Tech Support Team

Dr Strangelove · #21 (**permalink**) **Top** 1st August 2008, 02:19 AM

Explorer killed successfully
C:\WINDOWS\system32\gpedits.exe moved successfully.
C:\WINDOWS\system32\ciadvss.exe moved successfully.
C:\WINDOWS\system32\ciadvs.exe moved successfully.
C:\WINDOWS\system32\chkdskss.exe moved successfully.
C:\WINDOWS\system32\chkdsks.exe moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\IBMUSE~1\LOCALS~1\Temp\Perflib_Perfdat a_fa0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\LVCOMSX.LOG scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08012008_030216

Files moved on Reboot...
File C:\DOCUME~1\IBMUSE~1\LOCALS~1\Temp\Perflib_Perfdat a_fa0.dat not found!
C:\WINDOWS\temp\LVCOMSX.LOG moved successfully.
--------------------------------------------------------------------------------
And:

Deckard's System Scanner v20071014.68
Run by IBM USER on 2008-08-01 03:10:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 88% (more than 75%).
Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 4.1 GiB (less than 15%) free.

-- HijackThis (run as IBM USER.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:10:51, on 01/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\PROGRA~1\xpoint\xpadmin\xpadmin.exe
C:\PROGRA~1\xpoint\agent\Xpagent.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\xpoint\SAS\jre\bin\javaw.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\WINDOWS\notepad.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\System32\TpScrLk.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\NLauncher\NLauncher.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Documents and Settings\IBM USER\Desktop\Unused\tclocklight-040702-3\tclock.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\IBM USER\Desktop\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\IBM USER.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.mc272.mail.yahoo.com/mc/sh...and=1664166234
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O2 - BHO: LastClosedTab - {e05e75e9-a653-42a3-8d05-f2f7e309bdca} - mscoree.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - (no file)
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\System32\TpScrLk.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1164507106\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAuto nomicMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBa ttLog
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [ZortamMp3MediaStudio] "C:\Program Files\Zortam Mp3 Media Studio\zmmspro.exe"
O4 - HKCU\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [SunJavaUpdateSched] c:\program files\java\jre1.6.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKCU\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: tclock.lnk = C:\Documents and Settings\IBM USER\Desktop\Unused\tclocklight-040702-3\tclock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: tclock.lnk = C:\Documents and Settings\IBM USER\Desktop\Unused\tclocklight-040702-3\tclock.exe (User 'Default user')
O4 - .DEFAULT Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe (User 'Default user')
O4 - Startup: tclock.lnk = C:\Documents and Settings\IBM USER\Desktop\Unused\tclocklight-040702-3\tclock.exe
O4 - Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NLauncher.lnk = C:\Program Files\NLauncher\NLauncher.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\PkgMgr.exe
O9 - Extra button: Open Last Closed Tab - {e05e75e9-a653-42a3-8d05-f2f7e309bdca} - mscoree.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1160964812199
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar...ackToolbar.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Xpoint Admin Server (XPadminServer) - Unknown owner - C:\PROGRA~1\xpoint\xpadmin\xpadmin.exe
O23 - Service: Xpoint Agent Server (xpAgentServer) - Unknown owner - C:\PROGRA~1\xpoint\agent\Xpagent.exe

--
End of file - 18331 bytes

-- Files created between 2008-07-01 and 2008-08-01 -----------------------------

2008-07-31 23:29:45 686630 --a------ C:\Program Files\dss.exe
2008-07-31 12:48:35 0 d-------- C:\Program Files\jv16 PowerTools
2008-07-31 12:47:45 1612467 --a------ C:\Program Files\jv16141248.exe
2008-07-31 09:21:45 0 d-------- C:\Documents and Settings\IBM USER\Application Data\InterVideo
2008-07-30 08:37:03 516096 --a------ C:\WINDOWS\system32\rtl4.dat <Not Verified; ; AC3Filter>
2008-07-30 08:37:03 16384 --a------ C:\WINDOWS\system32\rtl3.dat <Not Verified; ; async multivob filter>
2008-07-30 08:37:03 434176 --a------ C:\WINDOWS\system32\rtl2.dat <Not Verified; Gabest; Mpeg2Dec Filter>
2008-07-29 15:00:29 360580 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-07-29 14:57:42 843776 --a------ C:\WINDOWS\MSNImport.exe <Not Verified; MSN Content Plus Inc; MSN Content Plus Installer>
2008-07-29 14:57:41 0 d-------- C:\Program Files\MSN Content Plus Inc
2008-07-29 12:28:09 0 d-------- C:\Program Files\InfoTag Magic 1.0
2008-07-29 12:27:44 139452 --a------ C:\Program Files\InfoTagFreeSetup.exe
2008-07-28 09:08:16 0 d-------- C:\Documents and Settings\IBM USER\Application Data\Songbird2
2008-07-28 09:07:47 0 d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-07-28 09:06:45 0 d-------- C:\Program Files\Songbird
2008-07-27 19:33:37 0 d-------- C:\Program Files\Windows Desktop Search
2008-07-26 11:27:38 2062848 --a------ C:\Program Files\SysSpec.exe
2008-07-26 11:06:24 0 d-------- C:\Documents and Settings\IBM USER\Application Data\Desktopicon
2008-07-23 14:47:43 0 d-------- C:\Program Files\a-squared Anti-Malware
2008-07-23 13:58:03 0 d-------- C:\Documents and Settings\IBM USER\Application Data\SiteAdvisor
2008-07-23 13:58:03 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-20 13:10:01 0 d-------- C:\Documents and Settings\IBM USER\Application Data\Astro Gemini Software
2008-07-20 13:09:58 0 d-------- C:\Program Files\Astro Gemini Software
2008-07-20 09:11:49 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-18 10:13:45 0 d-------- C:\Documents and Settings\IBM USER\Application Data\DeepBurner
2008-07-18 09:59:15 0 d-------- C:\Program Files\Astonsoft
2008-07-13 02:24:04 0 d-------- C:\Program Files\Common Files\Gibinsoft Shared
2008-07-13 02:24:03 0 d-------- C:\Program Files\GiPo@Utilities
2008-07-10 14:26:12 221 --a------ C:\WINDOWS\system32\Monitored3.dat
2008-07-03 23:48:58 0 d-------- C:\Program Files\Nuclear Coffee

-- Find3M Report ---------------------------------------------------------------

2008-08-01 03:02:39 0 d-------- C:\Documents and Settings\IBM USER\Application Data\DNA
2008-07-31 17:45:18 0 d-------- C:\Program Files\Java
2008-07-31 11:54:05 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-31 10:54:00 0 d-------- C:\Program Files\SmileyPad
2008-07-30 09:34:17 16757793 --a------ C:\Program Files\World_Wind_1.4.0_Full.exe
2008-07-29 14:57:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-29 14:56:57 1761096 --a------ C:\Program Files\msn-polygamy-8.0.exe <Not Verified; MSN Content Plus Inc; MSN Polygamy>
2008-07-28 09:08:37 0 d-------- C:\Documents and Settings\IBM USER\Application Data\Mozilla
2008-07-28 09:05:36 14939570 --a------ C:\Program Files\Songbird_0.6.1_windows-i686-msvc8.exe <Not Verified; POTI, Inc.; >
2008-07-27 23:11:03 0 d-------- C:\Documents and Settings\IBM USER\Application Data\BitTorrent
2008-07-27 19:22:24 0 d-------- C:\Program Files\Windows Media Connect 2
2008-07-27 18:28:32 0 d-------- C:\Documents and Settings\IBM USER\Application Data\NLauncher
2008-07-27 15:05:08 0 d-------- C:\Documents and Settings\IBM USER\Application Data\Audacity
2008-07-27 13:13:01 0 d-------- C:\Program Files\Recover Keys
2008-07-26 11:05:40 243204 --a------ C:\Program Files\unlocker1.8.7.exe
2008-07-26 10:51:18 507904 --a------ C:\Program Files\moveonb.msi
2008-07-18 12:06:54 0 d-------- C:\Documents and Settings\IBM USER\Application Data\Orbit
2008-07-13 02:24:04 0 d-------- C:\Program Files\Common Files
2008-07-11 16:52:23 0 d-------- C:\Documents and Settings\IBM USER\Application Data\FrostWire
2008-07-11 16:06:45 0 d-------- C:\Program Files\FrostWire
2008-06-30 02:44:08 0 d-------- C:\Program Files\Zortam Mp3 Media Studio
2008-06-29 14:16:59 0 d-------- C:\Program Files\Common Files\AOL
2008-06-29 11:27:56 0 d-------- C:\Program Files\Antispam Scanner
2008-06-29 03:21:46 0 d-------- C:\Documents and Settings\IBM USER\Application Data\GrabPro
2008-06-28 15:25:27 0 d-------- C:\Program Files\Messenger Plus! Live
2008-06-25 23:34:44 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-06-25 23:33:13 0 d-------- C:\Program Files\Logitech
2008-06-25 23:32:34 0 d-------- C:\Program Files\Labtec
2008-06-25 02:37:41 0 d-------- C:\Program Files\MagicDisc
2008-06-25 02:33:58 0 d-------- C:\Program Files\JoyceAudioConverter
2008-06-25 02:28:32 0 d-------- C:\Program Files\CDex_150
2008-06-23 11:35:26 0 d-------- C:\Documents and Settings\IBM USER\Application Data\Advanced Audio Recorder
2008-06-21 06:03:56 0 d-------- C:\Documents and Settings\IBM USER\Application Data\Adobe
2008-06-11 10:12:03 0 d-------- C:\Documents and Settings\IBM USER\Application Data\Beyond Sync
2008-06-04 01:19:59 1793 --a------ C:\WINDOWS\mozver.dat
2008-06-03 13:12:07 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-03 12:12:59 0 d-------- C:\Program Files\Trend Micro
2008-05-23 09:21:29 24064 --a------ C:\WINDOWS\system32\ctfmon.exe <Not Verified; Gerhard Schlager; Dummy CTFMON.EXE (part of the CTFMON-Remover)>
2008-05-08 09:47:41 13930657 --a------ C:\Program Files\klcodec.exe <Not Verified; KL; >
2008-05-01 02:27:44 104448 --a------ C:\WINDOWS\system32\ecFDI.dll <Not Verified; Green Eclipse Software; EclipseCabinet>
2008-05-01 02:27:44 90624 --a------ C:\WINDOWS\system32\ecFCI.dll <Not Verified; Green Eclipse Software; EclipseCabinet>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e05e75e9-a653-42a3-8d05-f2f7e309bdca}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"TalkTalk"="C:\Program Files\TalkTalk\bin\sprtcmd.exe" [12/10/2007 08:33]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [17/04/2008 14:51]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [18/07/2008 11:15]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [02/05/2008 05:15]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]
"UC_SMB"="" []
"TpShocks"="TpShocks.exe" [07/11/2005 19:14 C:\WINDOWS\system32\TpShocks.exe]
"TPKMAPMN"="C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe" [29/10/2005 03:04]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [29/10/2005 03:04]
"TPKBDLED"="C:\WINDOWS\System32\TpScrLk.exe" [09/10/2002 06:28]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPH KMGR.exe" [25/07/2006 18:19]
"TP4EX"="tp4ex.exe" [17/10/2005 09:11 C:\WINDOWS\system32\TP4EX.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/05/2008 03:18]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [16/10/2002 09:59]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [14/02/2006 22:17]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [14/02/2006 22:16]
"S3TRAY2"="S3Tray2.exe" [12/10/2001 06:32 C:\WINDOWS\system32\S3Tray2.exe]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [06/05/2008 03:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [07/08/2003 00:08]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" []
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [25/10/2007 16:37]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [25/10/2007 16:33]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [07/01/2003 22:52]
"HostManager"="C:\Program Files\Common Files\AOL\1164507106\ee\AOLHostManager.exe" []
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp .Exe" [13/09/2006 10:23]
"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfE x.dll" [20/04/2005 09:38]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [20/04/2005 09:38]
"BluetoothAuthenticationAgent"="irprops.cpl" [14/04/2008 01:12 C:\WINDOWS\system32\irprops.cpl]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL " [20/04/2005 09:38]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [26/05/2005 05:00]
"AGRSMMSG"="AGRSMMSG.exe" [27/06/2003 16:53 C:\WINDOWS\AGRSMMSG.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [17/04/2006 20:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [29/07/2008 14:59]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [20/08/2007 09:42]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" []
"ZortamMp3MediaStudio"="C:\Program Files\Zortam Mp3 Media Studio\zmmspro.exe" []
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [30/10/2007 20:06]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [10/04/2008 20:33]
"SunJavaUpdateSched"="c:\program files\java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [23/05/2008 09:21]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [08/05/2008 07:07]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc. exe" []
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [30/10/2007 20:11]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [30/10/2007 20:07]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [07/01/2003 22:52]

C:\Documents and Settings\IBM USER\Start Menu\Programs\Startup\
tclock.lnk - C:\Documents and Settings\IBM USER\Desktop\Unused\tclocklight-040702-3\tclock.exe [07/09/2004 17:16:52]
WordWeb Pro.lnk - C:\Program Files\WordWeb\wweb32.exe [26/04/2008 02:36:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 17/04/2006 21:01 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 06/07/2005 07:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 01/12/2005 04:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{06ae4071-5ca1-11db-82b7-806d6172696f}]
AutoRun\command- D:\setup.exe

-- End of Deckard's System Scanner: finished at 2008-08-01 03:11:45 ------------

**evilfantasy** · #22 (**permalink**) **Top** 1st August 2008, 03:33 AM

Looking much better.

I just noticed this running at startup in the log. Do you use AVG for an on-demand scanner?

O4 - HKCU\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

You use Avira AntiVir right?

We will fix that now.

These are not all malware related fixes, only the first 02 entry is. The rest are simply to get rid of unnecessary startups. The programs are taking up resources when they don't even need to be running at startup. If you want something to be running at startup that I have listed then let me know and I will re-do the .reg fix.

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
Avira AntiVir
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Delete the Grisoft folder (This is unless you use AVG for an on-demand scanner)

Go to C:\Program Files\Grisoft

----------

Go to Start > Run and type notepad.exe then click OK

Copy the text in the Code box below and paste it into Notepad.

Code:

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"SunJavaUpdateSched"=-
"TkBellExe"=-
"RealTray"=-
"QuickTime Task"=-
"iTunesHelper"=-
"ibmmessages"=-
"Adobe Reader Speed Launcher"=-
"Adobe Photo Downloader"=-

In Notepad go to File > Save as...

Next to File name: type fixme.reg Use the dropdown box next to Save as type: and select All files. Save it to the Desktop.

There should now be a file on the Desktop that looks like this

Double-click fixme.reg it and allow it to merge with the Registry.

You may not see anything happen but give it a few seconds or so to finish.

Now delete the fixme.reg file from the Desktop.

Run CCleaner and then restart the computer to register the changes made.

Let me know how everything is now.

Dr Strangelove · #23 (**permalink**) **Top** 1st August 2008, 08:56 AM

I used to have AVG but no longer use it at all. I uninstalled it recently and now use Avira, yes.
I don't see a grisoft folder at all. [I even did a search]

I've followed your last set of directions - all went well.
The gpedits pop up has not appeared again.

Two quick questions....
1. Should I delete the OTMoveIt2 - And the Deckard folder?
2. Can I now go back to msconfig and use the Selective Start Up.

Everything seems to be fine now.

I have to thank you for your quick and clear help with this.
Thank you.

**evilfantasy** · #24 (**permalink**) **Top** 1st August 2008, 07:46 PM

OTMoveIt2 will clean up the mess. If there are any logs or whatever left over then you can manually delete them.

MSconfig is really supposed to be used as a troubleshooting tool. For more information see: How to deal with startup processes - Do not use MSconfig

My favorite Startup Manager is StartUp Tool. Just right click the entry and choose delete.

Let me know if you have any questions.

1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt2

----------

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

Go to Start > Programs > Accessories > System Tools and click System Restore
Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Next go to Start > Run and type Cleanmgr
Click OK
Click the More Options Tab.
Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide or Windows Vista System Restore Guide

----------

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

----------

Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical security updates. (you will need to use Internet Explorer to do this)

If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Please either enable Automatic Updates under Start > Control Panel > Automatic Updates, or get into the habit of checking for Windows updates regularly.

----------

Check out So how did I get infected in the first place? By Tony Klein for tips and free tools to help keep you safe in the future.

Also see this Maintenance Guide for free cleaning and maintenance tools to help keep your computer running smooth.

Use only trusted security software like the programs listed on this page. Trusted security tools & resources

Dr Strangelove · #25 (**permalink**) **Top** 1st August 2008, 08:48 PM

I think I have auto updates turned on.
I'll try that StartUp Tool - looks handy.

Thanks for all your assistance.

**evilfantasy** · #26 (**permalink**) **Top** 1st August 2008, 08:58 PM

I've seen statements that using MSconfig as a startup manager has the potential to be damaging (sorry no links). Because it just intercepts the software from starting, eventually leaving the Registry in a mess. StartUp Tool that I mentioned actually removes the software from the Run key in the Registry, therefore it never even tries to start up.

Glad to help!

Safe surfing.............

backsavekkk · #27 (**permalink**) **Top** 8th December 2011, 07:46 AM

yeah?