Jump to content


Photo

Help please


  • This topic is locked This topic is locked
13 replies to this topic

#1 BboyKenex

BboyKenex

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 08 December 2009 - 08:19 PM

Hi there, ive been on these forums before (joined back in 2006), its been a while but I'm having some trouble. not sure where to start so I included some of my computer specs (found using CPU-Z) as a .txt file. I put it in as an attachment to this post.

Background:

The list of risky things Ive done in the past month or so (which is about the time this started happening) includes downloading doujin created music (fan made music, which you can't get unless you go to Japan, which I cant), one or two software/freeware applications (known to strip annoying I-tunes music protection off my files, which I never got to work)...I just hated buying music off I-tunes and then having so many compatibility issues with devices or other software. After my computer started acting up I uninstalled the software and deleted any folders I could find that were related to them.

Symptoms:

My computer seems to frequently stop and think every 5-30 seconds as if something is really hogging the CPU. I'm running an i7 and as you can see from the attachment below some pretty decent parts. I'm not doing anything remotely difficult for this computer to be locking up on file explorer or firefox browser...And recently, I wake up every morning to see that my computer has frozen completely, ctrl/alt/dlt doesnt work, the mouse doesnt move, nothing works. I have to force it to shutdown. then let it restart and I continue with the computer hiccups all throughout the day.

Any help would be much appreciated, let me know what you need, whether its hijack this logs or to run scanning software. Since this is a new computer I dont have any of the software that I was told to use last time, including hijack this. So if you could let me know where to get them again that would be much appreciated. Thank you for your time in looking into this.

Please don't upload attachments unless specifically requested. Many Helpers will be reluctant to open them. I added the text to your post as plain text. Please see the Forum FAQ, listed at the top of the page to see where to find HijackThis and other useful programs.

-------------------------
CPU-Z version 1.40.5
-------------------------

Processors Map
------------------------------------------------------------------------------------

Number of processors 1
Number of threads 8

Processor 0
-- Core 0
-- Thread 0
-- Thread 1
-- Core 1
-- Thread 0
-- Thread 1
-- Core 2
-- Thread 0
-- Thread 1
-- Core 3
-- Thread 0
-- Thread 1


Processors Information
------------------------------------------------------------------------------------

Processor 1 (ID = 0)
Number of cores 8 (4 core(s) disabled)
Number of threads 8 (max 16)
Name Intel Core 2
Codename
Specification Intel® Core™ i7 CPU 920 @ 2.67GHz (Engineering Sample)
Package Socket 479 mPGA (platform ID = 1h)
CPUID 6.A.4
Extended CPUID 6.1A
Core Stepping
Technology 45 nm
Core Speed 2786.0 MHz
Instructions sets MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, EM64T
L1 Data cache 8 x 32 KBytes, 8-way set associative, 64-byte line size
L1 Instruction cache 8 x 32 KBytes, 4-way set associative, 64-byte line size
L2 cache 8 x 32 KBytes, 8-way set associative, 64-byte line size
L3 cache 8192 KBytes, 16-way set associative, 64-byte line size
FID/VID Control yes
max VID 0.713V





Chipset
------------------------------------------------------------------------------

Northbridge Intel ID3400 rev. 12
Southbridge Intel ID3A16 rev. 00
Graphic Interface PCI-Express
PCI-E Link Width x16
PCI-E Max Link Width x16
Memory Type
Memory Size 6136 MBytes


Memory SPD
------------------------------------------------------------------------------

No SPD information available


Monitoring
------------------------------------------------------------------------------

Sensor Chip Fintek F71882F

Edited by TheJoker, 08 December 2009 - 09:11 PM.
Remove attachment and add as text, point to FAQ


#2 BboyKenex

BboyKenex

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 10 December 2009 - 03:34 AM

I got Hijack this on my new computer, I believe its the latest version, hopefully this will save some time but heres the logfile I got:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:00 AM, on 12/10/2009
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\JS\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5505 bytes

#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 11 December 2009 - 09:18 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#4 BboyKenex

BboyKenex

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 13 December 2009 - 07:10 PM

I took the advice in the sticky posts in this section and ran malwarebytes, full scan it says i had one bad item:

hijack.displayproperties - Registry Data - HKEY_LOCALMACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\NOACTIVEDESKTOPCHANGES - BAD (1) Good (0)

i chose to remove selected, just FYI in case it helps

#5 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,733 posts

Posted 16 December 2009 - 08:56 AM

Hello BboyKenex. Welcome back.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps.

Please download TFC.exe - Temp File Cleaner by OldTimer:
  • Save it to your Desktop.
  • Close any open windows, save your work,
  • Double click the TFC icon to run the program,
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process,
  • Allow TFC to run uninterrupted,
  • The program should not take long to finish it's job,
  • Once it's finished, click OK to reboot.
To ensure that I get all the information this log will need to be attached (instructions at the end) if it is too large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • Reg - Approved Shell Extensions
    • Reg - Desktop Components
    • Reg - Disabled MS Config Items
    • Reg - Drivers32
    • Reg - File Associations
    • Reg - NetSvcs
    • Reg - SafeBoot Minimal
    • Reg - SafeBoot Network
    • Reg - Shell Spawning
    • Reg - Uninstall List
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Under the Custom Scans box at the bottom left paste the following in

    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    nvstor32.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    CREATERESTOREPOINT
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the black Attach This File button
  • Click Add Reply

Rocket Grannie
a85.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#6 BboyKenex

BboyKenex

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 16 December 2009 - 08:44 PM

Hi Rocket Grannie, thanks alot for your help, I did what you instructed, I'm not sure if the TFC program was supposed to have a log, but I certainly could not find it after it ran, but It did say it cleared about 1100mb of stuff just in case that helps.

The OTS logfile was too large for the forum, so here is the link I used the website you provided to upload my log file:
http://www.mediafire.com/?j3cg54mmzo2

thank you so much for your help, looking forward to hearing from you

#7 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,733 posts

Posted 17 December 2009 - 05:20 AM

Hello BboyKenex

I'm not sure if the TFC program was supposed to have a log, but I certainly could not find it after it ran

No, it doesn't produce a log. It is a temporary file cleaner only.

That doesn’t look too bad, just a few things to fix.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps.

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
YN -> {642C1663-0E48-4F42-AC4F-CCDD6A3D8C47} -> profile=private | protocol=6 | dir=in | action=allow | name=μtorrent (tcp-in) | app=c:\program files (x86)\utorrent\utorrent.exe |
YN -> {C2D22370-1792-4C3D-89DA-8FB12A56895A} -> profile=private | protocol=17 | dir=in | action=allow | name=μtorrent (udp-in) | app=c:\program files (x86)\utorrent\utorrent.exe |
YN -> TCP Query User{FFD54F0D-BDE2-4594-BE12-824034537A74}C:\program files (x86)\utorrent\utorrent.exe -> profile=public | protocol=6 | dir=in | action=block | name=μtorrent | app=c:\program files (x86)\utorrent\utorrent.exe |
YN -> UDP Query User{CD5B4E93-D8E7-4E80-A367-689A4252A5CA}C:\program files (x86)\utorrent\utorrent.exe -> profile=public | protocol=17 | dir=in | action=block | name=μtorrent | app=c:\program files (x86)\utorrent\utorrent.exe |
[Alternate Data Streams]
NY -> @Alternate Data Stream - 1233 bytes -> C:\Users\JS\AppData\Local\LIHp90P0gJSjYdx:I4y55vXghQ166Agc2eW3lF
[Purity]
[Empty Temp Folders]
[CreateRestorePoint]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Please post that information back here for me to review.

Now, please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your Desktop.
    • Double click on the Posted Image icon on your Desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Rocket Grannie
a85.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#8 BboyKenex

BboyKenex

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 17 December 2009 - 08:16 PM

hi there granny,
Ive included the OTS logfile below. The ESET online scanner however did not have a logfile, it actually didnt find anything. Should I be concerned about that? When my computer restarted after this OTS scan though, i noticed a performance difference Im pretty sure. Do you know what problem I have or had? Anyways, looking forward to your next response and thanks so much for your help.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
All Processes Killed
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{642C1663-0E48-4F42-AC4F-CCDD6A3D8C47} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{642C1663-0E48-4F42-AC4F-CCDD6A3D8C47}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C2D22370-1792-4C3D-89DA-8FB12A56895A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2D22370-1792-4C3D-89DA-8FB12A56895A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FFD54F0D-BDE2-4594-BE12-824034537A74}C:\program files (x86)\utorrent\utorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CD5B4E93-D8E7-4E80-A367-689A4252A5CA}C:\program files (x86)\utorrent\utorrent.exe deleted successfully.
[Alternate Data Streams]
ADS C:\Users\JS\AppData\Local\LIHp90P0gJSjYdx:I4y55vXghQ166Agc2eW3lF deleted successfully.
[Purity]
Purity scan complete.
[Empty Temp Folders]


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: JS
->Temp folder emptied: 2310464 bytes
->Temporary Internet Files folder emptied: 98706 bytes
->Java cache emptied: 13690431 bytes
->FireFox cache emptied: 16623010 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
Windows Temp folder emptied: 882 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2512362 bytes

Total Files Cleaned = 33.60 mb

OTS cannot create restorepoints on Vista OSs!
< End of fix log >
OTS by OldTimer - Version 3.1.10.0 fix logfile created on 12172009_163439

Files\Folders moved on Reboot...
C:\Users\JS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

#9 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,733 posts

Posted 17 December 2009 - 11:27 PM

Hello BboyKenex

Well done! Your log appears to be clean.

The ESET online scanner however did not have a logfile, it actually didnt find anything. Should I be concerned about that?

No! In fact, just the opposite. You should be happy. It means ESET did not find any infections on the computer.

When my computer restarted after this OTS scan though, i noticed a performance difference Im pretty sure.

That is to be expected. In a manner of speaking, I’ve given the computer a tune up.

Do you know what problem I have or had?

In general, just poor maintenance.

TFC cleaned over 1GB of temporary files.
OTS cleaned a further 33.60 mb.

I suggest you keep TFC and run it regularly.
Also, defrag the hard drive regularly.
MBAM can be kept and used as a scanner.
Make sure you keep your software programs (such as Java and Adobe) up to date.

Now some tidying up.

To remove all of the tools we used and the files and folders they created do the following:
  • Start OTS.exe
    Click the CleanUp button
  • OTS.exe will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.
System Restore maintains a backup of your programs and may also backup infections, so please reset it to make a clean Restore Point.

To reset System Restore Points:

Open the Start Menu.
Right click on the Computer button and click on Properties.
Click on the System Protection link.
Close the System window.
Click on the available hard disk drive or partition, that you want to delete the System Protection restore points for, to select it.
Click on the Configure button.
Click on the Delete button.
Click on the Continue button to confirm the deletion.
Click on Close in the success prompt.
Click on OK.
Click on OK.

Wait a few moments for it to clear, then:

Open the Start Menu.
Right click on the Computer button and click on Properties.
Click on the System Protection link.
Close the System window.
Check to make sure that you have System Protection turned on for the listed available disk, that you want to create a restore point for, to include it in the restore point.
Click on the Create button.
Type in a description for the restore point to help recognize it when doing a System Restore, and click on the Create button.
You will now see a green progress bar while the restore point is being created.
When the restore point has finished being created, click on the Close button.
Click on OK.

Please let me know how you go, and if any problems remain.


Rocket Grannie
a85.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#10 BboyKenex

BboyKenex

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 18 December 2009 - 01:09 PM

thanks grannie when i get home ill be sure to follow those instructions although shouldnt I keep the tools we used? or is it better to remove them now that my log looks clean. This morning my computer was frozen just like normal. but the performance has been overall better, im guessing that since my log is clean the freezing is something else (like maybe my comp is overheating and the freezing wasn't related to the cpu hiccups even though it would seem that way) and that the malware/maintenence issue was solved. if you say my log is clean then ill certainly take your word for it. So I never really had any actual malware other than what malwarebytes found? it was mostly temporary files and such? interesting.

Edited by BboyKenex, 18 December 2009 - 01:11 PM.


#11 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,733 posts

Posted 18 December 2009 - 06:13 PM

Hello BboyKenex

shouldnt I keep the tools we used?

No! These are powerful tools which have the potential to ruin the computer if used incorrectly.
If you wish, you can keep TFC and MBAM.

This morning my computer was frozen just like normal.

This could be caused by any number of issues---incompatible software, hardware, overheating---
I suggest you contact Microsoft here

So I never really had any actual malware other than what malwarebytes found?

HKEY_LOCALMACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\NOACTIVEDESKTOPCHANGES - BAD (1) Good (0)

This is not malware per se. It is a Registry entry which indicates that the ability to make changes to active Desktop is disabled.
The question was---did malware disable it? It appears not as all the scans were clear.
Please see here for MBAM’s advice should it appear in any future scans.

Are you still experiencing “cpu hiccups” or any other problems apart from the freezing?


Rocket Grannie
a85.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#12 BboyKenex

BboyKenex

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 19 December 2009 - 12:25 AM

Im not experiencing anything else granny, I think the cpu hiccups seem to be taken care of. Now i just need to figure out what the daily freezing is being caused by. I will follow your previous instructions when you get a chance. thanks alot for your help!!

#13 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,733 posts

Posted 19 December 2009 - 01:48 AM

Hello BboyKenex

thanks alot for your help!!

You are welcome.

I found a few things that you can try for the freezing problem here

Please let me know if any of them work.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections.
Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems.
As happy as we at SWI are to help you, for your sake we would rather not have repeat customers.

Note: All of the programs I am suggesting are either free or have free versions.

It is very dangerous to go online in today's digital world without antivirus protection. Without an antivirus, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

AntiVir

Please make sure to run your antivirus software regularly, and to keep it up-to-date. Most programs have an automatic update feature.

Use a Firewall

Some good free firewalls are:
Be sure to only install one.
A tutorial on understanding and using firewalls may be found here

Please make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware from being installed.
Please set your anti-virus and anti-spyware programs to check for updates automatically. If the programs are not able to update automatically, then I suggest you manually check for updates every few days.

Windows needs to be kept up-to-date.

Windows Updates are available from here

IMPORTANT: Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates, or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here
Opera is available here

PLEASE NOTE:

A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems!

Safe Surfing:

Rocket Grannie.
a85.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#14 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,733 posts

Posted 25 December 2009 - 04:53 AM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
a85.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button