:15:30 0 d-------- C:\Program Files\Trend Micro
2008-05-10 17:43:43 0 d-------- C:\Program Files\a-squared Anti-Malware
2008-05-10 14:25:21 0 d-------- C:\Windows\system32\HouseCall 6.6
2008-05-10 13:48:21 0 d-------- C:\Users\liz.paul-PC\.housecall6.6
2008-05-10 13:39:13 0 d-------- C:\Windows\Sun
2008-05-09 17:56:55 0 dr------- C:\Users\Paul\Searches
2008-05-09 17:56:43 0 dr------- C:\Users\Paul\Contacts
2008-05-09 17:56:36 0 dr------- C:\Users\Paul\Videos
2008-05-09 17:56:36 0 d--hs---- C:\Users\Paul\Templates
2008-05-09 17:56:36 0 d--hs---- C:\Users\Paul\Start Menu
2008-05-09 17:56:36 0 d--hs---- C:\Users\Paul\SendTo
2008-05-09 17:56:36 0 dr------- C:\Users\Paul\Saved Games
2008-05-09 17:56:36 0 d--hs---- C:\Users\Paul\Recent
2008-05-09 17:56:36 0 d--hs---- C:\Users\Paul\PrintHood
2008-05-09 17:56:36 0 dr------- C:\Users\Paul\Pictures
2008-05-09 17:56:36 1835008 --ahs---- C:\Users\Paul\NTUSER.DAT
2008-05-09 17:56:36 0 d--hs---- C:\Users\Paul\NetHood
2008-05-09 17:56:36 0 d--hs---- C:\Users\Paul\My Documents
2008-05-09 17:56:36 0 dr------- C:\Users\Paul\Music
2008-05-09 17:56:36 0 d--hs---- C:\Users\Paul\Local Settings
2008-05-09 17:56:36 0 dr------- C:\Users\Paul\Links
2008-05-09 17:56:36 0 dr------- C:\Users\Paul\Favorites
2008-05-09 17:56:36 0 dr------- C:\Users\Paul\Downloads
2008-05-09 17:56:36 0 dr------- C:\Users\Paul\Documents
2008-05-09 17:56:36 0 dr------- C:\Users\Paul\Desktop
2008-05-09 17:56:36 0 d--hs---- C:\Users\Paul\Cookies
2008-05-09 17:56:36 0 d--hs---- C:\Users\Paul\Application Data
2008-05-09 17:56:36 0 d--h----- C:\Users\Paul\AppData
2008-05-08 21:22:46 0 --a------ C:\Users\liz.paul-PC\vssadmin
2008-05-03 17:26:49 0 d-------- C:\Program Files\Auslogics
2008-04-25 17:20:37 0 d-------- C:\Program Files\Winamp
2008-04-24 19:05:27 0 d-------- C:\Program Files\uTorrent
2008-04-24 18:34:43 118784 --a------ C:\Windows\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-04-23 23:52:44 3636 --a------ C:\Windows\system32\drivers\nvphy.bin
2008-04-23 20:27:42 0 d-------- C:\Windows\SoftwareDistribution
2008-04-23 20:06:00 0 dr------- C:\Users\liz.paul-PC\Searches
2008-04-23 20:05:45 0 dr------- C:\Users\liz.paul-PC\Contacts
2008-04-23 20:02:09 0 d--hs---- C:\Users\liz.paul-PC\Templates
2008-04-23 20:02:09 0 d--hs---- C:\Users\liz.paul-PC\Start Menu
2008-04-23 20:02:09 0 d--hs---- C:\Users\liz.paul-PC\SendTo
2008-04-23 20:02:09 0 d--hs---- C:\Users\liz.paul-PC\Recent
2008-04-23 20:02:09 0 d--hs---- C:\Users\liz.paul-PC\PrintHood
2008-04-23 20:02:09 0 d--hs---- C:\Users\liz.paul-PC\NetHood
2008-04-23 20:02:09 0 d--hs---- C:\Users\liz.paul-PC\My Documents
2008-04-23 20:02:09 0 d--hs---- C:\Users\liz.paul-PC\Local Settings
2008-04-23 20:02:09 0 d--hs---- C:\Users\liz.paul-PC\Cookies
2008-04-23 20:02:09 0 d--hs---- C:\Users\liz.paul-PC\Application Data
2008-04-23 20:02:08 0 dr------- C:\Users\liz.paul-PC\Videos
2008-04-23 20:02:08 0 dr------- C:\Users\liz.paul-PC\Saved Games
2008-04-23 20:02:08 0 dr------- C:\Users\liz.paul-PC\Pictures
2008-04-23 20:02:08 2621440 --a------ C:\Users\liz.paul-PC\NTUSER.DAT
2008-04-23 20:02:08 0 dr------- C:\Users\liz.paul-PC\Music
2008-04-23 20:02:08 0 dr------- C:\Users\liz.paul-PC\Links
2008-04-23 20:02:08 0 dr------- C:\Users\liz.paul-PC\Favorites
2008-04-23 20:02:08 0 dr------- C:\Users\liz.paul-PC\Downloads
2008-04-23 20:02:08 0 dr------- C:\Users\liz.paul-PC\Documents
2008-04-23 20:02:08 0 dr------- C:\Users\liz.paul-PC\Desktop
2008-04-23 20:02:08 0 d--h----- C:\Users\liz.paul-PC\AppData
2008-04-20 19:20:38 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-04-20 14:22:22 0 d-------- C:\Users\All Users\Avg7


-- Find3M Report ---------------------------------------------------------------

2008-05-18 14:43:14 0 d-------- C:\Users\liz.paul-PC\AppData\Roaming\uTorrent
2008-05-17 14:17:58 0 d-------- C:\Program Files\SpywareBlaster
2008-05-13 18:24:50 0 d-------- C:\Program Files\Windows Mail
2008-05-11 21:21:57 0 d-------- C:\Users\liz.paul-PC\AppData\Roaming\Packard Bell
2008-05-05 18:56:44 0 d-------- C:\Users\liz.paul-PC\AppData\Roaming\AVG7
2008-05-03 17:33:52 0 d-------- C:\Users\liz.paul-PC\AppData\Roaming\Auslogics
2008-05-03 16:21:19 0 d-------- C:\Program Files\WinASO
2008-05-01 16:27:14 0 d-------- C:\Users\liz.paul-PC\AppData\Roaming\Roxio
2008-04-26 09:49:40 174 --ahs---- C:\Program Files\desktop.ini
2008-04-26 09:40:55 0 d-------- C:\Program Files\Windows Calendar
2008-04-26 09:40:54 0 d-------- C:\Program Files\Windows Sidebar
2008-04-26 09:40:54 0 d-------- C:\Program Files\Movie Maker
2008-04-26 09:40:50 0 d-------- C:\Program Files\Windows Journal
2008-04-26 09:40:49 0 d-------- C:\Program Files\Windows Photo Gallery
2008-04-26 09:40:41 0 d-------- C:\Program Files\Windows Defender
2008-04-25 17:26:08 0 d-------- C:\Users\liz.paul-PC\AppData\Roaming\Macromedia
2008-04-25 17:26:07 0 d-------- C:\Users\liz.paul-PC\AppData\Roaming\Adobe
2008-04-25 17:21:39 0 d-------- C:\Users\liz.paul-PC\AppData\Roaming\Winamp
2008-04-24 13:17:07 0 d-------- C:\Program Files\Common Files
2008-04-24 04:55:15 0 d-------- C:\Program Files\HDReg
2008-04-23 22:04:34 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-23 22:04:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-23 21:57:23 0 d-------- C:\Program Files\Google
2008-04-23 21:49:13 0 d-------- C:\Users\liz.paul-PC\AppData\Roaming\Google
2008-04-23 20:05:47 0 d-------- C:\Users\liz.paul-PC\AppData\Roaming\Identities


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [12/09/2007 05:28]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [12/09/2007 05:28]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [12/09/2007 05:28]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [20/04/2008 14:39]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 08:38]
"RtHDVCpl"="RtHDVCpl.exe" [09/11/2006 10:57 C:\Windows\RtHDVCpl.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 08:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 23/04/2008 23:54 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
"C:\Program Files\a-squared Anti-Malware\a2guard.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com
127.0.0.1 http://www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 http://www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 http://www.100sexlinks.com

8378 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-18 14:47:17 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3800+
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 765.82 MiB / 270.71 MiB
Pagefile Memory (total/avail): 1796.25 MiB / 983.37 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1905.27 MiB

C: is Fixed (NTFS) - 141.04 GiB total, 105.48 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST316021 2AS SCSI Disk Device - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 8.01 GiB
\PARTITION1 (bootable) - Installable File System - 141.04 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

AV: AVG 7.5.524 v7.5.524 (Grisoft)
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\liz.paul-PC\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LIZ-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HKCU_S=\REGISTRY\CUSER\Software
HKLM_S=\REGISTRY\MACHINE\Software
HOMEDRIVE=C:
HOMEPATH=\Users\liz.paul-PC
LOCALAPPDATA=C:\Users\liz.paul-PC\AppData\Local
LOGONSERVER=\\LIZ-PC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 95 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=5f02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\LIZ~1.PAU\AppData\Local\Temp
TMP=C:\Users\LIZ~1.PAU\AppData\Local\Temp
USERDOMAIN=LIZ-PC
USERNAME=liz
USERPROFILE=C:\Users\liz.paul-PC
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

liz.paul-PC (admin)
Paul


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
--> MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
--> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
--> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
--> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
--> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
a-squared Anti-Malware 3.5 --> "C:\Program Files\a-squared Anti-Malware\unins000.exe"
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{685A56F8-75B6-44AD-B3DA-FB0A3266B47C}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> MsiExec.exe /X{A7DB362E-16DC-4E29-8A34-E74381E00B5B}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AusLogics Disk Defrag --> "C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
AusLogics Registry Defrag --> "C:\Program Files\Auslogics\AusLogics Registry Defrag\unins000.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Browser Address Error Redirector --> regsvr32 /u /s "C:\Program Files\Google\Google_BAE\BAE.dll"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Creator 9 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *CREATOR9*
Flash Player plugins 9 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Flashplayer*
Google BAE --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleBAE*
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
GoogleDesktop --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleDesktop*
GoogleToolbar --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleToolbar*
HDReg --> MsiExec.exe /I{AB7032FF-AFED-4C58-AA5C-8473B273793A}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Infocentre Rev. 2.0 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre*
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft Works 8.5 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *MSWorks85*
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NVIDIA Drivers --> C:\Windows\system32\nvunrm.exe UninstallGUI
Packard Bell - Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe"
Packard Bell Updator --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator*
Realtek HD Audio V6.0.1.5322 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AUDIO_REALTEK*
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Roxio Creator 9 LE --> MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
RTC Client API v1.2 --> MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
SetUp My PC --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SETUPMYPC_GB*
Shockwave player 10 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Shockwave*
Skype 2.5.2.151 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SKYPE*
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Video NVIDIA v97.46 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *VIDEO_NVIDIA*
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
WinASO Registry Optimizer 3.2 --> "C:\Program Files\WinASO\Registry Optimizer 3.2\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type2562 / Success
Event Submitted/Written: 05/18/2008 10:19:59 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type2555 / Success
Event Submitted/Written: 05/18/2008 10:19:42 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type2554 / Success
Event Submitted/Written: 05/18/2008 10:19:40 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type2533 / Success
Event Submitted/Written: 05/17/2008 05:15:32 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type2526 / Success
Event Submitted/Written: 05/17/2008 05:15:18 PM
Event ID/Source: 5617 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type24695 / Warning
Event Submitted/Written: 05/18/2008 02:42:16 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type24689 / Warning
Event Submitted/Written: 05/18/2008 00:34:03 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type24687 / Warning
Event Submitted/Written: 05/18/2008 11:30:01 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type24680 / Warning
Event Submitted/Written: 05/18/2008 10:53:03 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type24676 / Warning
Event Submitted/Written: 05/18/2008 10:36:58 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-05-18 14:47:17 ------------

[Hiwatt]

Hi there,I done the kaspersky scan.There was no option to save the report but there was no infections,or no viruses found.There was 0 items found.The computer is behaving ok apart from system restore deleting all restore points every time the computer reboots.Any further help is much appreciated.Thankyou.

[Carolyn]

The good news is that I am not seeing any signs of malware on your computer.

As this is a computer troubleshooting issue, not a malware issue, I suggest you use the following link to go to the CastleCops General Computer Problems forum for help from a CastleCops SRT...

http://www.castlecops.com/f120-General_ ... blems.html

I recommend that you register before posting your problem. Registered members can receive notification when there has been a reply to their topic. There is no way for CCSP to notify "guests" when they have received a reply.

[Hiwatt]

Hi there.Ok I'll do that thankyou.Did you see anything(not malware related)that could be causing the problem with system restore in the logs I posted?Thanks.

[Carolyn]

Did you see anything(not malware related)that could be causing the problem with system restore in the logs I posted?

No I did not. Disk space is not the issue and you are not set up to dual boot with XP, so that is not it either. There was a system restore point identified by Deckard's System Scanner (DSS), so I know one can be created. Normally DSS creates it's own restore point as well, but it did not appear to do so. The rest of DSS ran fine, so I do not think anything is interfered with DSS.

[NonSuch]

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.