We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
We're aware that dates on the Forum are not currently showing correctly. Please bear with us while we get this fixed, and see Site feedback for updates.
cpu usage

greenpixey
Posts: 2,806 Forumite
in Techie Stuff
I'm not techie at all so please have patience with me
. I have trouble with my laptop overheating and switching itself off. I have now placed it on a oven griddle so it get air from underneath as well, but that doesnt seem to help at all. I have today checked the cpu usage and it's fine when I switch the computer on (8%) but as soon as I switch firefox on it peaks at 100% and it stayes there and dont fluctuate at all and that's just with one page open. Surely that cant be right??
Is there a fault with the laptop or a virus or something? Don't know if I should take the laptop back to the shop since its only 8month old....

Is there a fault with the laptop or a virus or something? Don't know if I should take the laptop back to the shop since its only 8month old....
0
Comments
-
No, it's not right. I've had problems with Firefox too recently - though mine was a memory leak, not excessive CPU.
If you don't mind learning a new user interface it would be worth uninstalling Firefox and loading an alternative such as Opera or Chrome.
If you continue to get high CPU with an alternative browser then I'd suspect malware to be the cause.
There's no realistic prospect of getting any help from the supplier of the laptop if the problem is demonstrably being caused by misbehaving software.0 -
As fwor said. Check for malware before doing anything else ~
Download MALWAREBYTES (Make sure you click 'DOWNLOAD NOW')
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
UPDATE and FULL SCAN
Post the log here AFTER youve deleted everything it finds
reboot
Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click DO A SCAN AND SAVE A LOGFILE (Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log):idea:0 -
i downloaded MALWAREBYTES updated and tried doing a full scan. However after 1hr and 24min into the Malwarebytes ( scaning C:/program files/common files.....) I got the error message " A problem caused program to stop working correctly. Windows will close the program and notify you if a solution is available."
Malwarebytes didn't find anything for me to delete so I tried the HIJACK THIS and this is the log.
__________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:51, on 24/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\mobsync.exe
C:\Users\Home\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} (TNSClicker.Clicker) - http://www.shopandscan.com/TNSClicker.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 13924 bytes0 -
"Malwarebytes didn't find anything for me to delete"
If it crashed then how do you know?
Anyways, the fact it DID crash points to a problem, as do all these ~ O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll and this ~ SearchSettings.dll
TICK these in hijack then FIX them ~
C:\Program Files\Search Settings\SearchSettings.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT1098640
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll ***ALL OF THESE***
Uninstall all toolbars you dont need/use
Run LSPFIX
Download HostsXpert
http://www.softpedia.com/get/Security/Security-Related/Hoster.shtml
and then follow the below steps.
* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program
Download CCLEANER (Make sure you click 'DOWNLOAD LATEST VERSION' ~ make sure YAHOO TOOLBAR is unticked on installation)
http://www.filehippo.com/download_ccleaner/
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)
reboot and attempt another UPDATe and FULL scan with malwarebytes (If it fails then update and run a quick one). Post the WHOLE log here
Then run COMBOFIX
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe'):idea:0 -
I followed all your instructions above, had to uninstall AVG8 for combofix to work. This is the complete log for Malwarebytes and combofix.
Malwarebytes' Anti-Malware 1.36
Database version: 2040
Windows 6.0.6001 Service Pack 1
25/04/2009 19:32:22
mbam-log-2009-04-25 (19-32-16).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 195962
Time elapsed: 50 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Home\Pictures\PopularScreensaversSetup2.3.50.21.ZRfox000.exe (Adware.MyWeb) -> removed.
ComboFix 09-04-25.A1 - Home 25/04/2009 20:39.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.2037.1165 [GMT 1:00]
Running from: c:\users\Home\Pictures\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 )))))))))))))))))))))))))))))))
.
2009-04-18 20:52 . 2009-04-18 20:57
dc----w c:\users\Home\AppData\Roaming\Spotify
2009-04-18 20:52 . 2009-04-18 20:53
dc----w c:\users\Home\AppData\Local\Spotify
2009-04-16 16:21 . 2008-12-06 04:42 376832 -c--a-w c:\windows\system32\winhttp.dll
2009-04-16 16:21 . 2009-03-03 04:46 3599328 -c--a-w c:\windows\system32\ntkrnlpa.exe
2009-04-16 16:21 . 2009-03-03 04:46 3547632 -c--a-w c:\windows\system32\ntoskrnl.exe
2009-04-16 16:21 . 2009-03-03 04:39 551424 -c--a-w c:\windows\system32\rpcss.dll
2009-04-16 16:21 . 2009-03-03 03:04 666624 -c--a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-16 16:21 . 2009-03-03 04:39 183296 -c--a-w c:\windows\system32\sdohlp.dll
2009-04-16 16:21 . 2009-03-03 04:39 26112 -c--a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-16 16:21 . 2009-03-03 04:37 98304 -c--a-w c:\windows\system32\iasrecst.dll
2009-04-16 16:21 . 2009-03-03 04:37 54784 -c--a-w c:\windows\system32\iasads.dll
2009-04-16 16:21 . 2009-03-03 04:37 44032 -c--a-w c:\windows\system32\iasdatastore.dll
2009-04-16 16:21 . 2009-03-03 02:38 17408 -c--a-w c:\windows\system32\iashost.exe
2009-04-16 16:19 . 2009-03-17 03:38 13824 -c--a-w c:\windows\system32\apilogen.dll
2009-04-16 16:19 . 2009-03-17 03:38 24064 -c--a-w c:\windows\system32\amxread.dll
2009-04-16 16:19 . 2009-02-13 08:49 72704 -c--a-w c:\windows\system32\secur32.dll
2009-04-16 16:19 . 2009-02-13 08:49 1255936 -c--a-w c:\windows\system32\lsasrv.dll
2009-04-16 16:19 . 2008-06-06 03:27 38912 -c--a-w c:\windows\system32\xolehlp.dll
2009-04-16 16:19 . 2008-06-06 03:27 562176 -c--a-w c:\windows\system32\msdtcprx.dll
2009-04-12 23:01 . 2009-04-12 23:02
dc----w c:\users\Home\AppData\Roaming\vlc
2009-04-11 20:52 . 1998-06-24 00:00 140096 -c----w c:\windows\system32\Comdlg32.ocx
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 17:21 . 2009-04-25 17:21
dc----w c:\program files\CCleaner
2009-04-25 16:54 . 2008-09-06 20:58
dc----w c:\program files\free-downloads.net
2009-04-25 12:50 . 2008-06-30 03:53
dc----w c:\programdata\Google Updater
2009-04-24 20:12 . 2009-04-24 20:12
dc----w c:\program files\Trend Micro
2009-04-24 18:30 . 2009-01-25 13:26
dc----w c:\program files\Malwarebytes' Anti-Malware
2009-04-18 20:52 . 2009-04-18 20:52
dc----w c:\program files\Spotify
2009-04-16 23:55 . 2006-11-02 11:18
dc----w c:\program files\Windows Mail
2009-04-16 23:14 . 2008-02-26 03:14
dc----w c:\programdata\Microsoft Help
2009-04-12 23:00 . 2009-04-12 23:00
dc----w c:\program files\VideoLAN
2009-04-11 20:52 . 2009-04-11 20:52
dc----w c:\program files\RealWorldPOI
2009-04-06 14:32 . 2009-01-25 13:26 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 . 2009-01-25 13:26 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-17 03:38 . 2009-04-16 16:19 40960 -c--a-w c:\windows\AppPatch\apihex86.dll
2009-03-07 07:54 . 2008-06-30 03:53
dc----w c:\program files\Google
2009-03-06 18:50 . 2009-03-06 18:50 0 -c--a-w c:\users\Home\jagex_runescape_preferences.dat
2009-03-05 21:21 . 2008-06-30 06:33
dc----w c:\program files\Windows Live
2009-03-05 21:20 . 2008-06-30 06:45
dc----w c:\program files\Windows Live Toolbar
2009-03-05 21:20 . 2009-03-05 21:20
dc----w c:\program files\Microsoft Sync Framework
2009-03-05 21:14 . 2009-03-05 21:14
dc----w c:\program files\Microsoft
2009-03-05 21:13 . 2009-03-05 21:13
dc----w c:\program files\Windows Live SkyDrive
2009-03-05 20:33 . 2009-03-05 20:33
dc----w c:\program files\Common Files\Windows Live
2009-03-04 09:57 . 2009-03-04 09:57 266240 -c--a-w c:\windows\System32\CSHelper.exe
2009-03-04 09:57 . 2009-03-04 09:57 225280 -c--a-w c:\windows\System32\CSInstru.DLL
2009-03-03 04:40 . 2009-04-16 16:18 827392 -c--a-w c:\windows\System32\wininet.dll
2009-03-03 04:37 . 2009-04-16 16:18 78336 -c--a-w c:\windows\System32\ieencode.dll
2009-03-03 02:28 . 2009-04-16 16:18 26624 -c--a-w c:\windows\System32\ieUnatt.exe
2009-03-02 21:43 . 2009-03-02 21:43
dc----w c:\program files\Windows Resource Kits
2009-02-27 07:44 . 2008-08-05 22:46
dc----w c:\program files\Microsoft Silverlight
2009-02-25 22:43 . 2009-02-25 22:44 410984 -c--a-w c:\windows\System32\deploytk.dll
2009-02-25 22:43 . 2008-07-30 09:41
dc----w c:\program files\Java
2009-02-15 20:29 . 2009-02-14 19:57 21840 -c--atw c:\windows\System32\SIntfNT.dll
2009-02-15 20:29 . 2009-02-14 19:57 17212 -c--atw c:\windows\System32\SIntf32.dll
2009-02-15 20:29 . 2009-02-14 19:57 12067 -c--atw c:\windows\System32\SIntf16.dll
2009-02-09 03:10 . 2009-03-11 06:51 2033152 -c--a-w c:\windows\System32\win32k.sys
2009-02-06 19:03 . 2009-02-06 19:03 307576 -c--a-w c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49504 -c--a-w c:\windows\System32\sirenacm.dll
2008-10-26 10:46 . 2008-06-26 01:37 106168 ----a-w c:\users\kids\AppData\Local\GDIPFONTCACHEV1.DAT
2008-09-05 19:45 . 2008-06-23 23:20 106168 -c--a-w c:\users\Home\AppData\Local\GDIPFONTCACHEV1.DAT
2008-08-06 14:52 . 2008-07-26 01:58 680 -c--a-w c:\users\Home\AppData\Local\d3d9caps.dat
2008-01-21 02:57 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2008-06-23 20:21 . 2008-06-23 20:04 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-23 20:21 . 2008-06-23 20:04 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-23 20:21 . 2008-06-23 20:04 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-09-08 19:31 . 2008-09-05 19:45 2828 -csha-w c:\windows\System32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 10:00 39472 ----a-w c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2008-06-03 2596152]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-30 68856]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2008-01-25 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-22 133656]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-06 57344]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-25 136600]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-03 4702208]
c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-9-5 113664]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-2-26 535336]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DF60EEC8-0880-4246-9F1B-E1A10310EF84}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{64BC88D6-9B44-490A-BC4D-A944E6E3591F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{13ADE3BD-099C-44B2-A160-5484D6802808}"= c:\program files\Acer\Acer Arcade\PowerCinema.exe:CyberLink PowerCinema
"{B6B81CF0-2AE4-455F-98A8-CA8E19F5FCDD}"= c:\program files\Acer\Acer Arcade\PCMService.exe:CyberLink PowerCinema Resident Program
"{20859917-0498-405B-A496-2F5D40E2B014}"= c:\program files\Acer\Acer Arcade\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{0123652C-844A-43DE-831A-EA7BA4B67C78}"= c:\program files\Acer\Acer Arcade\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{AB2CA533-4D4A-4EAB-98B3-BACD35DA0665}"= c:\program files\Acer\HomeMedia\HomeMedia.exe:HomeMedia
"{09DC3416-BD03-46A4-8BAC-BDBBB2CD50F0}"= UDP:c:\users\Home\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{DEE1C961-DD91-4148-915B-7FB8ACADE30E}"= TCP:c:\users\Home\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{5A583172-BFA5-49A1-865C-C4F4B84F875A}"= UDP:c:\program files\Thomson\ST330\service\st330service.exe:ST330 service
"{8615FDF5-DFAE-45F5-A4A1-F1D194BE367D}"= TCP:c:\program files\Thomson\ST330\service\st330service.exe:ST330 service
"TCP Query User{F7E7C38F-15FE-4841-9E79-9D5086A8AE60}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{587E3BB9-21D6-4B05-B868-8A5E5C063F2C}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{BFCEB77B-2070-4CB2-B9C2-2A55FBB1556E}"= UDP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{E5619BFF-30DC-483F-B45B-A485884D89A6}"= TCP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{369D153B-DFB4-432E-89EE-08B3EFD89436}"= UDP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
"{DDF9A213-91FD-416A-B3AE-B39B3BFA08E2}"= TCP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
"{29F42DC9-DF98-45AE-87DF-43A1EAD9BD45}"= UDP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{1BC47C04-5E79-4BC8-B239-F9935BBD938C}"= TCP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{E0CFAD7A-94AA-48EF-B1CF-3465E9A6C504}"= UDP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{ADB14288-E77F-4A1B-8E02-FCBC95088432}"= TCP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"TCP Query User{E8213B60-A003-4E2F-B7D8-964BCC091568}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{2D0FE775-5340-4A14-91EC-FA175653C179}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{BADE3396-F0B9-47F0-A9B6-476162614135}"= UDP:c:\program files\BitComet\tools\CometBrowser.exe:BitComet Resource Browser
"{FB2258FA-EE8A-4426-8BF9-EC5BF8367754}"= TCP:c:\program files\BitComet\tools\CometBrowser.exe:BitComet Resource Browser
"{99699AA4-35E0-4751-8D21-768BB1704EB3}"= Disabled:UDP:d:\aoc\Age of Conan\AgeOfConan.exe:AgeOfConan
"{B30A5948-33C4-4C05-BB99-F6C6861D9A49}"= Disabled:TCP:d:\aoc\Age of Conan\AgeOfConan.exe:AgeOfConan
"TCP Query User{1F9E4127-B56E-4A33-AFF1-037646C61604}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{560861C6-4AAB-480C-8D4D-6CF1D57D73C0}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{C695BAB6-565B-4BE3-82B4-BEC645D90FDC}c:\\program files\\microsoft office\\office\\frontpg.exe"= UDP:c:\program files\microsoft office\office\frontpg.exe:Microsoft FrontPage
"UDP Query User{58CE2173-AA8C-418F-87D7-CFAED159352B}c:\\program files\\microsoft office\\office\\frontpg.exe"= TCP:c:\program files\microsoft office\office\frontpg.exe:Microsoft FrontPage
"{1270A110-1698-48DB-85B2-0720D39F28C9}"= UDP:24240:BitComet 24240 TCP
"{D618A038-2EDE-4085-AC80-F91ABD65D822}"= TCP:24240:BitComet 24240 UDP
"TCP Query User{48AA258C-EC5E-42E1-859A-949D56B196C3}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5387266C-607A-4A46-8F6C-B830FD944AEE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{1700C60C-3C7A-4857-BB02-48DA59A1FBFF}d:\\games\\doom 3\\doom3.exe"= Disabled:UDP:d:\games\doom 3\doom3.exe:DOOM 3
"UDP Query User{DE7D802F-89A2-474D-B48A-7035C3A723C9}d:\\games\\doom 3\\doom3.exe"= Disabled:TCP:d:\games\doom 3\doom3.exe:DOOM 3
"TCP Query User{AE2EFF4C-DD3F-4A84-98E8-7F4A05229B81}c:\\sierra\\empire earth\\empire earth.exe"= UDP:c:\sierra\empire earth\empire earth.exe:Empire Earth
"UDP Query User{21A74C02-E95A-4A61-9E91-373EA4ACEADF}c:\\sierra\\empire earth\\empire earth.exe"= TCP:c:\sierra\empire earth\empire earth.exe:Empire Earth
"TCP Query User{51A6C1B8-2BDC-4BA8-B822-92E93C5C8E6D}c:\\sierra\\empire earth\\empire earth.exe"= UDP:c:\sierra\empire earth\empire earth.exe:Empire Earth
"UDP Query User{CCB41075-1A98-41DB-8619-CBB9DF7BC3FB}c:\\sierra\\empire earth\\empire earth.exe"= TCP:c:\sierra\empire earth\empire earth.exe:Empire Earth
"{B2E342D6-7D4F-4731-AEAB-9E6BEC10BDC0}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr
R3 ALSysIO;ALSysIO; [x]
R3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2008-06-24 30464]
R3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2008-06-24 12672]
R3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\DRIVERS\stppp.sys [2008-06-24 35328]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-09-19 51200]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-03-04 266240]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
S2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
S4 AvgTdiX;AVG8 Network Redirector; [x]
--- Other Services/Drivers In Memory ---
*Deregistered* - AvgLdx86
*Deregistered* - AvgTdiX
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\RunGame.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64209611-7c55-11dd-a654-001b38d82d23}]
\shell\AutoRun\command - G:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e71e270c-f204-11dc-b29a-806e6f6e6963}]
\shell\AutoRun\command - E:\Setup.now.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-30 07:41]
2009-04-25 c:\windows\Tasks\User_Feed_Synchronization-{6C865D70-FEB0-4153-B906-1B807149BF08}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
HKLM-Run-eRecoveryService - (no file)
.
Supplementary Scan
.
mStart Page = hxxp://en.uk.acer.yahoo.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} - hxxp://www.shopandscan.com/TNSClicker.CAB
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\aytilme9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.itsmylife.talktalk.net/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 20:43
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
DLLs Loaded Under Running Processes
- - - - - - - > 'Explorer.exe'(3484)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
Completion time: 2009-04-25 20:46
ComboFix-quarantined-files.txt 2009-04-25 19:46
Pre-Run: 3,711,479,808 bytes free
Post-Run: 3,507,146,752 bytes free
268 --- E O F --- 2009-04-22 07:050 -
Open notepad and copy/paste the text in RED below
File::
c:\windows\System32\SIntfNT.dll
c:\windows\System32\SIntf32.dll
c:\windows\System32\SIntf16.dll
c:\windows\WLXPGSS.SCR
c:\windows\System32\KGyGaAvL.sys
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
then run a KASPERSKY ONLINE SCAN (click to scan 'MY COMPUTER')
http://www.kaspersky.co.uk/virusscanner
Please post the complete log it creates:idea:0 -
How can i get combofix to work without uninstalling AVG8 or is there a way to switch it of whilst working with combofix.? Last night I uninstalled AVG8 and ended up with 50 viruses (which I now managed to delete all but five). I really don't want to be without virus scanner but cant seem to find a way to work around it.0
-
First up. AVG is cr*p. So my advice is to uninstall it. Use the 32 bit AVG removal tool
http://www.avg.com/download-tools
And install AVIRA in its place
Download AVIRA (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_antivir/
If you decline my advice you can switch AVG off here ~
Turn AVG resident shield off
http://www.avg.com/faq.keyw-disable%2Bavg.num-1209:idea:0 -
Got rid of AVG8 per your instructions but cant install Avira.
Get the following message
A secure internett connection is required to acitvate the product (ssl encrypted) This could not be established
-internett connection can be accessed (done this)
- ensure system date is correct (done this)
-if in use check modem connection (done)
- ensure application fact.exe can access internettand is not blocked by a fire wall ( now this might be the problem... Done a search and cant find fact.exe (dont think I installed it yet) and I did swich the firewall off as well to try but that didn't work either :wall:
0 -
anyone????0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 348.4K Banking & Borrowing
- 252.1K Reduce Debt & Boost Income
- 452.4K Spending & Discounts
- 241K Work, Benefits & Business
- 617.3K Mortgages, Homes & Bills
- 175.7K Life & Family
- 254.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 15.1K Coronavirus Support Boards