# System instability



## Brian.Morin (Feb 9, 2010)

Hi everyone. Matt informed me that I should post this exception post here. 

I get this message when trying to install Glary Utilities:

Error creating registry key:
HKEY_CLASSES_ROOT\.gfe

RegCreateKeyEx failed; code 5.
Access is denied.
______________________________________________________

Process Explorer, from MSN, does not install at all. No error message. 

_____________________________________________________

Another error message I recieve quite often, sometimes when I open Firefox, and right now I am opening a .chm file. Multipal windows open up stating:

Internet Exlorer Script Error
An error has occurred in the script on this page. 

Line: 
Char:
Error:
Code: 
URL:

Do you want to continue running scripts on this page?

Yes │ No

___________________________________________________________
Error is: Once I had installed a game and the interface for BigFish Games I was unable to do searches and restore point interface was unavailable. As well I 
recieved the same messate as the previous exception report, just above, on this page. I no long recieve this message but until I invoke "regsvr32 jscript.dll" in the 
run window, I can't access these features. 

Running the "regsvr32 jscript.dll" can only be done on my settings, not on my wifes settings. Go figure... 
_____________________________________________________________

I often get this error message, when opening widows explorer: A script on this page may be busy, or it may have stopped respondiing. You can stop the script now, 
or you can continue to see if the script will complete. 

Script: chrome://historysubmenus/content/historysubmenus.js:479

□ Don't ask me again

Stop script │ Continue
_____________________________________________________________


What have I done about it:

I have run Malwarebytes and Hijackthis at this time: 16:43 02/03/2010

I have the logs available if ever needed. 

Thanks
bri


----------



## Matt197 (Dec 27, 2006)

Hi Brian,

To start of with we need to find out what we are dealing with.

*Step One: Scan for malware.*


Open Malwarebytes' Anti-Malware
Click the "Update" tab
Once updated click the "Scanner" tab
Select Perform quick scan, then click Scan
When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Copy the log file into your next reply

*Step Two: Remove unwanted files*


Donload CCleaner from HERE
When installing CCleaner make sure you un-tick "Install yahoo toolbar"
Once installed open CCleaner
In the bottom right corner click "Run Cleaner" then "OK"
Once complete click the "Registry" tab to the left
Then click "Scan for Issues" 
Once it has found a list of problem make sure they all have a tick next to them and click "Fix Selected Issues"
You will then be asked if you would like to make a backup, click *YES* and save the back up to your C:\ folder.

*Step Three: Reboot and test*

Restart your computer and test your system to see how it's working and post the above logs.


----------



## Brian.Morin (Feb 9, 2010)

Matt, this is part one. And thank you very much for your guidance. Part two will be posted right after the scan is done... - bri

Malwarebytes' Anti-Malware 1.44
Database version: 3824
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

04/03/2010 11:56:46
mbam-log-2010-03-04 (11-56-46).txt

Scan type: Quick Scan
Objects scanned: 196529
Time elapsed: 10 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## Brian.Morin (Feb 9, 2010)

This completes the instructions that you have given me, to date.

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.cs]
@="csfile"

[HKEY_CLASSES_ROOT\.prexport]
@="Adobe.Premiere.Preset"

[HKEY_CLASSES_ROOT\.prfpset]
@="Adobe.Premiere.Preset"

[HKEY_CLASSES_ROOT\.prpreset]
@="Adobe.Premiere.Preset"

[HKEY_CLASSES_ROOT\.prsl]
@="Adobe.Premiere.Style"

[HKEY_CLASSES_ROOT\.vpr]
@="Adobe.Premiere.Preset"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.8bf]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.8bf\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apl]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apl\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apl\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ase]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ase\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cin]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cin\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CVP]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CVP\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc#]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc#\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dpx]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dpx\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.email]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.email\OpenWithList]
"a"="thunderbird.exe"
"MRUList"="a"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exr\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fido]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fido\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.grd]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.grd\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icb]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icb\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.img]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.img\OpenWithList]
"a"="msr2.exe"
"MRUList"="a"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.INT]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.INT\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.INT\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.LCK]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.LCK\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.message]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.message\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.message\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MET]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MET\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MET\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mfl]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mfl\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mfl\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mnu]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mnu\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NOW]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NOW\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NOW\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.obd]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.obd\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.obt]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.obt\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pai]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pai\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdd]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdd\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdp]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdp\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psb]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psb\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pxr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pxr\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.r30]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.r30\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdpx]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdpx\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfv]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfv\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shh]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shh\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sta]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sta\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SVD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SVD\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SVD\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.user-words]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.user-words\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.usr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.usr\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.usr\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vda]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vda\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vst]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vst\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x3d]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x3d\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x3f]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x3f\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpi]
"Application"="netscape.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpi\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpi\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zdl]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zdl\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zdl\OpenWithProgids]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zdp]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zdp\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zdp\OpenWithProgids]

[HKEY_CLASSES_ROOT\Adobe.Premiere.Keys.File]

[HKEY_CLASSES_ROOT\Adobe.Premiere.Keys.File\shell]
@=""

[HKEY_CLASSES_ROOT\Adobe.Premiere.Pro.Project]
@="Adobe Premiere Project"

[HKEY_CLASSES_ROOT\Adobe.Premiere.Pro.Project\shell]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D60F93E6-8A7B-11D0-8B13-008048808AB0}]
@="Logitech MouseWare Control Center Force Feedback Module"

[HKEY_CLASSES_ROOT\CLSID\{D60F93E6-8A7B-11D0-8B13-008048808AB0}\InProcServer32]
"ThreadingModel"="Apartment"
@="C:\\Program Files\\MouseWare\\System\\lffmouse.dll"

[HKEY_CLASSES_ROOT\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}]
@="Lavasoft Shell Extension"

[HKEY_CLASSES_ROOT\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}\InprocServer32]
@="C:\\Program Files\\Lavasoft\\Ad-Aware\\ShellExt.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Intel\\ProSafe\\"="1"

[HKEY_CURRENT_USER\Software\Informer Technologies, Inc.]

[HKEY_CURRENT_USER\Software\Wget]


----------



## Matt197 (Dec 27, 2006)

Does not look to bad, looks like your problem is more a bloated registry as I first fault that should be taken care by CCleaner but we will do a few more checks to make sure.

*Step One: Run online scanner*

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner HERE

*1.* Click Accept, when prompted to download and install the program files and database of malware definitions

*2.* To optimize scanning time and produce a more sensible report for review:


Close any open programs
Turn off any real time scanner or any existing antivirus program while performing the online scan.

*3.* Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.


Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:



> Spyware, adware, dialers, and other riskware
> Archives
> E-mail databases


Click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View report... at the bottom.
Click the Save report... button.











Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop and post it in your next reply

*Step Two: Run Hijackthis scan only*

1. Download HijackThis from HERE

2. Install HijackThis then run the program

3. Click on "Do a system scan and save a log file" once the scan is complete a notepad will pop up with a log file, copy and past the whole log into your reply.

*NOTE: Do not tick anything or attempt to fix any entries as this can really mess your computer up if you do not know what you are doing.*


----------



## Brian.Morin (Feb 9, 2010)

Right now I am getting this message from Kaspersky:

Launch of the Java application is interrupted! Please establish an uninterrupted Internet connection for work with this program.

I will keep on trying to launch it... 

bri


----------



## Brian.Morin (Feb 9, 2010)

Got it... Kaspersky is running...


----------



## Brian.Morin (Feb 9, 2010)

The scan seems to have stopped, I am not sure why. The only possibility that I can imagine is that the screen saver went on. This may have somehow turned off the scan. Is this possible??? I also noticed that the Java Sun icon was no longer in the tool bar area... Please advise... - thanks bri

This is what the window looks like, as it is frozen:


Scan statistics
Objects scanned: 70343 
Threats found: 5 
Infected objects found: 9 
Suspicious objects found: 0 
Scan duration: 01:55:43 
Scan beginning
Scanning in progress (6%)
Select the area for scanning in the Scan section of the left window part.
Last start: 
Status: 
Please wait, scanning can take some time depending upon the size of the area to scan. You can continue work with other browser windows.

Scanning: Big Fish
Path: C:\Documents and ...mpatico.ca\Inbox.sbd
Configure | View report | Stop scanning
Attention! Anti-virus scanning may be unavailable if your computer already has another anti-virus application installed and running. Please deactivate the anti-virus software installed on your computer and start Kaspersky Online Scanner 7.0 again from the web site of Kaspersky Lab.


----------



## Matt197 (Dec 27, 2006)

Please try the Bitdefender online scanner HERE

If this does not run then please try running the Trend Micro onliner HERE

If both scanners do not scan then please skip to step two and post your Hijackthis log.


----------



## Brian.Morin (Feb 9, 2010)

Ok Thanks Matt;

Just to fill you in. The Kaspersky ran for 4:10 hours today and then froze. It seems to have something to do with Java. When I run the program, of course, as instructed, I turn of Avast. Subsequently I turn off my internet connection. This didn't seem to have any effect on it for a little over 4 hours, but then bang. I might want ot add, that is was while scanning an external USB drive. 

You might like to know that it showed 7 infected (it was the top number just below how many files were scanned) and just below 12 compromised or some such thing. Hope this is useful. 

I will start with the first one on the above list. 

Bri


----------



## Brian.Morin (Feb 9, 2010)

Quick Scan gave me this:

BitDefender QuickScan Beta 32-bit v0.9.9.9
------------------------------------------

Scan date: Sat Mar 06 16:48:58 2010
Machine ID: C06FC9B

No infection found.
---------------------

Processes
---------
<unsigned> Creative Audio Service 1836 C:\Program Files\Creative\Shared Files\CTAudSvc.exe
<unsigned> Sizer 2836 C:\Program Files\Sizer\sizer.exe

<verified> avast! Antivirus 1036 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
<verified> avast! Antivirus 3096 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
<verified> Creative Service for CDROM Access 2008 C:\WINDOWS\System32\CTsvcCDA.exe
<verified> Creative Volume Control 3784 C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
<verified> CTDVDDET 2844 C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
<verified> Firefox 1904 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> GFI Backup 2009 - Home Edition 2040 C:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe
<verified> GFI Backup 2009 - Home Edition 212 C:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe
<verified> Glary Utilities 1420 C:\Program Files\Glary Utilities\memdefrag.exe
<verified> Java(TM) Platform SE 6 U18 328 C:\Program Files\Java\jre6\bin\jqs.exe
<verified> Java(TM) Platform SE Auto Updater 2 0 3352 C:\Program Files\Common Files\Java\Java Update\jusched.exe
<verified> LightScribe 300 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
<verified> Logitech Webcam Software 428 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
<verified> MailWasher.exe 3004 C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
<verified> Microsoft IntelliPoint 3172 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
<verified> Microsoft® Windows® Operating System 416 C:\WINDOWS\Explorer.EXE
<verified> Microsoft® Windows® Operating System 2804 C:\WINDOWS\Explorer.EXE
<verified> Microsoft® Windows® Operating System 2280 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 444 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 1600 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 528 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 516 C:\WINDOWS\system32\services.exe
<verified> Microsoft® Windows® Operating System 380 C:\WINDOWS\System32\smss.exe
<verified> Microsoft® Windows® Operating System 1788 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 924 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 820 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 772 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 2820 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 732 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 684 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1192 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 424 C:\WINDOWS\system32\winlogon.exe
<verified> Microsoft® Windows® Operating System 468 C:\WINDOWS\system32\winlogon.exe
<verified> Microsoft® Windows® Operating System 2664 C:\WINDOWS\system32\wscntfy.exe
<verified> Nero AG incdsrv 248 C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
<verified> Sunbird 1704 C:\Program Files\Mozilla Sunbird\sunbird.exe
<verified> SupportSoft sprtsvc 1132 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
<verified> WordWeb 624 C:\Program Files\WordWeb\wweb32.exe

Network activity
----------------
Process AvastSvc.exe (1036) connected on port 80 (HTTP) - qw-in-f113.1e100.net
Process AvastSvc.exe (1036) connected on port 80 (HTTP) - a184-51-181-115.deploy.akamaitechnologies.com
Process AvastSvc.exe (1036) connected on port 80 (HTTP) - *.122.2o7.net
Process AvastSvc.exe (1036) connected on port 80 (HTTP) - a184-51-188-20.deploy.akamaitechnologies.com
Process firefox.exe (1904) connected on port 443 (HTTP over SSL) - core.sxipper.com

Process svchost.exe (732) listens on ports: 135 (RPC)
Process svchost.exe (924) listens on ports: 2869 (SSDP event notification, UPNP)

Autoruns and critical files
---------------------------
<unsigned> Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll

<verified> Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
<verified> avast! Antivirus C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
<verified> Creative Volume Control C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
<verified> CTDVDDET C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
<verified> Glary Utilities C:\Program Files\Glary Utilities\initialize.exe
<verified> Glary Utilities C:\Program Files\Glary Utilities\memdefrag.exe
<verified> Google Update C:\Documents and Settings\Bri\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
<verified> Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
<verified> Microsoft IntelliPoint C:\Program Files\Microsoft IntelliPoint\ipoint.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
<verified> Skype C:\Program Files\Skype\Phone\Skype.exe
<verified> Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe
<verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins
---------------
<unsigned> RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<unsigned> RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
<unsigned> Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
<unsigned> VLC Multimedia Plug-in C:\Program Files\VideoLAN\VLC\npvlc.dll

<verified> AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Bri\Application Data\Mozilla\Firefox\Profiles/d4ncf58q.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Bri\Application Data\Mozilla\Firefox\Profiles/d4ncf58q.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> Java Deployment Toolkit 6.0.180.7 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Java(TM) Platform SE 6 U18 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Java(TM) Platform SE 6 U18 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<verified> Messenger C:\Program Files\Messenger\msmsgs.exe
<verified> Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<verified> RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<verified> RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
<verified> RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
<verified> RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
<verified> Silverlight Plug-In C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
<verified> Skype add-on for IE c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
<verified> Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

Missing files
-------------
File not found: C:\Program Files\OpenOffice.org 3\program
referenced in: HLKM\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0\"Path"

Scan
----
<unsigned> MD5: dedfe75e1e9f13b9fac295cc8cb70131 C:\Program Files\Alwil Software\Avast5\1033\Base.dll
<unsigned> MD5: 622facacda2009ff66a67604cd2a31f5 C:\Program Files\Alwil Software\Avast5\1033\uiLangRes.dll
<unsigned> MD5: 34bc6e308b2b27c6aeb6fd69e9ebfc36 C:\Program Files\Alwil Software\Avast5\Aavm4h.dll
<unsigned> MD5: 57bde895cea9002fe78bfb17ba8cf9fc C:\Program Files\Alwil Software\Avast5\AavmRpch.dll
<unsigned> MD5: 74933dff7979a8e393edd535b349f8c4 C:\Program Files\Alwil Software\Avast5\AhResBhv.dll
<unsigned> MD5: 7616612ca2aac439002f49382efc4900 C:\Program Files\Alwil Software\Avast5\ahResMes.dll
<unsigned> MD5: 8e0214cdce72d5f651fb95fe88963f00 C:\Program Files\Alwil Software\Avast5\AhResNS.dll
<unsigned> MD5: 1b2f4cdb5abdf152de5028889779c0e1 C:\Program Files\Alwil Software\Avast5\ahResP2P.dll
<unsigned> MD5: e045a31d1e5787ce877ca9f762f0a798 C:\Program Files\Alwil Software\Avast5\AhResStd.dll
<unsigned> MD5: 4d05a6d6c3d09abee7418f1d760320de C:\Program Files\Alwil Software\Avast5\AhResWS.dll
<unsigned> MD5: d42621629d8aaad49b0702a3d7447010 C:\Program Files\Alwil Software\Avast5\ashBase.dll
<unsigned> MD5: a93898390e61de8ce28e926a106379f0 C:\Program Files\Alwil Software\Avast5\ashServ.dll
<unsigned> MD5: 1692c443a5e1ed01896f267d7b7a9648 C:\Program Files\Alwil Software\Avast5\ashTask.dll
<unsigned> MD5: fe338c800e9a97f1be49a9ec1eca7526 C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll
<unsigned> MD5: caf6d8f57c79fac51d7b89582b45dfb6 C:\Program Files\Alwil Software\Avast5\ashWebSv.dll
<unsigned> MD5: e847f99dac3e3229d51a2671595017f9 C:\Program Files\Alwil Software\Avast5\aswAux.dll
<unsigned> MD5: 9924a82555e5ec8a7db7aded2efe5b5c C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll
<unsigned> MD5: f46d4d402bf2922be53e4cfa4297d7fb C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll
<unsigned> MD5: 6e0270283ad317d43458462cc61d3fe7 C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll
<unsigned> MD5: 1e975ec36106077b9614338eac1488d9 C:\Program Files\Alwil Software\Avast5\aswData.dll
<unsigned> MD5: 77d0f6d798e57a3178262116978f49ab C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll
<unsigned> MD5: 8924ee4d0ad9e73caac06f7be69d9b73 C:\Program Files\Alwil Software\Avast5\aswIdle.dll
<unsigned> MD5: 566e0f80c78bb307f95d13c4b20d1f95 C:\Program Files\Alwil Software\Avast5\aswLog.dll
<unsigned> MD5: d45b967c38f85edf64fa9f924528b3e6 C:\Program Files\Alwil Software\Avast5\aswProperty.dll
<unsigned> MD5: 0f6fb3a739f2ce37c3a9c03594ae888e C:\Program Files\Alwil Software\Avast5\aswSqLt.dll
<unsigned> MD5: 8e7ba9468b1f441867e51c73178d61c3 C:\Program Files\Alwil Software\Avast5\aswUtil.dll
<unsigned> MD5: 1090efd1d85d8c71bfe30f0727259dd1 C:\Program Files\Alwil Software\Avast5\CommonRes.dll
<unsigned> MD5: 3f7be087aefed38a594088cbeff2a802 C:\Program Files\Alwil Software\Avast5\defs\10030601\algo.dll
<unsigned> MD5: d18b97652339b25e43dfc9b15b76f768 C:\Program Files\Alwil Software\Avast5\defs\10030601\aswCmnBS.dll
<unsigned> MD5: 78442cb2442b74d0ecbfa6de20109656 C:\Program Files\Alwil Software\Avast5\defs\10030601\aswCmnIS.dll
<unsigned> MD5: 3b225dc882e319760ffa1f9d40dcbd78 C:\Program Files\Alwil Software\Avast5\defs\10030601\aswCmnOS.dll
<unsigned> MD5: c91b3c8536f2d684f44ba81c1268e30f C:\Program Files\Alwil Software\Avast5\defs\10030601\aswEngin.dll
<unsigned> MD5: 17ec932eaa7d2f6e5616f8d18670dd5b C:\Program Files\Alwil Software\Avast5\defs\10030601\aswScan.dll
<unsigned> MD5: a65e726477340bcf4df4a09033a0b6a0 C:\Program Files\Common Files\LightScribe\LSLog.dll
<unsigned> MD5: 93a72d74f377ced88bac46e9be797f57 C:\Program Files\Common Files\LightScribe\LSSProxy.dll
<unsigned> MD5: b8eac4507eb4655377b1e094fce7f12e C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
<unsigned> MD5: e5ec76c8fc376f962c1d1dd57ff1a1f5 C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.crl
<unsigned> MD5: 645ec8749bbba7e991a72bfac2e14aa7 C:\Program Files\Creative\Shared Files\CTAudSvc.exe
<unsigned> MD5: 96104018ca96858c939ff6262d61cf0b C:\Program Files\Creative\Shared Files\CTTheme.dll
<unsigned> MD5: 5d01ba66ce7519609d7743ca00823c3b C:\Program Files\Creative\Shared Files\GDICtrl.skc
<unsigned> MD5: 4272679bb6ffd7517c70b2be4d100b1d C:\Program Files\Creative\Shared Files\RTXCtrl.skc
<unsigned> MD5: 5c5209b04b1942a534259c2ab7bb1eea C:\Program Files\Dell Support Center\bin\libeay32.dll
<unsigned> MD5: 5601f1bd06f478e35255e32d6d019f5b C:\Program Files\Glary Utilities\cxLibraryVCLD7.bpl
<unsigned> MD5: b36c80063c9e28c3197c3c55493f3377 C:\Program Files\Glary Utilities\dxBarD7.bpl
<unsigned> MD5: ac7a741d623e77ce89c7c11265844412 C:\Program Files\Glary Utilities\dxComnD7.bpl
<unsigned> MD5: 000e79fa7866e4c76ceccf86fc152260 C:\Program Files\Glary Utilities\dxCoreD7.bpl
<unsigned> MD5: bb860f49b3ea251466ae08e13f577a9c C:\Program Files\Glary Utilities\dxGDIPlusD7.bpl
<unsigned> MD5: 1ca4ffd80cbbf2ac20d08dbb98e655cf C:\Program Files\Glary Utilities\dxSkinOffice2007BlueD7.bpl
<unsigned> MD5: 8b01bc36dc5df9030fc79d70bd2704af C:\Program Files\Glary Utilities\dxSkinsCoreD7.bpl
<unsigned> MD5: 37fd4d6170779b8f831b8330c07a974b C:\Program Files\Glary Utilities\dxSkinsdxBarPainterD7.bpl
<unsigned> MD5: 7242bf69f7a4805d2e0c5b457c8bdfac C:\Program Files\Glary Utilities\dxThemeD7.bpl
<unsigned> MD5: 84f54447e0517987c550fd6994fb2872 C:\Program Files\Glary Utilities\GUControlD7.bpl
<unsigned> MD5: 6a4b9617d230a70efae406747dccf706 C:\Program Files\Glary Utilities\GUTrayIconD7.bpl
<unsigned> MD5: 4532dfb036d06f63daa3a7f9859c5750 C:\Program Files\Glary Utilities\VirtualTreesD7.bpl
<unsigned> MD5: 462e2f4886a0b389d4fda12a15f8219a C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: 52d4d6ec27a57313ab9f90e242c3cfa4 C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: 1d54c61df16b6fe7ed457ca7e366ee5e C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<unsigned> MD5: a87b04299a14747bbcbe8cb4147612c2 C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: 1d54c61df16b6fe7ed457ca7e366ee5e C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
<unsigned> MD5: dcdf74ecde8f3572aede1cb3d946d21d C:\Program Files\Sizer\sizer.exe
<unsigned> MD5: 53ba26b071d0b83bd16e3f21c9df6497 C:\Program Files\VideoLAN\VLC\npvlc.dll
<unsigned> MD5: 8e3529c422e028e2eceba1cdb4b756ab C:\WINDOWS\CTDCRES.DLL
<unsigned> MD5: 8ddf0253e783e740bf053e0fe7d8b6fe C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
<unsigned> MD5: 1a7db7a00a4b0d8da24cd691a4547291 C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
<unsigned> MD5: 3ced539f4373ccf8d3fe71ae51053d5d C:\WINDOWS\system32\DRIVERS\se59mdfl.sys
<unsigned> MD5: c6a6aa039d14f2ea1998e5f922014067 C:\WINDOWS\system32\DRIVERS\se59mdm.sys
<unsigned> MD5: 7eecfa334292b1cd8de4990b63e02360 C:\WINDOWS\system32\DRIVERS\se59mgmt.sys
<unsigned> MD5: 555895a241611c59ce057c42bc8b6e85 C:\WINDOWS\system32\DRIVERS\se59nd5.sys
<unsigned> MD5: 5f453e3e797dbeefe35869dc0239effa C:\WINDOWS\system32\DRIVERS\se59unic.sys
<unsigned> MD5: 57d481a809704dae428fed289b00f132 C:\WINDOWS\system32\WgaLogon.dll

No file uploaded.

Scan finished - communication took 5 sec
Total traffic - 0.02 MB sent, 0.33 KB recvd
Scanned 797 files and modules - 10 seconds


----------



## Brian.Morin (Feb 9, 2010)

Trend Micro's Housecall did not work on my system... ?


----------



## Brian.Morin (Feb 9, 2010)

Here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:22, on 06/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe
C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Mozilla Sunbird\sunbird.exe
C:\Program Files\Sizer\sizer.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Glary Utilities\memdefrag.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x089d -f video -m logitech -d 12.0.1278.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x089d -f video -m logitech -d 12.0.1278.0 (User 'Default user')
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Mozilla Sunbird.lnk = C:\Program Files\Mozilla Sunbird\sunbird.exe
O4 - Global Startup: Sizer.lnk = C:\Program Files\Sizer\sizer.exe
O4 - Global Startup: wweb32.exe.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://get.adobe.com
O15 - Trusted Zone: http://windowsupdate.microsoft.com
O15 - Trusted Zone: http://www.youtube.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231381119421
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: GFI Backup 2009 - Home Edition Attendant Service (GFIBckHAtt) - GFI Software Ltd. - C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe
O23 - Service: GFI Backup 2009 - Home Edition Scheduler Service (GFIBckHSched) - GFI Software Ltd. - C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 9188 bytes


----------



## Matt197 (Dec 27, 2006)

Brian.Morin said:


> Trend Micro's Housecall did not work on my system... ?


Hi Brian,

Don't worry about that scan.

From the looks of your log I would say you are not infected, but it does look like you was in the past but you did say you ran ComboFix before I started helping you.

Ok, let's make sure you are up to date and have all the latest patches.

1.
Firstly I notice you are running IE7, please upgrade to IE8 HERE

2.
Open up Firefox and click "Help" at the top then "Check for updates" and follow the instruction to upgrade the 3.6

3.
Open up IE8 and if any boxes pop up following the onscreen instruction, now click "Tool" on the far right hand side then "Internet Options"

If you click the "Advanced" tab then click "Restore advanced settings" then directly below click on "Reset" tick the box "Delete personal settings" then "Reset" once this is complete close IE8 down and reopen it.

4.
Navigate to the system "Control Panel" and change the view to "Classic" in the list there should be an icon for "Java" double click this.

Once the java console has opened click the "update" tab along the top then "Update now" if an update is available then following the instruction.

5.
Go to the following website *windowsupdate.microsoft.com *and check if there are any available critical updates, if so then download them.

6.
We are now going to delete your "System Restore" points, to do this right click on "My Computer" -> "Properties" -> "Click the "System Restore" tab at the top -> Tick the box "Turn off system restore on all drives" then Apply" and say "Yes" to the box.

Now turn "System Restore" back on my un-ticking the "Turn off system restore on all drives" box, click "OK" and that's that part done.

Restart your computer.

7.
Lastly, open up Malwarebytes' Anti-Malware and run a full scan this time, let me know if it find anything by posting the log file.

How is your system feeling? Are you getting any random error message including Avast popping up or is it now running fine?


----------



## [email protected] (Jan 9, 2006)

jeez, id just back up everything i wanted to keep and then reinstall, tbh its so much easier than hijack this and everything else


----------



## Brian.Morin (Feb 9, 2010)

Matt, when I tryed to install IE8 I was given this link to do a trouble shoting, as I was told that is was not going to install...

http://support.microsoft.com/gp/ie8_browserDetect

Since I worry about MNS I would like to hear how you feel about this???

Bri


----------



## Matt197 (Dec 27, 2006)

Brian.Morin said:


> Matt, when I tryed to install IE8 I was given this link to do a trouble shoting, as I was told that is was not going to install...
> 
> http://support.microsoft.com/gp/ie8_browserDetect
> 
> ...


Are you sure you downloaded the correct version of IE8, for example if you are running Windows XP 32bit so if you downloaded the 64bit version it would not be compatible with your system.

What error message did you get?

If you don't use IE then I would still update it because you are still as risk as its in effect an un patched version.


----------



## Matt197 (Dec 27, 2006)

[email protected] said:


> jeez, id just back up everything i wanted to keep and then reinstall, tbh its so much easier than hijack this and everything else


Not at all, you would not get your car resprayed just because you picked up a few swirls, scratches or chips.

I can have a system clean with in 2/3hours depending on how fast the scans complete with me sat at the infected computer.

By the time you have backed up all your files, reinstalled your OS, installed all your programs, restored your files, installed drivers you find you have wasted a good day or two and most users find this is beyond there ability.

Obviously in more serve circumstances a reimage is the only way, but I always look at that as the last resort and will always try before I give in, good challenge as well :thumb:


----------



## Brian.Morin (Feb 9, 2010)

Matt, the IE8 issue is no more an issue. History. Okay... Etc. 

Well I have always found that reinstall takes severall days of intense work. Maybe if anyone knows of a good tutorial/video on the subject. "How to do a proper BU" type of thing, that would be splended... - bri


----------



## ardandy (Aug 18, 2006)

Matt197 said:


> Not at all, you would not get your car resprayed just because you picked up a few swirls, scratches or chips.
> 
> I can have a system clean with in 2/3hours depending on how fast the scans complete with me sat at the infected computer.
> 
> ...


I agree with the re-install. Not only will it solve any problem but if you run every program available and everything gets updated it still won't be as trouble free or as quick as a re-install.

With a re-install it will take a definate time.
With this it could take forever.

Backing up data shouldn't be an issue as only an idiot would have all of his important files/pics etc on a single PC and not already backed up! 

£35 and a visit to a shop would solve this with no worries at all! Sometimes it's worth the extra.


----------



## ardandy (Aug 18, 2006)

Brian.Morin said:


> Matt, the IE8 issue is no more an issue. History. Okay... Etc.
> 
> Well I have always found that reinstall takes severall days of intense work. Maybe if anyone knows of a good tutorial/video on the subject. "How to do a proper BU" type of thing, that would be splended... - bri


It would be far easier if someone could show you, anyone nearby that can do it?

All you need is a Windows Disk (or restore disk if you have one).
Drivers (again on a disk if you're lucky).
Whichever programs you need.

Think of it this way, even if it takes as long to re-install as it does to sort it out, at least you've learnt something.


----------



## Brian.Morin (Feb 9, 2010)

Matt; just to let you know, everything seems to be working very well. My wifes profile is working like a charm. I can do things now that I wasn't able to do a few days ago. If I had ￡35 Matt, I would send it to you. Let me know if you have a PayPal account. I only have about $25. CDN, but I would be more than happy to send it to you. 

Note: it is very difficult to find someone, in ones area, that can properly help with ones computer at any price. Plus, here in NAmerica, there aren't many, none that I know, that will work on ones system for less than $40.00/hour (thats about ￡20). I don't want to play the violin too hard, but since I am recuperating form illness, I do not have that type of $/￡. The money I have to use on my own, I earn by clicking on click sites, and I am willing to give my 3 or 4 months earning to Matt as he has helped me keep my window on the world open. 

If it was not for comments made here I would never have mentioned my current situation. I hope that it does not change anything here except allow the commenter to understand that not everyone on the planet is monetarily well off. 

Please keep well. - bri


----------



## ardandy (Aug 18, 2006)

It's all relative though. People spend xxx on the car to keep it on the road, if a PC is important to your life/work then relatively speaking £35 is a bargain to get something fairly crucial to everyday life.

If its not then fair enough but you get the idea.

This is actually born out of lots of people I sometimes work for that don't think twice at spending £90 per hour for someone to look at a car yet balk at less than half that for a PC. (End rant)


----------



## Brian.Morin (Feb 9, 2010)

ardandy said:


> It's all relative though. People spend xxx on the car to keep it on the road, if a PC is important to your life/work then relatively speaking £35 is a bargain to get something fairly crucial to everyday life.
> 
> If its not then fair enough but you get the idea.
> 
> This is actually born out of lots of people I sometimes work for that don't think twice at spending £90 per hour for someone to look at a car yet balk at less than half that for a PC. (End rant)


The rant understood... I have not got a car by the way... I say this all with respect and understanding for your position. Positions are always best stated, I believe, in a relative way. One sounds more like A. Einstein that way... LOL

regards
bri


----------



## Brian.Morin (Feb 9, 2010)

Matt; I think we got it... ! 

The system is running like never before... 

The three exceptions was just due to the fact that I had turned of the XP Security Alerts. - bri



Malwarebytes' Anti-Malware 1.44
Database version: 3838
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08/03/2010 20:57:34
mbam-log-2010-03-08 (20-57-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 365514
Time elapsed: 4 hour(s), 17 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## [email protected] (Jan 9, 2006)

The only i time i would ever do a sequence like this instead of a complete re-install is if the pc was preventing me from accesing the stuff i need to keep or if doing it for a friend whos not got the install discs and neither have I for their specific OS.

Its satisfying to know youve wiped the stuff out but nothing beats the performance of a clean install imo, just run the correct protection software and make doubly sure that what you click yes to when online is 110% safe


----------



## Matt197 (Dec 27, 2006)

Brian, I am glad your computer is back up and running and I do not want you’re money, I prefer knowing that I have made a difference and was able to help you.

And to the others, I am sorry if you find my ways of assisting people questionable but that’s up to you, this is how I work and I find it very annoying as it adds confusion and doubt to the OP.

Why should I not help others like Brian remove infections, backing up files is not that straight forward as you should no, its all well and good saying they are idiots for storing file on their main system but that’s true for 98% of computer users.

Yes, performing a complete reinstallation is going to speed up the computer if it’s not been done for a few years, there is no doubting that but most the time its more hassle than its worth because the user has saved their files not in one location but several.

You guys might not appreciate what I am trying to do but the people I help are always extremely grateful, I am a member of a few security forum where we always help remove infections rather than formatting wherever possible.

This is the area I specialize in.

/rant over


----------



## Brian.Morin (Feb 9, 2010)

The system has never run better Matt. Thanks. If you ever need some help with a website, or maybe some graphics, please give me a jingle. 

P.S. Rants can be soooooooo delightful, can't they; for five minutes or so. 

@ [email protected]

I have always protected my system very carefully, but it just so happened that I receive an email form an address that was bogus. I usually scan anything that anyone sends me. This time I did not. Zap! What can I say.

_________________________________________________________________

The last time I did a complete re-install, I used my backup disk to replace all the files. Unfortunately, due to ignorance (not stupidity), My BU's were not complete, as I thought they were. I know I can find all sorts of info on BU's, more now than in the past couple of years, but it would be nice to know that the information was good. The information that Matt gave me was excellent and I hope I learned something. I would really like to see information like this for doing an image (which I am not really sure what that means in English ;-))) and a BU i.e. incremental, etc. etc. 

Mat I will be in touch... 
bri


----------

