We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
We're aware that dates on the Forum are not currently showing correctly. Please bear with us while we get this fixed, and see Site feedback for updates.

cpu usage

I'm not techie at all so please have patience with me :o. I have trouble with my laptop overheating and switching itself off. I have now placed it on a oven griddle so it get air from underneath as well, but that doesnt seem to help at all. I have today checked the cpu usage and it's fine when I switch the computer on (8%) but as soon as I switch firefox on it peaks at 100% and it stayes there and dont fluctuate at all and that's just with one page open. Surely that cant be right??
Is there a fault with the laptop or a virus or something? Don't know if I should take the laptop back to the shop since its only 8month old....
«1

Comments

  • fwor
    fwor Posts: 6,846 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    No, it's not right. I've had problems with Firefox too recently - though mine was a memory leak, not excessive CPU.

    If you don't mind learning a new user interface it would be worth uninstalling Firefox and loading an alternative such as Opera or Chrome.

    If you continue to get high CPU with an alternative browser then I'd suspect malware to be the cause.

    There's no realistic prospect of getting any help from the supplier of the laptop if the problem is demonstrably being caused by misbehaving software.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    As fwor said. Check for malware before doing anything else ~

    Download MALWAREBYTES (Make sure you click 'DOWNLOAD NOW')
    http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
    UPDATE and FULL SCAN
    Post the log here AFTER youve deleted everything it finds


    reboot

    Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
    http://www.filehippo.com/download_hijackthis/
    Click DO A SCAN AND SAVE A LOGFILE (Takes seconds) then post the log so we can see whats running
    (do NOT do anything else with Hijack but scan and post the FULL log)
    :idea:
  • greenpixey
    greenpixey Posts: 2,806 Forumite
    i downloaded MALWAREBYTES updated and tried doing a full scan. However after 1hr and 24min into the Malwarebytes ( scaning C:/program files/common files.....) I got the error message " A problem caused program to stop working correctly. Windows will close the program and notify you if a solution is available."

    Malwarebytes didn't find anything for me to delete so I tried the HIJACK THIS and this is the log.
    __________________________________________________________________

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:12:51, on 24/04/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18226)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Windows Live\Family Safety\fsui.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Windows\System32\wpcumi.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\mobsync.exe
    C:\Users\Home\AppData\Local\Temp\RtkBtMnt.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
    R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
    O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} (TNSClicker.Clicker) - http://www.shopandscan.com/TNSClicker.CAB
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 13924 bytes
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    "Malwarebytes didn't find anything for me to delete"
    If it crashed then how do you know?

    Anyways, the fact it DID crash points to a problem, as do all these ~ O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll and this ~ SearchSettings.dll

    TICK these in hijack then FIX them ~
    C:\Program Files\Search Settings\SearchSettings.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT1098640
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
    O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll ***ALL OF THESE***


    Uninstall all toolbars you dont need/use

    Run LSPFIX

    Download HostsXpert
    http://www.softpedia.com/get/Security/Security-Related/Hoster.shtml
    and then follow the below steps.

    * Unzip HostsXpert.zip
    * It will create a folder named HostsXpert in whatever folder you extract it to.
    * Run HostsXpert.exe by double clicking on it.
    * click the Make Writeable? button.
    * click Restore Microsoft's Hosts File and then click OK.
    * Click the X to exit the program


    Download CCLEANER (Make sure you click 'DOWNLOAD LATEST VERSION' ~ make sure YAHOO TOOLBAR is unticked on installation)
    http://www.filehippo.com/download_ccleaner/
    Run the CLEANER scan (UNTICK 'cookies')
    Then run the REGISTRY scan (Backup the registry when it asks)


    reboot and attempt another UPDATe and FULL scan with malwarebytes (If it fails then update and run a quick one). Post the WHOLE log here

    Then run COMBOFIX
    Follow the simple instructions it gives
    Post the COMPLETE log it creates here (Split into sections if need be)

    If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe')
    :idea:
  • greenpixey
    greenpixey Posts: 2,806 Forumite
    I followed all your instructions above, had to uninstall AVG8 for combofix to work. This is the complete log for Malwarebytes and combofix.



    Malwarebytes' Anti-Malware 1.36
    Database version: 2040
    Windows 6.0.6001 Service Pack 1

    25/04/2009 19:32:22
    mbam-log-2009-04-25 (19-32-16).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 195962
    Time elapsed: 50 minute(s), 55 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Users\Home\Pictures\PopularScreensaversSetup2.3.50.21.ZRfox000.exe (Adware.MyWeb) -> removed.



    ComboFix 09-04-25.A1 - Home 25/04/2009 20:39.1 - NTFSx86
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.2037.1165 [GMT 1:00]
    Running from: c:\users\Home\Pictures\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 )))))))))))))))))))))))))))))))
    .

    2009-04-18 20:52 . 2009-04-18 20:57
    dc----w c:\users\Home\AppData\Roaming\Spotify
    2009-04-18 20:52 . 2009-04-18 20:53
    dc----w c:\users\Home\AppData\Local\Spotify
    2009-04-16 16:21 . 2008-12-06 04:42 376832 -c--a-w c:\windows\system32\winhttp.dll
    2009-04-16 16:21 . 2009-03-03 04:46 3599328 -c--a-w c:\windows\system32\ntkrnlpa.exe
    2009-04-16 16:21 . 2009-03-03 04:46 3547632 -c--a-w c:\windows\system32\ntoskrnl.exe
    2009-04-16 16:21 . 2009-03-03 04:39 551424 -c--a-w c:\windows\system32\rpcss.dll
    2009-04-16 16:21 . 2009-03-03 03:04 666624 -c--a-w c:\windows\system32\printfilterpipelinesvc.exe
    2009-04-16 16:21 . 2009-03-03 04:39 183296 -c--a-w c:\windows\system32\sdohlp.dll
    2009-04-16 16:21 . 2009-03-03 04:39 26112 -c--a-w c:\windows\system32\printfilterpipelineprxy.dll
    2009-04-16 16:21 . 2009-03-03 04:37 98304 -c--a-w c:\windows\system32\iasrecst.dll
    2009-04-16 16:21 . 2009-03-03 04:37 54784 -c--a-w c:\windows\system32\iasads.dll
    2009-04-16 16:21 . 2009-03-03 04:37 44032 -c--a-w c:\windows\system32\iasdatastore.dll
    2009-04-16 16:21 . 2009-03-03 02:38 17408 -c--a-w c:\windows\system32\iashost.exe
    2009-04-16 16:19 . 2009-03-17 03:38 13824 -c--a-w c:\windows\system32\apilogen.dll
    2009-04-16 16:19 . 2009-03-17 03:38 24064 -c--a-w c:\windows\system32\amxread.dll
    2009-04-16 16:19 . 2009-02-13 08:49 72704 -c--a-w c:\windows\system32\secur32.dll
    2009-04-16 16:19 . 2009-02-13 08:49 1255936 -c--a-w c:\windows\system32\lsasrv.dll
    2009-04-16 16:19 . 2008-06-06 03:27 38912 -c--a-w c:\windows\system32\xolehlp.dll
    2009-04-16 16:19 . 2008-06-06 03:27 562176 -c--a-w c:\windows\system32\msdtcprx.dll
    2009-04-12 23:01 . 2009-04-12 23:02
    dc----w c:\users\Home\AppData\Roaming\vlc
    2009-04-11 20:52 . 1998-06-24 00:00 140096 -c----w c:\windows\system32\Comdlg32.ocx

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-25 17:21 . 2009-04-25 17:21
    dc----w c:\program files\CCleaner
    2009-04-25 16:54 . 2008-09-06 20:58
    dc----w c:\program files\free-downloads.net
    2009-04-25 12:50 . 2008-06-30 03:53
    dc----w c:\programdata\Google Updater
    2009-04-24 20:12 . 2009-04-24 20:12
    dc----w c:\program files\Trend Micro
    2009-04-24 18:30 . 2009-01-25 13:26
    dc----w c:\program files\Malwarebytes' Anti-Malware
    2009-04-18 20:52 . 2009-04-18 20:52
    dc----w c:\program files\Spotify
    2009-04-16 23:55 . 2006-11-02 11:18
    dc----w c:\program files\Windows Mail
    2009-04-16 23:14 . 2008-02-26 03:14
    dc----w c:\programdata\Microsoft Help
    2009-04-12 23:00 . 2009-04-12 23:00
    dc----w c:\program files\VideoLAN
    2009-04-11 20:52 . 2009-04-11 20:52
    dc----w c:\program files\RealWorldPOI
    2009-04-06 14:32 . 2009-01-25 13:26 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-06 14:32 . 2009-01-25 13:26 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-03-17 03:38 . 2009-04-16 16:19 40960 -c--a-w c:\windows\AppPatch\apihex86.dll
    2009-03-07 07:54 . 2008-06-30 03:53
    dc----w c:\program files\Google
    2009-03-06 18:50 . 2009-03-06 18:50 0 -c--a-w c:\users\Home\jagex_runescape_preferences.dat
    2009-03-05 21:21 . 2008-06-30 06:33
    dc----w c:\program files\Windows Live
    2009-03-05 21:20 . 2008-06-30 06:45
    dc----w c:\program files\Windows Live Toolbar
    2009-03-05 21:20 . 2009-03-05 21:20
    dc----w c:\program files\Microsoft Sync Framework
    2009-03-05 21:14 . 2009-03-05 21:14
    dc----w c:\program files\Microsoft
    2009-03-05 21:13 . 2009-03-05 21:13
    dc----w c:\program files\Windows Live SkyDrive
    2009-03-05 20:33 . 2009-03-05 20:33
    dc----w c:\program files\Common Files\Windows Live
    2009-03-04 09:57 . 2009-03-04 09:57 266240 -c--a-w c:\windows\System32\CSHelper.exe
    2009-03-04 09:57 . 2009-03-04 09:57 225280 -c--a-w c:\windows\System32\CSInstru.DLL
    2009-03-03 04:40 . 2009-04-16 16:18 827392 -c--a-w c:\windows\System32\wininet.dll
    2009-03-03 04:37 . 2009-04-16 16:18 78336 -c--a-w c:\windows\System32\ieencode.dll
    2009-03-03 02:28 . 2009-04-16 16:18 26624 -c--a-w c:\windows\System32\ieUnatt.exe
    2009-03-02 21:43 . 2009-03-02 21:43
    dc----w c:\program files\Windows Resource Kits
    2009-02-27 07:44 . 2008-08-05 22:46
    dc----w c:\program files\Microsoft Silverlight
    2009-02-25 22:43 . 2009-02-25 22:44 410984 -c--a-w c:\windows\System32\deploytk.dll
    2009-02-25 22:43 . 2008-07-30 09:41
    dc----w c:\program files\Java
    2009-02-15 20:29 . 2009-02-14 19:57 21840 -c--atw c:\windows\System32\SIntfNT.dll
    2009-02-15 20:29 . 2009-02-14 19:57 17212 -c--atw c:\windows\System32\SIntf32.dll
    2009-02-15 20:29 . 2009-02-14 19:57 12067 -c--atw c:\windows\System32\SIntf16.dll
    2009-02-09 03:10 . 2009-03-11 06:51 2033152 -c--a-w c:\windows\System32\win32k.sys
    2009-02-06 19:03 . 2009-02-06 19:03 307576 -c--a-w c:\windows\WLXPGSS.SCR
    2009-02-06 18:52 . 2009-02-06 18:52 49504 -c--a-w c:\windows\System32\sirenacm.dll
    2008-10-26 10:46 . 2008-06-26 01:37 106168 ----a-w c:\users\kids\AppData\Local\GDIPFONTCACHEV1.DAT
    2008-09-05 19:45 . 2008-06-23 23:20 106168 -c--a-w c:\users\Home\AppData\Local\GDIPFONTCACHEV1.DAT
    2008-08-06 14:52 . 2008-07-26 01:58 680 -c--a-w c:\users\Home\AppData\Local\d3d9caps.dat
    2008-01-21 02:57 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
    2008-06-23 20:21 . 2008-06-23 20:04 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-06-23 20:21 . 2008-06-23 20:04 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-06-23 20:21 . 2008-06-23 20:04 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2008-09-08 19:31 . 2008-09-05 19:45 2828 -csha-w c:\windows\System32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-01-03 10:00 39472 ----a-w c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "BitComet"="c:\program files\BitComet\BitComet.exe" [2008-06-03 2596152]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-30 68856]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]
    "PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2008-01-25 155648]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-22 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-22 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-22 133656]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
    "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-06 57344]
    "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-25 136600]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-03 4702208]

    c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-9-5 113664]
    Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-2-26 535336]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{DF60EEC8-0880-4246-9F1B-E1A10310EF84}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{64BC88D6-9B44-490A-BC4D-A944E6E3591F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{13ADE3BD-099C-44B2-A160-5484D6802808}"= c:\program files\Acer\Acer Arcade\PowerCinema.exe:CyberLink PowerCinema
    "{B6B81CF0-2AE4-455F-98A8-CA8E19F5FCDD}"= c:\program files\Acer\Acer Arcade\PCMService.exe:CyberLink PowerCinema Resident Program
    "{20859917-0498-405B-A496-2F5D40E2B014}"= c:\program files\Acer\Acer Arcade\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
    "{0123652C-844A-43DE-831A-EA7BA4B67C78}"= c:\program files\Acer\Acer Arcade\Kernel\DMS\CLMSService.exe:CyberLink Media Server
    "{AB2CA533-4D4A-4EAB-98B3-BACD35DA0665}"= c:\program files\Acer\HomeMedia\HomeMedia.exe:HomeMedia
    "{09DC3416-BD03-46A4-8BAC-BDBBB2CD50F0}"= UDP:c:\users\Home\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
    "{DEE1C961-DD91-4148-915B-7FB8ACADE30E}"= TCP:c:\users\Home\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
    "{5A583172-BFA5-49A1-865C-C4F4B84F875A}"= UDP:c:\program files\Thomson\ST330\service\st330service.exe:ST330 service
    "{8615FDF5-DFAE-45F5-A4A1-F1D194BE367D}"= TCP:c:\program files\Thomson\ST330\service\st330service.exe:ST330 service
    "TCP Query User{F7E7C38F-15FE-4841-9E79-9D5086A8AE60}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "UDP Query User{587E3BB9-21D6-4B05-B868-8A5E5C063F2C}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "{BFCEB77B-2070-4CB2-B9C2-2A55FBB1556E}"= UDP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
    "{E5619BFF-30DC-483F-B45B-A485884D89A6}"= TCP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
    "{369D153B-DFB4-432E-89EE-08B3EFD89436}"= UDP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
    "{DDF9A213-91FD-416A-B3AE-B39B3BFA08E2}"= TCP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
    "{29F42DC9-DF98-45AE-87DF-43A1EAD9BD45}"= UDP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
    "{1BC47C04-5E79-4BC8-B239-F9935BBD938C}"= TCP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
    "{E0CFAD7A-94AA-48EF-B1CF-3465E9A6C504}"= UDP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
    "{ADB14288-E77F-4A1B-8E02-FCBC95088432}"= TCP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
    "TCP Query User{E8213B60-A003-4E2F-B7D8-964BCC091568}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "UDP Query User{2D0FE775-5340-4A14-91EC-FA175653C179}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "{BADE3396-F0B9-47F0-A9B6-476162614135}"= UDP:c:\program files\BitComet\tools\CometBrowser.exe:BitComet Resource Browser
    "{FB2258FA-EE8A-4426-8BF9-EC5BF8367754}"= TCP:c:\program files\BitComet\tools\CometBrowser.exe:BitComet Resource Browser
    "{99699AA4-35E0-4751-8D21-768BB1704EB3}"= Disabled:UDP:d:\aoc\Age of Conan\AgeOfConan.exe:AgeOfConan
    "{B30A5948-33C4-4C05-BB99-F6C6861D9A49}"= Disabled:TCP:d:\aoc\Age of Conan\AgeOfConan.exe:AgeOfConan
    "TCP Query User{1F9E4127-B56E-4A33-AFF1-037646C61604}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{560861C6-4AAB-480C-8D4D-6CF1D57D73C0}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "TCP Query User{C695BAB6-565B-4BE3-82B4-BEC645D90FDC}c:\\program files\\microsoft office\\office\\frontpg.exe"= UDP:c:\program files\microsoft office\office\frontpg.exe:Microsoft FrontPage
    "UDP Query User{58CE2173-AA8C-418F-87D7-CFAED159352B}c:\\program files\\microsoft office\\office\\frontpg.exe"= TCP:c:\program files\microsoft office\office\frontpg.exe:Microsoft FrontPage
    "{1270A110-1698-48DB-85B2-0720D39F28C9}"= UDP:24240:BitComet 24240 TCP
    "{D618A038-2EDE-4085-AC80-F91ABD65D822}"= TCP:24240:BitComet 24240 UDP
    "TCP Query User{48AA258C-EC5E-42E1-859A-949D56B196C3}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{5387266C-607A-4A46-8F6C-B830FD944AEE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{1700C60C-3C7A-4857-BB02-48DA59A1FBFF}d:\\games\\doom 3\\doom3.exe"= Disabled:UDP:d:\games\doom 3\doom3.exe:DOOM 3
    "UDP Query User{DE7D802F-89A2-474D-B48A-7035C3A723C9}d:\\games\\doom 3\\doom3.exe"= Disabled:TCP:d:\games\doom 3\doom3.exe:DOOM 3
    "TCP Query User{AE2EFF4C-DD3F-4A84-98E8-7F4A05229B81}c:\\sierra\\empire earth\\empire earth.exe"= UDP:c:\sierra\empire earth\empire earth.exe:Empire Earth
    "UDP Query User{21A74C02-E95A-4A61-9E91-373EA4ACEADF}c:\\sierra\\empire earth\\empire earth.exe"= TCP:c:\sierra\empire earth\empire earth.exe:Empire Earth
    "TCP Query User{51A6C1B8-2BDC-4BA8-B822-92E93C5C8E6D}c:\\sierra\\empire earth\\empire earth.exe"= UDP:c:\sierra\empire earth\empire earth.exe:Empire Earth
    "UDP Query User{CCB41075-1A98-41DB-8619-CBB9DF7BC3FB}c:\\sierra\\empire earth\\empire earth.exe"= TCP:c:\sierra\empire earth\empire earth.exe:Empire Earth
    "{B2E342D6-7D4F-4731-AEAB-9E6BEC10BDC0}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr

    R3 ALSysIO;ALSysIO; [x]
    R3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2008-06-24 30464]
    R3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2008-06-24 12672]
    R3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\DRIVERS\stppp.sys [2008-06-24 35328]
    S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-09-19 51200]
    S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-03-04 266240]
    S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
    S2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
    S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
    S4 AvgTdiX;AVG8 Network Redirector; [x]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - AvgLdx86
    *Deregistered* - AvgTdiX

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \shell\AutoRun\command - F:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \shell\AutoRun\command - G:\RunGame.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64209611-7c55-11dd-a654-001b38d82d23}]
    \shell\AutoRun\command - G:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e71e270c-f204-11dc-b29a-806e6f6e6963}]
    \shell\AutoRun\command - E:\Setup.now.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2009-04-25 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-30 07:41]

    2009-04-25 c:\windows\Tasks\User_Feed_Synchronization-{6C865D70-FEB0-4153-B906-1B807149BF08}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
    WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
    HKLM-Run-eRecoveryService - (no file)


    .
    Supplementary Scan
    .
    mStart Page = hxxp://en.uk.acer.yahoo.com
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    LSP: c:\windows\system32\wpclsp.dll
    DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} - hxxp://www.shopandscan.com/TNSClicker.CAB
    FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\aytilme9.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.itsmylife.talktalk.net/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\windows\system32\C2MP\npdivx32.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-25 20:43
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    LOCKED REGISTRY KEYS

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    DLLs Loaded Under Running Processes

    - - - - - - - > 'Explorer.exe'(3484)
    c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
    c:\acer\Empowering Technology\EPOWER\SysHook.dll
    .
    Completion time: 2009-04-25 20:46
    ComboFix-quarantined-files.txt 2009-04-25 19:46

    Pre-Run: 3,711,479,808 bytes free
    Post-Run: 3,507,146,752 bytes free

    268 --- E O F --- 2009-04-22 07:05
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Open notepad and copy/paste the text in RED below

    File::
    c:\windows\System32\SIntfNT.dll
    c:\windows\System32\SIntf32.dll
    c:\windows\System32\SIntf16.dll
    c:\windows\WLXPGSS.SCR
    c:\windows\System32\KGyGaAvL.sys


    Save this as "CFScript"

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

    CFScript.gif


    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.


    then run a KASPERSKY ONLINE SCAN (click to scan 'MY COMPUTER')
    http://www.kaspersky.co.uk/virusscanner
    Please post the complete log it creates
    :idea:
  • greenpixey
    greenpixey Posts: 2,806 Forumite
    How can i get combofix to work without uninstalling AVG8 or is there a way to switch it of whilst working with combofix.? Last night I uninstalled AVG8 and ended up with 50 viruses (which I now managed to delete all but five). I really don't want to be without virus scanner but cant seem to find a way to work around it.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    First up. AVG is cr*p. So my advice is to uninstall it. Use the 32 bit AVG removal tool
    http://www.avg.com/download-tools
    And install AVIRA in its place
    Download AVIRA (Make sure you click 'DOWNLOAD LATEST VERSION')
    http://www.filehippo.com/download_antivir/

    If you decline my advice you can switch AVG off here ~
    Turn AVG resident shield off
    http://www.avg.com/faq.keyw-disable%2Bavg.num-1209
    :idea:
  • greenpixey
    greenpixey Posts: 2,806 Forumite
    edited 28 April 2009 pm30 6:33PM
    Got rid of AVG8 per your instructions but cant install Avira.
    Get the following message

    A secure internett connection is required to acitvate the product (ssl encrypted) This could not be established

    -internett connection can be accessed (done this)
    - ensure system date is correct (done this)
    -if in use check modem connection (done)
    - ensure application fact.exe can access internettand is not blocked by a fire wall ( now this might be the problem... Done a search and cant find fact.exe (dont think I installed it yet:confused:) and I did swich the firewall off as well to try but that didn't work either :wall:
  • greenpixey
    greenpixey Posts: 2,806 Forumite
    anyone????
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 348.4K Banking & Borrowing
  • 252.1K Reduce Debt & Boost Income
  • 452.4K Spending & Discounts
  • 241K Work, Benefits & Business
  • 617.3K Mortgages, Homes & Bills
  • 175.7K Life & Family
  • 254.2K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.