We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
laptop driving me nuts, i think its vistas fault
Comments
-
it didnt ask to reboot0
-
You didnt do it right ~
Command switches used :: c:\users\Karl\Desktop\CFScript.txt.lnk
It SHOULD read ~
Command switches used :: c:\users\Karl\Desktop\CFScript.txt
Make sure you save ONLY as "CFScript.txt" and use that:idea:0 -
oh dear ill try again now,
sorry0 -
ComboFix 09-06-15.04 - Karl 16/06/2009 20:46.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1013.401 [GMT 1:00]
Running from: c:\users\Karl\Desktop\ComboFix.exe
Command switches used :: c:\users\Karl\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\acer\Empowering Technology\EPOWER\SysHook.dll"
"c:\programdata\Google\Google Toolbar\Update\gtb59DD.tmp.exe"
"c:\users\Karl\AppData\Roaming\wklnhst.dat"
"c:\windows\system32\BatchCrypto.dll"
"c:\windows\system32\CryptoAPI.dll"
"c:\windows\system32\keyManager.dll"
"c:\windows\system32\MsnChatHook.dll"
"c:\windows\system32\ShowErrMsg.dll"
"c:\windows\system32\sysenv.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\acer\Empowering Technology\EPOWER\SysHook.dll
c:\programdata\Google\Google Toolbar\Update\gtb59DD.tmp.exe
c:\users\Karl\AppData\Roaming\wklnhst.dat
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 )))))))))))))))))))))))))))))))
.
2009-06-16 19:50 . 2009-06-16 19:57
d
w- c:\users\Karl\AppData\Local\temp
2009-06-15 21:19 . 2009-06-15 21:19
d
w- c:\windows\Sun
2009-06-15 21:08 . 2009-06-15 21:11
d
w- c:\program files\Spybot - Search & Destroy
2009-06-15 21:08 . 2009-06-15 21:11
d
w- c:\programdata\Spybot - Search & Destroy
2009-06-15 19:34 . 2009-06-15 19:34
d
w- c:\programdata\NortonInstaller
2009-06-15 15:18 . 2009-06-15 15:18
d
w- c:\users\Karl\AppData\Roaming\Malwarebytes
2009-06-15 15:18 . 2009-05-26 12:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 15:18 . 2009-06-15 15:18
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-06-15 15:18 . 2009-06-15 15:18
d
w- c:\programdata\Malwarebytes
2009-06-15 15:18 . 2009-05-26 12:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-14 19:55 . 2009-06-14 19:55
d
w- c:\program files\Trend Micro
2009-06-14 19:49 . 2008-06-19 16:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-14 19:48 . 2009-06-14 19:48
d
w- c:\program files\Panda Security
2009-06-14 19:41 . 2009-06-14 19:41
d
w- c:\programdata\CA
2009-06-11 05:58 . 2009-06-11 05:58
d
w- c:\windows\system32\EventProviders
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 19:38 . 2007-03-22 11:44
d
w- c:\program files\Common Files\Symantec Shared
2009-06-12 09:30 . 2008-04-09 17:49
d
w- c:\program files\Actinic v9
2009-06-12 09:23 . 2007-09-22 17:44
d
w- c:\program files\Google
2009-06-11 11:28 . 2009-05-21 15:40
d
w- c:\program files\Sage Payroll
2009-06-10 16:52 . 2009-04-04 12:23
d
w- c:\programdata\avg8
2009-05-17 06:36 . 2008-10-23 13:30
d
w- c:\program files\Common Files\Adobe
2009-05-14 02:06 . 2007-03-22 11:21
d
w- c:\programdata\Microsoft Help
2009-05-14 02:02 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2009-05-08 14:14 . 2007-08-25 14:26 72720 ----a-w- c:\users\Karl\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-04 21:35 . 2007-03-22 11:27
d
w- c:\program files\Microsoft Works
2009-04-27 07:47 . 2009-04-27 07:47
d
w- c:\users\Karl\AppData\Roaming\Template
.
((((((((((((((((((((((((((((( SnapShot@2009-06-16_02.15.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05 . 2009-06-16 19:56 69484 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-08-25 14:27 . 2009-06-16 01:58 10914 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2198491559-500378422-2097851613-1000_UserData.bin
+ 2007-08-25 14:27 . 2009-06-16 19:56 10914 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2198491559-500378422-2097851613-1000_UserData.bin
- 2009-05-22 05:03 . 2009-06-16 01:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-22 05:03 . 2009-06-16 19:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-22 05:03 . 2009-06-16 01:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-22 05:03 . 2009-06-16 19:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2007-08-26 13:53 . 2009-06-16 17:00 252988 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-06-16 18:08 638782 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-16 02:00 638782 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-06-16 18:08 121746 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-06-16 02:00 121746 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"eDSMSNfix"="c:\acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 13312]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-17 151552]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-22 185632]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]
c:\users\Karl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Actinic.lnk - c:\program files\Actinic v9\Catalog.exe [2008-4-9 8013096]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-3-22 528384]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-11-7 303104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9AD97BE8-9399-41D8-A697-4600EF8BD101}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{A466396A-B9D7-44F7-9D60-3BAE64855644}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{B97FC05B-7756-43D0-B0D3-97D89F6D51F5}"= c:\program files\Acer Arcade Deluxe\VideoMagician\MagicDirector.exe:CyberLink MagicDirector
"{10A600E2-1475-4D64-97C2-BCAE74289E8F}"= c:\program files\Acer Arcade Deluxe\DV Wizard\PowerDV.exe:CyberLink PowerDV
"{8C75BAA3-A66D-40DA-987C-A9B3E2A42DD6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E68602A6-FF59-4238-980E-8F99D65D7629}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{5E9A58C6-B7ED-4494-A333-ED978AF4835B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{6721F3D9-3D40-4536-B232-296750C50A06}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{CF074D46-D3C3-4A80-A087-9B434555AECE}c:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{10A0EF5D-6A20-4B86-955C-E8317965C78D}c:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"{10F65F19-E15D-40EE-96FC-2EBD2C9E7086}"= UDP:990:LocalSubnet:LocalSubnet|IF={9F1BF94B-BBE6-480C-B0F3-D84C4B97AD51}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{B0FDDB58-3756-4854-A53A-4E766E3A9B52}"= UDP:5721:LocalSubnet:LocalSubnet|IF={9F1BF94B-BBE6-480C-B0F3-D84C4B97AD51}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{DD6D2CA8-183A-4108-A67A-F23662D55636}"= UDP:1034:LocalSubnet:LocalSubnet|IF={9F1BF94B-BBE6-480C-B0F3-D84C4B97AD51}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{6C6012A9-FD93-4DA1-B5BF-D8993D1D1C5C}"= UDP:5678:LocalSubnet:LocalSubnet|IF={9F1BF94B-BBE6-480C-B0F3-D84C4B97AD51}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{4B70F91D-C2E3-46CE-820B-F0588057A742}"= UDP:999:LocalSubnet:LocalSubnet|IF={9F1BF94B-BBE6-480C-B0F3-D84C4B97AD51}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{8C6EDEE4-A2C1-446E-B3FC-8FEC9598D27F}"= UDP:26675:LocalSubnet:LocalSubnet|IF={9F1BF94B-BBE6-480C-B0F3-D84C4B97AD51}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{102167E4-CD54-405E-9B84-FB87B7A93D72}"= UDP:990:LocalSubnet:LocalSubnet|IF={9F1BF94B-BBE6-480C-B0F3-D84C4B97AD51}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"TCP Query User{372F81DC-9668-42F7-B301-41C8D9BED41C}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{3D946B7D-F7F1-4B08-8514-1C28D5CD70B8}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"{AEFFC175-0455-41C6-8928-50814D577FFF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{10B53F6A-1FF6-40F9-923F-3793A290EC05}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2876FA54-666D-4FD7-8603-AC5A1939A227}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2B0A172E-B159-4856-9F1F-2AF88D1B3C27}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0BACE527-B5C9-4D82-B94A-F5498812EA4F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{43D3CE9F-642D-41D8-A0B3-0DB53FE4FF36}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{20C2079F-3A0D-4D53-B409-612A4BE6676D}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{08951889-4FFA-4290-AA1E-24034A339406}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{D33574B9-0124-4AF4-873C-A1D756907A08}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{7AB542B9-6DD7-4165-A11B-BFBAC10A5630}"= UDP:c:\users\Karl\AppData\Local\Temp\7zSA556.tmp\SymNRT.exe:Norton Removal Tool
"{F200E580-199C-474A-ADC4-1C21EEEA20F8}"= TCP:c:\users\Karl\AppData\Local\Temp\7zSA556.tmp\SymNRT.exe:Norton Removal Tool
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [14/06/2009 20:49 28544]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [22/03/2007 12:55 50688]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [23/10/2008 14:21 33752]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [14/10/2008 18:25 13352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-08 c:\windows\Tasks\User_Feed_Synchronization-{8E0920E2-C760-4A2D-AC35-CB5712466911}.job
- c:\windows\system32\msfeedssync.exe [2009-03-23 11:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://news.bbc.co.uk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: paypal.com\www
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\6t8c7wpu.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-16 20:57
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Other Running Processes
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Launch Manager\LManager.exe
c:\acer\Empowering Technology\ePower\ePower_DMC.exe
c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
c:\users\Karl\AppData\Local\temp\RtkBtMnt.exe
c:\windows\System32\igfxext.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-06-16 21:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-16 20:01
ComboFix2.txt 2009-06-16 19:21
ComboFix3.txt 2009-06-16 02:19
Pre-Run: 5,986,897,920 bytes free
Post-Run: 5,963,177,984 bytes free
237 --- E O F --- 2009-05-29 06:420 -
this time the computer automatically shut down but as usual got stuck on the 'logging off' screen. i waited a while then just pressed the button. when it came back on the combofix said it needed to analyse further then that log came up0
-
Try installing and scanning with avira again:idea:0
-
i did it from the filehippo link you provided me with in an earlier post. It still says preparing instsllation after nearly 10 mins0
-
i closed it and started again the prepaing installation went off but then nothing has happened??0
-
a box has come up that says this programme might not have installed correctly
there are 2 options -- reinstall using recommended settings or this programme installed correctly0 -
dont bother ~ somethings clearly not right:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.2K Banking & Borrowing
- 252.8K Reduce Debt & Boost Income
- 453.1K Spending & Discounts
- 243.1K Work, Benefits & Business
- 597.5K Mortgages, Homes & Bills
- 176.5K Life & Family
- 256.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards