Posts by jholland1964

My Bugfree PC by eSunsoft Technologies is likely a very dangerous program. Even their home website gets a google warning that the website may be dangerous to your computer. Certainly wouldn't trust ANY software whose home website is considered dangerous, in fact I am totally blocked from even checking out the site by my security software, and the WOT rating for the site is a "1". The absolute lowest possible out of 100. I have never seen one with that low a rating, so NO on that. If you do have it installed on your computer uninstall it IMMEDIATELY.
RegCure? It's home website ALSO ranks way at the bottom by WOT and others. It is known for Phishing, Scam software, Rogue software, Bad Customer Experience. So you choose.If you want to cause more damage to your computer then use one of these automated cleaners.

No automated registry cleaner ever gives solid proof that their programs work. Millions of people every day all over the world use their computers without ever having one of these useless programs on their computers and the computers move along just fine.

Those requesting assistance should begin by following all the steps given here;
http://www.daniweb.com/forums/thread134865.html
and then post back in your thread with all the requested logs. Then somebody will be happy to offer assistance.

Looks ok to me, is all running well?

Ok, just wanted to be certain.
Run HiJackThis again and put check marks next to the following entries:
O2 - BHO: (no name) - {49B7CE69-7E83-4CC0-AAE7-0E55BE8B388C} - C:\WINDOWS\system32\khfFUOeD.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKCU\..\Run: [Gdigui] C:\Documents and Settings\Bella\Application Data\Adobe\Update\forarm.exe
O20 - AppInit_DLLs: qqhozl.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: opnnkkIX - opnnkkIX.dll (file missing)

Once you have placed the check marks then click the Fix Checked button. Exit HJT
Reboot.

Now your java is way out of date and must be updated. Go to

http://www.java.com/en/download/manual.jsp

Download the OFFLINE INSTALL and save it to the desk top.
Then close all browsers. Go to Add/Remove and Uninstall all the old java listings that you see there. Once that is finished then double click that install file on the desk top to install the newest version. Watch the install as it proceeds very carefully. Very often extra tool bars that you don't need are included. If you see one of these listed with a check mark next to it just remove the check mark and the install will proceed with out that unneeded tool bar.
Once the install is complete go back to the download page and on the right side click Verify Now to go to the verification page where you will check to be certain the install was successful.
…

No that is perfectly fine but did you attempt to upload the file or just assume that it isn't there?
If you didn't try, please do so.

Really sorry this reply has taken so long. I missed it here.
Do this please go here http://virusscan.jotti.org/en
and upload this file below for scanning.

C:\Documents and Settings\Bella\Application Data\Adobe\Update\forarm.exe

The scan should result in a log, please post that log back here.

That Malwarebytes' log you posted is two version out of date and the scan showing was run on Feb. 9th.

2010-02-09

It means nothing as far as this problem goes.
The program needs to be updated to the current version and newest database and a new FULL scan needs to be run. Items found need to be remove, the computer needs rebooting and then a new HJT scan needs to be run.
I cannot offer any suggestions until these two things are completed.

there is a part of hijachthis.

DO you see that below line

============== Pseudo HJT Report ===============
uRun: [Guigdi] rundll32.exe "c:\documents and settings\bella\application data\adobe\update\wndmor.dat""

that is excatly HJT LOG FORAMT

That is NOT a HiJackThis log. Note above

Pseudo HJT Report

It is the DDS scanner log and a portion of the log is this pseudo HJT log, meaning it is NOT a true HJT log but similar.

When I said connect directly to the internet I meant actually connect the internet cable to the computer, not to the router.
Try this, in Internet Explorer go to TOOLS, INTERNET OPTIONS, CONNECTIONS tab, LAN SETTINGS. Then uncheck 'Use A Proxy Server...' and click OK

I was worried there might be something deeper wrong - thank you!

I didn't say there wasn't something deeper wrong, I don't know that for sure.
The MBA-M logs are stored by date done...oldest at the top of the list, newest at the bottom.
Give me the HJT log asap.

Uninstall that program, RON Tool Banners4u now. Remember, you posted all this 2 days ago, by waiting any longer to do anything you risk more infection if there are still infected files. Cleaning a computer of infections is not something that should be "piece meal" fashion every couple of days but should be started and continued on through to completion. The longer you wait the more infected you can become.

I don't see anything wrong with your ip config.
I could be wrong but it looks ok to me.
You said you ran the steps I gave you. I need to see the log that was generated by MBA-M. There isn't anything in the HJT log indicating infection.
You show wireless connection. Can you physically attach the computer to internet and connect?

Obviously you have one of the Rogue anti-virus trojans on the computer. Please do the following, since you cannot access the internet via the infected computer you likely will have to use a flash drive to install the program.
First of all, turn off Windows Defender as it may interfere.
Please try this version of malwarebytes: Click the link here Place the program on a flash drive and take it to the infected computer and install.
n case the installer (random named file) won't run either, rename it to EXPLORER.EXE and try again.

When Malwarebytes opens, click the "Update" tab FIRST and select to check for updates in order to get the latest updates.
In case Malwarebytes doesn't open, search for the folder mbam-installer on your desktop, open it and doubleclick the file winlogon.exe which will be present in there. This should launch Malwarebytes and go ahead and try to run a scan with the program without updating. When the scan is finished and you are shown the infected files in red be sure to click Remove Selected. Then reboot the computer and see if you can get back online.

Found several things worth noting in your logs.
#1. If the computer really IS clean the MBA-M scan would show clean. It doesn't, items were found. It would help to see the logs from the original MBA-M scans to see what infections were removed.
#2. You are running McAfee Security Scan Plus which runs all the time in the back ground, can interfere with your AVG and really isn't a good idea. You really should uninstall this.
#3. You have the AdAware background service running, also not a good idea as it can interfere with fixes done. It should be stopped, or better yet also removed. AdAware just isn't the program it used to be.
You have a VERY questionable site listed in your Hosts: spywareinfo.com gets some very conflicting ratings for Phishing, links to malware/spyware, distribution of rogue programs. That shouldn't be in there and should also be removed.

You have questionable items in your add/remove
RON Tool Banners4u is possibly a trojan.

Can you posts the logs from MBA-M showing the actual removals of the original infections? Also please run HiJackThis and post the log from that.

I won't say it is impossible but as long as no files are opened on the drive I wouldn't think so.
You said that you disconnected this drive so you could wipe C drive. Guess this confuses me. Can you be a bit more clear?

I disconnected my second internal hard drive (D: ) so I could attach a new (just out of the box) drive, copy my work files and music

Where did you copy these files FROM?
You then said you wiped C drive and there was no infection after that.
IF the infection was ON drive C then wiping drive C would remove it so that would be normal. However, IF the infections were only always found on D drive and you disconnected D drive then there would have been no infections found on C drive even if you had not wiped the drive.

Not really sure why you felt it necessary to disconnect this drive in the first place. That wouldn't have been needed in order to wipe C drive.

I need these things cleared up...were infected files EVER found on D drive or were they always only found on C drive? And where did you get the work files and music files FROM that you copied and then where did you copy them?

Because this poster just advised me that work was continuing at another forum on this problem where work had been done for over a month before …

You should be able to scan the "D" drive only using MBA-M. If you feel the drive is infected in any way then no, I wouldn't even attempt to move files from it to the computer until you are certain the entire drive is clean.

You need to go through those latest updates and see what they were. Since this is a recent happening there is a chance one of these could be the cause.
I AM glad you removed those two programs noted, however I see you are still running this useless program RegCure on there. No reason under the sun to use an automatic registry cleaner, ever. It's own website is ranked as one with a very poor reputation, known for Phishing, pop-ups, malware content.
http://www.mywot.com/en/scorecard/regcure.com
If a program's home website cannot be trusted then why would their programs be trusted?

You also now show several listings for the AskBar. Which is sort of a "low level" malware since it "drives traffic to its search engine by enticing users to install its toolbars". It sometimes is included, "piggybacked" automatically in downloads. Now sometimes is designated by a little check box with the check mark all ready in place giving the supposed "ok" to included it in the download, whatever that download may be. It is easily missed by many so if the check mark isn't removed then the AskBar comes on in with the download, even if it has nothing to do with what is being downloaded. But it also will be included without the users knowledge at all either. These will need to be removed.
You have a lot of unnecessary auto starting programs and services, mainly for the Roxio program. Not all of these are …

Great. First of all you need to Uninstall Combofix. It is a ONE time only program and should you be TOLD to use it again you would be given a link for the latest version. It must removed in this very specific way:
You also should remove HiJackThis, you don't need it any more.

To remove Combofix please do the following:
* Click START then RUN
* Now type ComboFix /Uninstall in the runbox and click OK. The space between the combofix and the /uninstall, it must be there.
When shown the disclaimer, Select "2"

I strongly recommend that you do go with a different anti-virus program. AVG obviously didn't work on this system. As I said before I recommend Avira but the choice is yours.
Also please read our policy stated here concerning the use of P2P.
It most definitely the most likely reason for your infections. Continue to use these programs and you will be infected again.
You also need to set a new, clean Restore point.
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark …

Until ten days ago all was well.

I asked you a question, Did you perhaps update something then?

I deleted Bonjour Service in Add Remove Programs and stopped it in services.msc It is only called Bonjour Service NOT Bonjour DNS Responder Service.

I beg to differ, note this from your HJT log....
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

I have the Windows Firewall and a Linksys router. Until ten days ago all was well.

Did you perhaps update something then?

Tell you what Jim, have spent quite a bit of time looking for answers to this and one thing I can say, not that it will make a huge difference, is YOU ARE NOT ALONE. This seems to be a major and continuing complaint for many, many people. Seems to have begun for some with Vista and now is "snowballing" for those running Windows 7. To me this says the problem lies right in Microsoft's lap. Something they truly need to address.
Now one possible solution I found noted on multiple websites was to disable the Bonjour DNS Responder Service which is typically installed with the iTunes software. Apple's site describes:

"Bonjour, also known as zero-configuration networking, enables automatic discovery of computers, devices, and services on IP networks."

You DO show that in your HJT log. It is NOT a required service. Several threads I found that users had disabled this service entirely and their problems disappeared. You might try that.

Another possiblilty I found was in this thread;
http://www.computing.net/answers/windows-vista/network-discovery-problem/1381.html

Network discovery requires that the dnscache, fdrespub, ssdpsrv, and upnphost services are started, that the Windows Firewall exception for network discovery is enabled, and that other firewalls are not interfering with network discovery. If some but not all of these are true, the network discovery state will be shown as Custom

Of course you posted this Jim:

I did have all of those services on. I had three people tell me that I should check those …

What firewall do you have Jim? Are you using a router?

Sounds good. I will wait for you next post however to give you the final steps to complete the cleanup in case another step is needed.

Several things I notice are, 1st of all you are using an old version of Firefox and a Beta (test) version at that. The current version of Firefox is version 3.6.3. You need to update to this newest version and most definitely get rid of that old test version.
2nd. You obviously are using P2P on the computer since uTorrent shows in the log. This may very well be WHY you have been infected and have continued to become infected, and this will likely continue to be the case. 3rd. You are using AVG which of late has not gotten very good rankings. I would recommend removing that and using either Avira or Avast. I myself use Avira Free and have had very good success with it. It consistently ranks higher than AVG.
Are you still getting the re-directs?

Ok, do the following:
Please download ComboFix by sUBs from HERE or HERE
· You must download it to and run it from your Desktop
· Physically disconnect from the internet.
· Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
· Double click combofix.exe & follow the prompts.
· When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
· Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

Good. Then do the following;
Run HiJackThis again and this time place check marks next to the following entries if they still show:
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKUS\S-1-5-18\..\Run: [cbssreg] C:\Windows\TEMP\fyud.tmp\svchost.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [cbssreg] C:\Windows\TEMP\fyud.tmp\svchost.exe (User 'Default user')
After you have placed those check marks click the Fix Checked button and then Exit HJT.
Reboot the system and run one more HJT scan and post that new log back here.

Please go to this site and upload the file noted below for scanning. Report back with the results

http://virusscan.jotti.org/en

C:\Windows\TEMP\fyud.tmp\svchost.exe

Now please do the following:
Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.
Reboot the computer and do another HJT scan. Post the ESET log and the new HJT log.

Yeah that wasnt the last scan i did, didnt check the dates just clicked top one and assumed wrong. Updated HJT & MB & will post the logs once they've finished, sorry about this.

Not a problem. Post the scan results and I will take a look.

That scan was run on February 21st. The logs are listed by date with the most recent one at the bottom.
If this was the last scan you ran then it really is immaterial. You will have to begin the process again because nearly two months has passed and it is obvious your computer is still grossly infected. You need to update MBA-M as it has an entirely new version now. Do the full system scan again, remove all items found, reboot and do a new HJT scan with the new version of that program, not the one you used earlier. Post that log also and then we will go from there.

ran the exe fix

What fix is that and where did you find it?

Post the MBA-M log so we can see what was removed. Your HJT log does show there are more infected files on there.

Also that version of HijackThis is not the most current version. Uninstall it. Use the newest version which is this one:
http://go.trendmicro.com/free-tools/hijackthis/HiJackThis.exe

Sorry this has taken so long but I wanted to check through all the logs, look at the programs installed, files removed, etc.
Way back in this thread I requested that, per our stated polices, that you remove Limewire, a P2P program and since I had not yet seen a list of the programs installed I also said,

If you wish to continue with this cleanup then ALL of these have to be 100% removed from your computer, no exceptions for anything.

You said that you removed Limewire and one of the files removed by MBA-M was a crack tool I did have a feeling there were likely other programs or files related to P2P on the computer and your next HJT log proved me right. Because then uTorrent showed up in the auto starts, even though I asked you to remove all P2P programs and programs which would do anything similar to this crack tool. But you did not. the uTorrent was on the system all the time, at least since March. You also have a program on there called DVD Decrypter. The program is no longer legally available. The reason being, while it is a DVD burning program it is also used for decrypting copy-protected movies.
As I explained earlier, P2P is very likely the reason for your infections and difficulties and I asked you to remove all of these programs, you did not and you cannot claim ignorance, you had to install these programs, they …

Where are you located?

Still going through it all, will get back with you shortly

No not necessary. I am going through the Combo log and also the Uninstall list...uTorrent is a P2P program by the way.

Ok very good, now do the following, I need to see and Uninstall List generated by HiJackThis.
Open the program. Click on the Misc Tools button
Click on the Open Uninstall Manager button.Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into a reply

Then I would like you to Update MBA-M and run another Full Scan with it. Have it Remove everything found. Reboot. Then come back and post that new MBA-M log.
Judy

Tell you what, let's forget the DDS it obviously isn't going to run correctly. Please do the following:
Please download ComboFix by sUBs from HERE or HERE
· You must download it to and run it from your Desktop
· Physically disconnect from the internet.
· Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
· Double click combofix.exe & follow the prompts.
· When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
· Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

Ok Mike I believe you. Possibly the infections have damaged the ability of this tool to run properly, I don't know, just have never seen all of those items come up totally blank.
Try running it in Safe Mode if you can and see if that makes a difference.

You did not attach the second log. The first log is extremely odd since there are no SERVICES / DRIVERS listed, there are no files listed in Created Last 30 Days, and nothing listed for the Find3M which means 3 months.
Even if there were absolutely no files created within the last 30 days or 3 months, which would only happen if the computer had literally been turned off for the last 3 months.This is totally impossible since you have been posting here for over 24 hours and state you have done multiple scans with various programs so those programs at least should be showing, you cannot run a computer without Drivers and Services there are none of either showing, yet the HiJackThis shows 9 services running.
There is also a Untrusted, Phishing website showing in your Hosts file.
This can only lead me to believe the file has been edited.
I cannot assist unless full, unedited logs are posted. We ask for these logs for very specific reasons and we must see every line.
Run the tool again, post both of the full logs produced or sign off.

I would like you to do the following:
Download DDS by sUBs and save it to your Desktop.
Be sure follow the instructions below carefully!

• If your AV has a script blocker, please disable it
• DoubleClick on dds.scr to run the tool

* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).

• Copy&Paste the DDS.txt into your post for assistance.
• Please post Attach.txt as an attachment to your post - there is no need to Zip it. If you don’t know how to post an attachment, please Copy&Paste it along with the DDS.txt scanlog.

Your scans indicate you are involved in P2P file sharing:

Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

and also use keygens/crack tools.

Files Infected:
C:\Program Files\SUPERAntiSpyware\keygen.exe (Dont.Steal.Our.Software.A)

http://threatinfo.trendmicro.com/vinfo/grayware/ve_graywaredetails.asp?gname=CRCK_KEYGEN.BB

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Now you know why you are infected and will likely remain infected unless this practice ceases. This are also violations of daniweb policies clearly stated HERE

Please Uninstall or Disable any P2P (peer-to-peer) programs on the infected computer before posting in this forum. Rather than write a long piece on the dangers of P2P, I’m just going to say this:

P2P software circumvents common-sense security measures and opens a user’s computer to a world of hurt.
Our regular volunteers' time is valuable and most are not willing to waste it on a machine that is almost certain to be reinfected in short order.
So, please remove or disable all P2P software for the duration of the cleaning process. Failure to do so may result in your thread being ignored.

And HERE

Keep It Legal
In addition, do not post anything warez related or related to other illegal acts. This includes tech support troubleshooting pirated software or P2P programs (i.e. Gnutella, Kazaa) used to obtain pirated software. Exceptions are helping to remove spyware or browser hijacks (that may or may not be related to illegal material) from …

Where is the info listed about the different viruses

AV-Comparatives is an Austrian Non-Profit-Organization, which is providing independent Anti-Virus software tests free to the public.

http://www.av-comparatives.org/images/stories/test/ondret/avc_report25.pdf
Also see my attachment.

Below are the home page ratings via Web Of Trust for all the programs you have installed on there. If their home pages get lousy ratings then why trust the programs?
Uniblue
http://www.mywot.com/en/scorecard/uniblue.com

IObit\Advanced SystemCare
http://www.mywot.com/en/scorecard/iobit.com
Also has very questionable practices and possible copyright infringement issues. This was widely posted on multiple sites back in November, not only on the MBA-M site shown below.
http://forums.malwarebytes.org/index.php?showtopic=29681

RegCure
http://www.mywot.com/en/scorecard/regcure.com

where did you locate the ifo about the network

http://forum.soft32.com/windows/unable-turn-network-discovery-ftopict346305.html

The registry cleaners have helped me

http://ask-leo.com/whats_the_best_registry_cleaner.html
http://www.informationweek.com/news/windows/showArticle.jhtml?articleID=171203805
http://www.brighthub.com/computing/windows-platform/articles/65928.aspx

Very possible some key services are not set to automatic:
Click Start and type Services.msc in the dialog box to open the services snap-in.
Then check if the following services are started:
--SSDP Discovery
--TCP/IP NetBIOS Helper
--Computer Browser
--Server
If not, set the startup type to automatic and click start to start the services.

That said, you have some useless programs on there and why you would want these on any computer, let alone Windows 7 I have no idea:
AVG for one. One of the lowest ranking av programs around. Lately the bulk of infected computers I have helped with seem to all have at least one thing in common...AVG.
RegCure- there is no good reason to run a registry cleaner, especially one that runs all the time. If registry cleaning is really able to boost performance then the developers of the programs would give actual proof of this (performance prior to cleaning -vs- performance post cleaning) on REAL computers but this is never given. A well respected tech friend of mine always says;

Using an automated cleaner to try to fix a problem is akin to using a shotgun to remove an appendix. The best way to deal with (possibly) registry-related issues is is to throughly research the problem and then use regedit to make any necessary changes and/or deletions (having first set a restore point or created a backup).

and this is the philosophy I have …

Ok, give me a new HJT log.

First of all, no need to keep the HJT program open in case fixes are needed. If there are fixes required another scan would be used to do it. So there is no reason to keep it open once the scan is complete.
I would like you to do another online scan.
Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us .

I apologise in advance for not mentioning this sooner...Avira, AVG,

Well first of all, yes you should have mentioned this originally. Secondly those are two different anti-virus programs and your log shows you are running a 3rd one, Comodo Internet Security, which also contains an anti-virus program. The absolute rule is ONE anti-virus program should be installed and running on a computer at a time. Run more than one and none of them will work as they should.
Were all of these the only antivirus program installed at the time of the scan?
The MBA-M log shows that the item found was not removed

Files Infected:
C:\Program Files\SUPERAntiSpyware\keygen.exe (Dont.Steal.Our.Software.A) -> No action taken.

You need to run it again and this time have it remove the items found and reboot the computer.
Then run a new HJT scan and post back with both logs.

I also just noticed you are running a Registry Cleaner. There is no earthly reason to use a registry cleaning program. They are more trouble than they are worth. Uninstall that program also.
Judy

Hi and welcome to daniweb, Sorry you are having these problems, let's see if we can get things cleaned up.
First though you will need to Turn Off the TeaTimer portion of SpyBot as it can interfere with any fixes attempted. To do this do the following:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Follow the steps given here beginning with the Malwarebytes' Anti-Malware (MBA-M) scan and cleaning. First though you will need to Turn Off the TeaTimer portion of SpyBot as it can interfere with any fixes attempted. To do this do the following:

Post back here with the MBA-M log when that one is complete.

jlukomski, This thread is 4 years old and belongs to another person. You won't receive assistance in a 4 year old thread and by hijacking another's thread. You need to begin your own thread, stating all the problems you are having and what steps you have taken thus far to correct them. Then somebody will be happy to offer assistance.

If the computer is running well then you are probably good. You need to set a new and clean System Restore Point but other than that I would say you can mark this solved if you feel all is well.
If something crops up in a short time, within the next week or so, just come back and we can open this back up.

Judy

When you did the Restore did you also check for all updates, both hardware driver updates and system? For instance you are running IE6, way out of date for certain you need IE7 on there, don't go to IE 8 however. You also only have SP2 on there, you need to add SP3 ASAP or you will no longer be able to get critical and security updates for the computer. Did you update the Java on the system?