[jpboyrox]

Quote:

Originally Posted by Freemorrison

1st try this- open system restore and see if there is a point where you can restore your system to the day you installed the app. should say something like ( installed Tune Up Utilities ")
2nd - if that doesn't work - open up Tune Up Utilities and look for the "emergency restore" tab - I have no idea where this will be - see if you can find it and select - Yes "Restore"
- to before you changed your settings.
3rd- if that doesn't work - ( and you should get rid of this dangerous app anyways)
go to http://download.cnet.com/RevoUninsta...-10687649.html
And install Revo and use it to uninstall Tune Up
If you used it to clean your registry you probably won't be able to fix your problem after the uninstall- but you may get lucky and this will work.
If you got this app from a site other than their home page you may have spyware.

But I don't want to restore my system. Is there a way of sorting the problem without restoring my system or removing TuneUp. Why do you not think it is a good program?

[jpboyrox]

Quote:

Originally Posted by Phantom010

It wouldn't be a bad idea to post a HijackThis log here...

Please click here to download and install version 2.0.2 of the HijackThis Installer.

Run it and select Do a system scan and save a logfile.

The log will be saved in Notepad. Copy and paste the log in your next post.

Do not fix anything

Although I have no idea what it is I did as you said and here's the logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:08:47, on 21/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programs\Avira\AntiVir Desktop\sched.exe
C:\Programs\AVG\AVG9\avgchsvx.exe
C:\Programs\AVG\AVG9\avgrsx.exe
C:\Programs\AVG\AVG9\avgcsrvx.exe
C:\Programs\Avira\AntiVir Desktop\avguard.exe
C:\Programs\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Programs\Common Files\LightScribe\LSSrvc.exe
C:\Programs\AVG\AVG9\avgnsx.exe
C:\Programs\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programs\Microsoft Application Virtualization Client\sftvsa.exe
C:\Programs\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Programs\Microsoft Application Virtualization Client\sftlist.exe
C:\Programs\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Programs\COMMON~1\Stardock\SDMCP.exe
C:\Programs\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\Explorer.EXE
C:\Programs\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Programs\Unlocker\UnlockerAssistant.exe
C:\Programs\Avira\AntiVir Desktop\avgnt.exe
C:\Users\Josh\My Documents\Computers\Misc\Tooltip\VisualToolTip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programs\Common Files\LightScribe\LightScribeControlPanel.exe
C:\programs\steam\steam.exe
C:\Programs\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programs\ClocX\ClocX.exe
C:\Programs\ViStart\ViStart.exe
C:\Programs\Innovative Solutions\DriverMax\devices.exe
C:\Users\Josh\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Programs\Windows Media Player\WMPNSCFG.exe
C:\Programs\UberIcon\UberIcon Manager.exe
C:\Programs\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programs\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programs\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programs\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programs\DVD Decrypter\DVDDecrypter.exe
C:\Programs\AWC\AWC.exe
C:\Programs\TuneUp Utilities 2010\OneClick.exe
C:\Programs\TuneUp Utilities 2010\TuneUpDefragService.exe
C:\Users\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Programs\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thefreevpn.com/home.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programs\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programs\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programs\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programs\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programs\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programs\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: (no name) - {B70A1A54-6DFB-4AD8-9A62-2C00A3CC5BB4} - C:\Programs\FreeVPN\fads.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programs\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programs\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programs\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programs\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\Users\Josh\My Documents\Computers\Themes\Aero Ultimate\More Extras\Favorite links kit\FindeXer\FindeXer.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programs\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programs\Styler\TB\StylerTB.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programs\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programs\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Programs\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programs\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programs\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Programs\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Programs\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S121.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EM_EXEC] C:\Programs\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [VisualTooltip] C:\Users\Josh\My Documents\Computers\Misc\Tooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [mouseElf] C:\Programs\GENIUS~1\GNETMOUS.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programs\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Users\Josh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "c:\programs\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] "C:\Programs\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ClocX] C:\Programs\ClocX\ClocX.exe
O4 - HKCU\..\Run: [ViStart] C:\Programs\ViStart\ViStart.exe
O4 - HKCU\..\Run: [DriverMax] "C:\Programs\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Programs\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programs\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [smartwallpaper] C:\Programs\Ectosoft\Smart Wallpaper Lite\smartwallpaper.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Programs\UberIcon\UberIcon Manager.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: AWC.lnk = C:\Programs\AWC\AWC.exe
O4 - Startup: Google Desktop.lnk = C:\Programs\Google\Google Desktop Search\GoogleDesktop.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Programs\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Programs\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programs\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programs\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programs\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programs\MI699F~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://www.c2kremote.net/dana-cache...erSetupSP1.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programs\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: wbsys.dll C:\Programs\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - (no file)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programs\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programs\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programs\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programs\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programs\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programs\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Programs\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programs\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programs\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programs\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programs\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programs\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Programs\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programs\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O24 - Desktop Component 1: (no name) - http://www.bbc.co.uk/home/beta/object/clock/tiny.swf
O24 - Desktop Component 2: (no name) - http://www.bbc.co.uk/dna/606/Article...hrase=Football

--
End of file - 13285 bytes

[Phantom010]

You are running two antivirus programs at the same time, AVG and Avira Antivir. Never run more than one! They will surely conflict and slow down your computer. Uninstall one.

For AVG, use the AVG Remover.

For Avira, use its own uninstaller followed by the Avira RegistryCleaner.

[jpboyrox]

I know, I didn't realise AVG was running. I usually don't run them at the same time. Anyway, do you know how to fix my icon problem?

[Phantom010]

If you used TuneUp Utilities, it must have created backups before "cleaning" your registry. Can you access these backups?

[Phantom010]

You have too many Startup applications loading with Windows and too many processes running in the background. This can significantly increase your Startup time and affect overall performance.

You should definitely trim down your Startup list. Other than your security software, very few applications need to load with Windows at startup.

Click on Start > Run > and type msconfig.

Under the Startup tab, uncheck all unnecessary applications.

For more detailed information, you can also download Autoruns.

Run Autoruns and select the Logon tab.

Under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, you'll see all the applications running at Startup. Simply uncheck the items you don't need.

Use these three websites to help you decide which items to uncheck:

Simply copy and paste the .exe files you see at the end of your HijackThis log's 04 (Startup) entries one by one.

1- System Lookup (my favorite - for this one, you can paste the whole 04 entry)

2- PC Review - Startup Files Database

3- Startup Applications List

Remember, a lot of applications can be started manually when needed.

A list of names and files will appear. At the end of each entry, you'll notice a symbol:

Y = Normally leave to run at start-up

N = Not required - often infrequently used tasks that can be started manually, if necessary

U = User's choice - depends whether a user deems it necessary

X = Malware, spyware, adware, or other potentially unwanted items

? = Currently unknown status

Make sure to choose the correct information in the list, relating to the actual programs installed on your computer. Do not be alarmed by red "Xs" pointing to malware, especially if I haven't seen any in your HijackThis log. I do check before recommending this trimming.

Example:

Copy the following entry from your HijackThis log:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

Paste it in this website: 1- System Lookup

Now here is what you get. On line #7, you'll see the Name (QuickTime Task), the Filename (Qttask.exe), the Description and at the end of the line, you'll see a N, meaning Not required - often infrequently used tasks that can be started manually, if necessary. So, you can without a doubt uncheck it from your Startup list.

After rebooting, when the small System Configuration Utility window appears, ignore the message. Put a check mark in that window, then click OK.


Some Services may also be disabled.

Simply paste your HijackThis log's 023 (Services) entries in the following website:

System Lookup

Then, after deciding which Services to disable,

click on Start > Run > type services.msc

Scroll down to the chosen service and double-click on it. Change the Startup type from Automatic to Manual.

[Phantom010]

Quote:

Originally Posted by jpboyrox

But I don't want to restore my system. Is there a way of sorting the problem without restoring my system or removing TuneUp. Why do you not think it is a good program?

Never ever use any type of software that messes with the registry. There is nothing to gain from it and you'll only cripple programs and Windows itself. It might be the cause for your icon problem.

[jpboyrox]

I will prevent TuneUp from accessing my registry and use a backup. Do you think this should sort out my problems?

[Phantom010]

That's OK but for now, can you restore a backup it might have done?

[jpboyrox]

I have chosen the oldest backup but it might have deleted the first backup so we'll see

[jpboyrox]

Does anyone think that this problem could be sorted out by simply making the shortcuts read-only?

[jpboyrox]

I have also made one of them a system file so I can compare which ones disappear next time...

[jpboyrox]

Do you reckon this will work? It's fairly hard for me to test

[jpboyrox]

well after four days the problem seems to have stopped so I consider this as a success and will mark as SOLVED!!!