RetouchPRO

Go Back   RetouchPRO > Community > Salon
Register Blogs FAQ Site Nav Search Today's Posts Mark Forums Read


Salon Just hanging around...
(Social area, where non-retouching talk is encouraged)

System Restore Help needed

Reply
 
Thread Tools
  #1  
Old 05-28-2006, 04:13 PM
Peter S's Avatar
Peter S Peter S is offline
Senior Member
 
Join Date: Nov 2004
Location: UK
Posts: 2,142
System Restore Help needed

Alittle while ago the date on my computer was changed (kid not knowing what was going on??) the problems caused where horrendous. (50 years added)
I eventually sorted that out, but since then system restore no longer works.
Usually you get a calendar to select a restore point but all I get is a message stating no restore points for this date???? (no calendar showing at all!)
Does anyone know how to restore my system restore, or does it mean a reinstall of windows etc..
Reply With Quote top
  #2  
Old 05-28-2006, 10:34 PM
Littlecoo's Avatar
Littlecoo Littlecoo is offline
Senior Member
Patron
 
Join Date: May 2006
Location: Brisbane, Australia
Posts: 344
If you don't mind starting system restore from afresh, you could try uninstalling/reinstalling the system restore component after deleteing/resetting it's cache (I hope you weren't relying on the restore points therein because this will delete them all...ouch!) I can't think of a better solution for this that doesn't require a lot of blood, sweat 'n tears. If your system is running ok at the moment this may be best and easiest option anyway...best of luck
oh btw...was this just in windows? or your BIOS? Hehehe...take away that Kid's administrative priveledges and asign him his own user profile
Reply With Quote top
  #3  
Old 05-29-2006, 01:32 AM
Gary Richardson's Avatar
Gary Richardson Gary Richardson is offline
Senior Member
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Could be caused by infected/corrupted files within System Restore.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to clean the restore points.
  • Turn off System Restore.
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
  • Reboot.
  • Turn ON System Restore.
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • UN-Check *Turn off System Restore*.
    • Click Apply, and then click OK.

If this doesn't work, your computer may be infected with Malware. Post a HJT log and I'll have a look at it and let you know.

Download Hijack This to a location on your computer where you can find it. We recommend you create a New Folder C:\Hijack This

It is important you unzip it into this folder for the following reasons.
  • If you run it from its Zip File, the program cannot create backups, which may be needed if mistakes are made.
  • If you put it in a Temp File, HJT and the backups may get deleted if we need to clear out your Temp Files as part of the cure.
Once it is located, Navigate to the folder using Windows Explorer or My Computer, and double click on HijackThis.exe..
  • When its opened for the first time you'll get a startup screen.
    • Click on Don't show this frame again when I start Hijack This.
    • Now click on None of the above just start the program.
    • Before your first scan, we need to check the configuration.

      Click on the Config button in the bottom right hand corner and confirm the following are checked.
      • Make backups before fixing items.
      • Confirm fixing & ignoring of items (safe mode).
      • Include list of running processes in logfiles.
      The other items should be unchecked.
  • Click the Back button to return to the Scan page.
  • Click on the Scan button, and wait for the scan to finish (this may take some time depending on the number of items in your log).
  • When finished the Scan button will turn to a Save Log button, click on this and save the log (by default to the same folder that HijackThis.exe is in).
To paste it into a Forum, do the following.
  • Navigate to your Hijack This folder.
  • Double click on the hijackthis.log file, a text document will now be open on your screen.
  • Click on Edit/ Select All, then Edit/Copy.
  • Open the Posting Screen on the Forum.
  • Right click in the screen, and click on Paste. The text should now be in the message.
  • Press Submit.

Last edited by Gary Richardson; 05-29-2006 at 01:38 AM.
Reply With Quote top
  #4  
Old 05-29-2006, 04:16 PM
Peter S's Avatar
Peter S Peter S is offline
Senior Member
 
Join Date: Nov 2004
Location: UK
Posts: 2,142
Gary
Thanks for the quick response.
I tried reseting Restore to off then back to on, no luck there. I have not yet tried removing it from windows components (yet?).

I have done a virus check with my scanner and with Trend on line scanner nothing found?
I have got Adaware it found nothing but some tracking cookies.

Below should be the Hijack log for you.

Thnk you for your time on this

Peter

Logfile of HijackThis v1.99.1
Scan saved at 22:08:40, on 29/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\system32\ctfmon.exe
F:\PopUp Killer\PopUpKiller.EXE
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
F:\Fine pix viewer\QuickDCF.exe
F:\Program Files\MS office\Office10\msoffice.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.btinternet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by US
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - F:\ReGetDx\iebar.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [PopUpKiller] F:\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = F:\Fine pix viewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\MS office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\PROGRA~1\COMMON~1\REGETS~1\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\PROGRA~1\COMMON~1\REGETS~1\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - f:\program files\ms office\office\excel.exe
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O9 - Extra button: Microsoft® JavaScript® Console - {EC6DEC2D-3343-4A37-B527-520BCF3D16BD} - C:\WINDOWS\System32\comdlg32.ocx (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {EC6DEC2D-3343-4A37-B527-520BCF3D16BD} - C:\WINDOWS\System32\comdlg32.ocx (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.btinternet.com/
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/ado...nailFrame.html
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (FrontdoorFD Profile Manager Class) - https://internetbankingplus2.firstdi...rontdoorFD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120688334346
O18 - Protocol: stibo - {FFAD3420-6D61-44F6-BA25-293F17152D79} - C:\Program Files\Common Files\Stibo\RS_ProtocolHandler.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
Reply With Quote top
  #5  
Old 05-29-2006, 07:53 PM
Swampy's Avatar
Swampy Swampy is offline
Senior Member
 
Join Date: Feb 2005
Location: The Swamps of Florida
Posts: 4,418
When's the last time you changed your PRAM battery? This battery maintains your clock while the computer is turned off. Usually Lithium and easy to locate inside your computer case. There are different voltages available so pull yours and check it before you replace it. You should then just be able to reset your time control panel and be running smooth again. There may be a few minor things that will get "lost" while you are without a battery such as mouse speed setting, screen resolution etc. but they are also easy enuf to restore through the control panels.
Reply With Quote top
  #6  
Old 05-30-2006, 08:53 AM
Gary Richardson's Avatar
Gary Richardson Gary Richardson is offline
Senior Member
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Hi Peter,

Sorry I'm a bit slow getting back to you, I got a bit tied up.

OK, there's a few things on your log that need removing, but nothing that would be likely to cause the problems you have.

You'll have to disable Ad Aware's Adwatch, as it will replace anything you remove with HJT.
To Disable AdWatch
  • Open AdAware SE.
  • Go to AdWatch User Interface.
  • Go to Tools and Preferences.
  • At the bottom of the screen you will see 2 options Active and Automatic.
  • Active: This will turn Ad-Watch On\Off without closing it.
  • Automatic: Suspicious activity will be blocked automatically.
  • Uncheck both options.

Similarly you'll have to turn of Spybot S&D Teatimer.
To disable Spybot S&D TeaTimer
  • Run Spybot-S&D
  • Go to the Mode menu, and make sure Advanced Mode is selected.
  • On the left hand side, choose Tools -> Resident
  • Uncheck Resident TeaTimer and OK any prompts.
  • Restart your computer.

Download ATF Cleaner by Atribune and save it to your Desktop. (This is just a program for cleaning out your temp files).

Now run a scan with HJT, and check the following items for removal.

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/ad...bnailFrame.html



Close all windows except for the HJT window, and click the Fix Checked button.

Exit out of HijackThis.

Next we need to delete your Temporary Files.
  • Double click ATF-Cleaner.exe to run the program.
  • Check the following boxes:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch
    • Recycle Bin
    • Java Cache
  • The rest are optional - if you want to remove the lot, check Select All.
  • Now click Empty Selected.
  • When you get the Done Cleaning message, click OK.
  • If you use Firefox browser.
    • Click Firefox at the top and choose: Select All
    • If you would like to keep your saved passwords, please click No at the prompt.
    • Click the Empty Selected button.
  • If you use Opera browser.
    • Click Opera at the top and choose: Select All
    • If you would like to keep your saved passwords, please click No at the prompt.
    • Click the Empty Selected button.

Reboot, please.

Please download ewido anti-malware it is a free version of the program.
  • Install ewido anti-malware.
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be a big orange e icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click Update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed
    the status bar at the bottom will display ("Update successful").
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on Scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Check make encrypted backups.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report.txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.

Now can you send me the Ewido log and a new HJT log please.

Don't forget to re-enable Adwatch and Teatimer.

Finally, just a bit of info. System Restore needs at least 200M of disk space, if this is not available, XP will shut off System Restore. So check your disk space, (I once ran a filter by error on a large image which created an enormous temp file that wasn't removed after the filter had run, caused havoc with my system before I realised what the problem was and deleted the file).

Last edited by Gary Richardson; 05-30-2006 at 09:20 AM.
Reply With Quote top
  #7  
Old 05-30-2006, 05:17 PM
Peter S's Avatar
Peter S Peter S is offline
Senior Member
 
Join Date: Nov 2004
Location: UK
Posts: 2,142
Quote:
Finally, just a bit of info. System Restore needs at least 200M of disk space, if this is not available, XP will shut off System Restore. So check your disk space, (I once ran a filter by error on a large image which created an enormous temp file that wasn't removed after the filter had run, caused havoc with my system before I realised what the problem was and deleted the file).
Gary have sent you the logs in a PM.

BTW I have got way more than 200M of free disk space, so thats not my prob, also System Restore does not appear as a Windows component that can be removed and then reinstalled. I think it must be an intergral part of XP, and can only be disabled or enabled as part of the core system!!!

I think I may have to look for a different method to restore in future???

Reply With Quote top
  #8  
Old 05-31-2006, 02:39 AM
Gary Richardson's Avatar
Gary Richardson Gary Richardson is offline
Senior Member
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Hi Peter,

Don't appear to have any PMs at the moment. As the logs are likely to be long, they probably exceeded the PM limit, this may have caused problems.

Found this page at M$, which seems to relate to your problem. Any problems with it and I'll be glad to help.

http://support.microsoft.com/default...;EN-US;q313853

Last edited by Gary Richardson; 05-31-2006 at 02:56 AM.
Reply With Quote top
  #9  
Old 05-31-2006, 10:20 AM
Peter S's Avatar
Peter S Peter S is offline
Senior Member
 
Join Date: Nov 2004
Location: UK
Posts: 2,142
Gary

Thanks for the link to MS that has solved my problem. I sholud have searched there mself but just did not think

Let me know if you do not recieve the logs and I will re send them seprately to you.

Once again Thanks
Reply With Quote top
  #10  
Old 05-31-2006, 03:33 PM
Peter S's Avatar
Peter S Peter S is offline
Senior Member
 
Join Date: Nov 2004
Location: UK
Posts: 2,142
Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 21:39:01, on 30/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
F:\PopUp Killer\PopUpKiller.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\WINDOWS\System32\dmadmin.exe
F:\Fine pix viewer\QuickDCF.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
F:\Program Files\MS office\Office10\msoffice.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\system32\wuauclt.exe
F:\Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.btinternet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by US
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - F:\ReGetDx\iebar.dll
O4 - HKLM\..\Run: [PopUpKiller] F:\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = F:\Fine pix viewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\MS office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\PROGRA~1\COMMON~1\REGETS~1\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\PROGRA~1\COMMON~1\REGETS~1\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - f:\program files\ms office\office\excel.exe
O9 - Extra button: Microsoft® JavaScript® Console - {EC6DEC2D-3343-4A37-B527-520BCF3D16BD} - C:\WINDOWS\System32\comdlg32.ocx (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {EC6DEC2D-3343-4A37-B527-520BCF3D16BD} - C:\WINDOWS\System32\comdlg32.ocx (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.btinternet.com/
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (FrontdoorFD Profile Manager Class) - https://internetbankingplus2.firstdi...rontdoorFD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120688334346
O18 - Protocol: stibo - {FFAD3420-6D61-44F6-BA25-293F17152D79} - C:\Program Files\Common Files\Stibo\RS_ProtocolHandler.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
Reply With Quote top
Reply

  RetouchPRO > Community > Salon


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Gary - I need your help please! Syd Hardware 36 02-12-2007 12:43 PM
Thank God for System Restore! Craig Walters Software 35 11-24-2006 09:45 AM
Continuous Ink System for Epson HP Canon ieciss Classifieds 2 07-20-2006 08:16 AM
Two days of hell ... trojan horse probs Craig Walters Software 34 04-16-2006 10:15 AM
Virus , Posting for Help and Direction nebgranny Hardware 77 12-01-2005 03:34 PM


All times are GMT -6. The time now is 02:03 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
Copyright © 2016 Doug Nelson. All Rights Reserved