My Hijackthis Logs[RESOLVED]

[Acidic]

Your thoughts on the subject please, keeping in mind I'm more of a minimalist Anything a tad bit excessive is trash.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:26 PM, on 27/11/2007
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dylan\Appliccations\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NeoTracePro\NTXcontext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NeoTracePro\NTXtoolbar.htm (HKCU)
O13 - Gopher Prefix: 
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6320 bytes

Regards,

Acidic

[Andro1d]

Hello and Welcome to BT.

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

Now close all windows other than Hijackthis, then click Fix Checked. Close HijackThis.

Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please enter Safe Mode by using the Arrow Keys and then hit Enter.

Please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):

Windows Sidebar

Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Windows Sidebar

After that, Reboot into Normal mode.

----------------------------------------------------------------------------------------------------------------

Lets run an F-Secure online scan for Viruses, Spyware and RootKits:

• Go to http://support.f-secure.com/enu/home/ols.shtml
  
• Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  
• Allow the Active X control to be installed on your computer, then click the Accept button
  
• Click Full System Scan and allow the components to download and the scan to complete.
  
• If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  
• When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  
• Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
  

If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan

• When the cleaning option is presented, Uncheck Submit samples to F-Secure
  
• Click Automatic cleaning
  
• When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  
• Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
  

Notes:

• This scan will only work with Internet Explorer
  
• You must have administrator rights to run this scan
  
• This scan can take several hours, so please be patient
  

[Acidic]

Thank you for your high level of professionalism, although I should mention something before we press on. Several of the startup programs you suggested to remove I use on occasion..

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r * Audio CP

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe * Audio CP

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE * Logitech Advanced Mouse Config.

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe * Wireless Manager Interface

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe * Dell Mobility Center + Hotkeys

Thanks for your time,

Acidic

Edit: I'm hoping you have some knowledge of SpywareBlaster, experiencing some difficulties.. I've been using it since I bought this notebook in late September without a problem, but only a few weeks ago it refused to launch. I've tried re-install/Run as Administrator, turning off UAC off, etc. Any suggestions?

Edited November 30, 2007 by Acidic

[Andro1d]

Hello,

Well since you mentioned you were a minimalist, most of the entries are classified as Not Required so I added them to fix. Fixing them just means they will not appear on start up of your PC. You can still access them via the Programs menu.

[Acidic]

Hello,

Well since you mentioned you were a minimalist, most of the entries are classified as Not Required so I added them to fix. Fixing them just means they will not appear on start up of your PC. You can still access them via the Programs menu.

Good point, and thank you for the quick reply. Is it safe to proceed?

Acidic

^^ btw check out snippet at the bottom of my previous post ^^

[Andro1d]

Yes it is safe to proceed.

For SpywareBlaster, have you tried uninstalling completly and reinstalling?

[Acidic]

For SpywareBlaster, have you tried uninstalling completly and reinstalling?

Yes, sir. I also took a quick look at the FAQ on their support website.. no luck to my dismay Hehe, sorry for so much trouble but do you think its alright to also remove the following?

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
023 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Thanks a million,

Acidic

[Andro1d]

In HiJackThis only fix the following from that list you gave me.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

[Acidic]

Alright, I've already removed all that junk with Hijack this(services could not be removed it seems, so i did that manually ). Rebooted in SafeMode, although could not find Windows Sidebar in the Add/Remove Programs list. As if to make it worst, my system will not allow me to delete the directory in Program Files. Okay then, onto the next procedure..

I visited the online virus scanner and run into yet another collision, I'm prompted to install several ActiveX IE add-ons and such..yes..yes.. Click accept, prompted with another error dialog;

---------------------------
Windows Internet Explorer
---------------------------
An error has occured! Please close the scanner and your browser, then try again. (Id: 17)
---------------------------
OK   
---------------------------

Any ideas?

I know I'm causing you a lot of grief

Acidic

Edit: Uhoh...

2. System requirements

Supported operating systems:

Windows 2000

Windows XP

For the time being, the F-Secure Online Virus Scanner does not support Windows Vista. Try F-Secure Online Scanner 3.2 beta which supports Windows Vista!

Supported web browsers:

Microsoft Internet Explorer 6.0 or higher.

JavaScript needs to be enabled.

You need to have ActiveX enabled.

The F-Secure Online Scanner works with default Internet Explorer settings (Internet zone - Medium security level). If you have changed them, you may enable ActiveX and JavaScript from Tools->Internet Options->Security->Custom Level.

Note: If JavaScript and ActiveX were disabled for security reasons, please remember the restore your original settings after scanning.

You may download the latest version of Internet Explorer from Microsoft.

Edited November 30, 2007 by Acidic

[Andro1d]

Whoops that is my bad, I totally forgot you were running Windows Vista

Please go HERE to run Panda's TotalScan

• Select the bubble for Full scan
  
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  
• Then the scan will begin
  
• When the scan completes, click the Save button on the right of Scan details
  
• Save it to a convenient location. Post the contents of the TotalScan report
  

[Acidic]

Whoops that is my bad, I totally forgot you were running Windows Vista

Please go HERE to run Panda's TotalScan

• Select the bubble for Full scan
  
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  
• Then the scan will begin
  
• When the scan completes, click the Save button on the right of Scan details
  
• Save it to a convenient location. Post the contents of the TotalScan report
  

Not to worry, I already figured it out. Scanning has been in progress for perhaps half an hour now. Phew, hope its done soon Should be good.. I scan with Avast and AVG every day o_0

Acidic

Edit: Forget to mention, I'm scanning with F-Secure Online Virus Scanner Version 3.2 beta.. hope it'll do the trick

Edited November 30, 2007 by Acidic

[Acidic]

^ Bump ^

Logs anyone?

Scanning Report
Thursday, November 29, 2007 22:25:31 - 23:04:54

Computer name: DYLAN-PC
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 0 malware found
Statistics
Scanned:

	* Files: 56644
	* System: 0
	* Not scanned: 0 

Actions:

	* Disinfected: 0
	* Renamed: 0
	* Deleted: 0
	* None: 0
	* Submitted: 0 

Files not scanned:

Options
Scanning engines:

	* F-Secure Libra: 2.4.2, 2007-11-28
	* F-Secure AVP: 7.0.171, 2007-11-29
	* F-Secure Orion: 1.2.37, 2007-11-29
	* F-Secure Blacklight: 1.0.64
	* F-Secure Pegasus: 1.19.0, 2007-10-25 

Scanning options:

	* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD LSP MAP MHT MIF PHP POT WMF NWS TAR
	* Use Advanced heuristics

Any last thoughts other then suggesting I revert back to XP

Acidic

Edit: That reminds me, what should I do regarding SpywareBlaster, I absolutely love that application!

Edited November 30, 2007 by Acidic

[Andro1d]

Well your logs look clean, but right now I am looking into the Spyware Blsater issue and I will get back to you.

[Andro1d]

Hi,

What you may be experiencing is a conflict between the current version of SpywareBlaster and the DEP feature of Windows Vista.

This will be resolved in the next SpywareBlaster release (which is currently being worked on). In the meantime, there is a workaround you can try:

1.) Click on the Start Menu

2.) Right-click on "My Computer" and choose "Properties"

This should display the "System Properties" window.

3.) Click on the "Advanced" tab.

4.) Under "Performance", click on the "Settings" button.

5.) Now click on the "Data Execution Prevention" tab.

If you find that DEP is enabled for all programs (which may be the default way Vista is configured, depending on hardware settings), you can add "spywareblaster.exe" to the exclusion list by clicking the "Add..." button and browsing to your SpywareBlaster installation directory (C:\Program Files\SpywareBlaster, by default). This should resolve the issue.

[Acidic]

Hi,

What you may be experiencing is a conflict between the current version of SpywareBlaster and the DEP feature of Windows Vista.

This will be resolved in the next SpywareBlaster release (which is currently being worked on). In the meantime, there is a workaround you can try:

1.) Click on the Start Menu

2.) Right-click on "My Computer" and choose "Properties"

This should display the "System Properties" window.

3.) Click on the "Advanced" tab.

4.) Under "Performance", click on the "Settings" button.

5.) Now click on the "Data Execution Prevention" tab.

If you find that DEP is enabled for all programs (which may be the default way Vista is configured, depending on hardware settings), you can add "spywareblaster.exe" to the exclusion list by clicking the "Add..." button and browsing to your SpywareBlaster installation directory (C:\Program Files\SpywareBlaster, by default). This should resolve the issue.

Hey, it worked! I'm surprised I never thought of that before, too strange it worked absolutely fine on vista until very recently Just FYI DEP is a bit harder to locate in Vista versus XP;

Start > Run > Control Panel > System > Change Settings > Advanced TAB > Settings > Data Execution Prevention TAB

Acidic

[Andro1d]

Nice job your log looks clean!

How is it running?

Please use the following suggestion to help prevent reinfection.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)Now we need to make a new System Restore Point for your PC, please do the following

• Click Start, Settings, Control Panel
  
• Double-click the System icon
  
• Click the Performance tab, File System, Troubleshooting tab
  
• Check "Turn off System Restore" and click "Apply". Please give a moment as it will delete the old System Restore points
  
• Then uncheck "Turn off System Restore" which will create a new System Restore point
  
• Click OK
  

I highly recommend downloading the following programs, to keep malware of your computer to begin with.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

SUPERAntiSpyware - A very powerful tool which searches and kills malware that infects your system.

SpywareBlaster - Great prevention tool to keep malware from installing on your system.

**Tutorial on installing & using this product can be found HERE**

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

**Tutorial on installing & using this product can be found HERE**

IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

**Tutorial on installing & using this product can be found HERE**

ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.

Antivirus Program An Antivirus program is a must in today's digital world! I recommend avast! 4 Home Edition, AVG, or Anti-Vir.

DO NOT install more than one Antivirus program. They will conflict, and provide less protection, not more.

Firewall A firewall is definitely a must have to protect your computer from hackers. I recommend Comodo, Zone Alarm, or Outpost.

**Tutorial on Firewalls can be found HERE**

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

You must stay on top of your updates at all times, for the above mentioned applications.

It is vitally important to stay on top of your critical updates provided by Microsoft.

And finally a little How did I get infected in the first place?(by Tony Klein)

Good luck and safe surfing

[Andro1d]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.