System restore not working (Mike02)

This section is for XP operating system problems and requests for help.
Post Reply
mike02
Contributor
Contributor
Posts: 34
Joined: Tue Jan 16, 2007 12:00 pm

System restore not working (Mike02)

Post by mike02 » Thu Sep 20, 2007 3:31 pm

i am having the same problem and sent a similar email to this web site but nobody responded
i hope you have more luck

EDIT: This topic is about a problem with System Restore, it was split from another topic. This is just for clarification.
Last edited by Squeezebox on Fri Sep 21, 2007 6:53 pm, edited 1 time in total.

User avatar
Essexboy
Administrator
Administrator
Posts: 903
Joined: Wed Sep 14, 2005 11:20 am
Location: Helston - Cornwall
Contact:

System restore not working (Mike02)

Post by Essexboy » Thu Sep 20, 2007 10:13 pm

A question.  Does the system restore have a series of restore points on it ?

If yes then



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt  -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
VISTA
XPsp2
Avast (of course)
Image


http://spaces.msn.com/members/essexboymkn/

If ignorance is bliss  why aren't more people happy?

User avatar
Squeezebox
Administrator
Administrator
Posts: 1647
Joined: Sat Sep 24, 2005 9:51 pm
Location: UK

System restore not working (Mike02)

Post by Squeezebox » Fri Sep 21, 2007 7:27 am

mike02 wrote: i am having the same problem and sent a similar email to this web site but nobody responded
i hope you have more luck
Email? We don't deal with problems using email Mike, only through the forums. Looking back at your posts, all problems have been responded to and resolved. Send me a PM if you had a negative experience.
Image

mike02
Contributor
Contributor
Posts: 34
Joined: Tue Jan 16, 2007 12:00 pm

System restore not working (Mike02)

Post by mike02 » Fri Sep 21, 2007 2:52 pm

is this dss program the same thing as system restore?
or is it just a utility program to clean up old files?

thanks in advance

p.s. you guys are doing a great job, keep up the good work

User avatar
Essexboy
Administrator
Administrator
Posts: 903
Joined: Wed Sep 14, 2005 11:20 am
Location: Helston - Cornwall
Contact:

System restore not working (Mike02)

Post by Essexboy » Fri Sep 21, 2007 6:19 pm

No DSS is a system analysis tool which allows me to look at the relevant registry entries for errors  :tiphat:
VISTA
XPsp2
Avast (of course)
Image


http://spaces.msn.com/members/essexboymkn/

If ignorance is bliss  why aren't more people happy?

mike02
Contributor
Contributor
Posts: 34
Joined: Tue Jan 16, 2007 12:00 pm

System restore not working (Mike02)

Post by mike02 » Fri Sep 21, 2007 6:31 pm

hope this works
thanks again


Deckard's System Scanner v20070905.67
Run by MIKE on 2007-09-21 14:31:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-09-21 14:31:42
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\nwtray.exe
C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MIKE\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.com/access/allinone.asp
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {D61D7E1A-6613-49CA-B6F9-51DB248E209D} - (no file)
O4 - HKEY_LOCAL_MACHINE\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKEY_LOCAL_MACHINE\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05c\BrStDvPt.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKEY_LOCAL_MACHINE\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ControlCenter2.lnk = C:\Program Files\Brother\ControlCenter2\brctrcen.exe
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: Diagnose Connection Problems... - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\NetWare\nwws2nds.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\NetWare\nwws2sap.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\NetWare\nwws2slp.dll
O15 - Trusted Zone: https://www.www.macys.com (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/ ... ontrol.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdat ... /opuc3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/do ... se5059.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5560356780
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplat ... -devel.cab
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeupdat ... /opuc4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/fl ... wflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://netsuitemeeting.webex.com/clien ... eatgpc.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{28FCC2A0-8309-4B1F-9ABE-9D553B7C0A51}: NameServer = 85.255.114.84,85.255.112.198
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{90E44375-BC8C-41B9-9580-1B16441D4BB2}: NameServer = 167.206.251.14,167.206.251.13
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: AntiVir Mail Security Service (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\PROGRA~1\ALURIA~2\ascserv.exe
O23 - Service: AntiVir Engine Service (AVEService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - "C:\Program Files\iPod\bin\iPodService.exe"


-- Files created between 2007-08-21 and 2007-09-21 -----------------------------

2007-09-21 14:11:33    66048 --a------ C:\WINDOWS\ieResetIcons.exe
2007-09-20 11:41:10        0 d-------- C:\Documents and Settings\MIKE\Application Data\vlc
2007-09-20 11:39:46        0 d-------- C:\Program Files\VideoLAN
2007-09-19 14:46:49      664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-30 14:08:16        0 d-------- C:\Program Files\IE7Pro
2007-08-30 14:08:16        0 d-------- C:\Documents and Settings\MIKE\Application Data\IE7Pro


-- Find3M Report ---------------------------------------------------------------

2007-09-21 07:38:31        0 d-------- C:\Program Files\AntiVir PersonalEdition Premium
2007-09-21 07:34:49        0 d-------- C:\Program Files\NoAdware5.0
2007-09-10 11:52:41    24595 --a------ C:\WINDOWS\mozver.dat
2007-09-04 14:26:51        0 d-------- C:\Documents and Settings\MIKE\Application Data\Netscape
2007-09-04 14:26:29        0 d-------- C:\Program Files\Netscape
2007-08-25 12:37:26        0 d-------- C:\Program Files\VirusProtectPro 3.5
2007-08-17 15:30:24        0 d-------- C:\Documents and Settings\MIKE\Application Data\OfficeUpdate12
2007-08-17 13:06:32        0 d-------- C:\Documents and Settings\MIKE\Application Data\Adobe
2007-08-17 11:21:04        65 --a------ C:\WINDOWS\system32\BD8460N.DAT
2007-08-17 10:28:20        0 d-------- C:\Program Files\Brother
2007-08-17 10:27:43        0 d-------- C:\Program Files\Common Files\InstallShield
2007-08-17 10:27:31        0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-16 13:02:28    524288 --a------ C:\WINDOWS\opuc.dll
2007-06-30 09:56:19        0 --a------ C:\WINDOWS\system32\Biport


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D61D7E1A-6613-49CA-B6F9-51DB248E209D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="atiptaxx.exe" [09/26/2001 11:39 PM C:\WINDOWS\system32\atiptaxx.exe]
"NWTRAY"="NWTRAY.EXE" [03/12/2002 11:37 AM C:\WINDOWS\system32\nwtray.exe]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" [04/25/2007 07:28 AM]
"GoToMyPC"="C:\Program Files\Citrix\GoToMyPC\g2svc.exe" [01/12/2007 06:45 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/16/2004 02:28 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05c\BrStDvPt.exe" [01/26/2005 06:02 PM]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [11/11/2005 06:30 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperProfessional"="C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE" [06/02/2005 07:06 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]

C:\Documents and Settings\MIKE\Start Menu\Programs\Startup\
ControlCenter2.lnk - C:\Program Files\Brother\ControlCenter2\brctrcen.exe [8/17/2007 10:28:19 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll 01/12/2007 06:45 PM 10800 C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwv1_0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMyPC]
C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessKeyboard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Themes"=2 (0x2)
"TapiSrv"=3 (0x3)
"iPodService"=3 (0x3)
"GoToMyPC"=2 (0x2)
"GhostStartService"=2 (0x2)
"ASCService"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\SETUP.EXE /AUTORUN
configure\command- D:\SETUP.EXE
install\command- D:\SETUP.EXE




-- End of Deckard's System Scanner: finished at 2007-09-21 14:33:03 ------------

User avatar
Squeezebox
Administrator
Administrator
Posts: 1647
Joined: Sat Sep 24, 2005 9:51 pm
Location: UK

System restore not working (Mike02)

Post by Squeezebox » Fri Sep 21, 2007 6:36 pm

Mike, you seem to have 'hijacked' the original poster's topic.

Unless you are Adam5000?

It's always best to start your own topic in this type of probelm because the solution for Adam5000 is likely to be different to yours.

I can split the topic into two if you confirm thaty you and the original poster are two different people. We still want Adam5000 to be able to resolve his problem.
Image

User avatar
Essexboy
Administrator
Administrator
Posts: 903
Joined: Wed Sep 14, 2005 11:20 am
Location: Helston - Cornwall
Contact:

System restore not working (Mike02)

Post by Essexboy » Fri Sep 21, 2007 6:49 pm

Darn I didn't notice that - but yes they need to be split as this is a spyware problem.  Wareout and rogue spyware

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan button. It will scan
Then when the scan has completed

Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {D61D7E1A-6613-49CA-B6F9-51DB248E209D} - (no file)
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{28FCC2A0-8309-4B1F-9ABE-9D553B7C0A51}: NameServer = 85.255.114.84,85.255.112.198
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\PROGRA~1\ALURIA~2\ascserv.exe


Now close all windows other than HiJackThis, then click Fix Checked.  Close HiJackThis.

Then

Download ComboFix from [url=http://"http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe"]Here[/url] or "Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
[Note: Do not mouseclick combofix's window while its running. That may cause it to stall
VISTA
XPsp2
Avast (of course)
Image


http://spaces.msn.com/members/essexboymkn/

If ignorance is bliss  why aren't more people happy?

Post Reply