laptop really slow, anyone know about Regcure

CJ · 24 January 2010 at 7:50PM

used the mcafee removal tool successfully but it required a restart and the computer wouldn't so it has taken me all this time to get it restarted which meant having to make a restore point so I am assuming that the mcafee removal will have been reversed ho hum!

will i just go ahead with combofix?

aliEnRIK · 24 January 2010 at 8:23PM

Ideally the priority is removing mcafee completely before running combofix

CJ · 25 January 2010 at 3:29AM

Hi I have now removed Mcafee and restarted hallelujah! BUT on the beeping computer website there is a big warning that there is a bug in combofix and it must not be used until it has been resolved. No Luck i'm off to bed

pendulum · 25 January 2010 at 5:06AM

I would backup all my data, plan it and make sure I could reinstall everything, then format the hard drive (wipe it clean) and reinstall Windows. Start afresh. It's the only proper way when you've got an operating system that's been installed for a long time and its got cluttered up with junk. Nothing beats a brand new install for speed. And by the time you've downloaded Malware bytes, CCleaner, ComboFix, HiJack This, a new antivirus, and whatever other programs they want you to try to speed it up, you've spent hours on it and you could have used those hours to backup and reformat for a near guaranteed fix.

CJ · 25 January 2010 at 2:11PM

pendulum wrote: »

I would backup all my data, plan it and make sure I could reinstall everything, then format the hard drive (wipe it clean) and reinstall Windows. Start afresh. It's the only proper way when you've got an operating system that's been installed for a long time and its got cluttered up with junk. Nothing beats a brand new install for speed. And by the time you've downloaded Malware bytes, CCleaner, ComboFix, HiJack This, a new antivirus, and whatever other programs they want you to try to speed it up, you've spent hours on it and you could have used those hours to backup and reformat for a near guaranteed fix.

What a horrifying task for me and I would probably stuff that up as well!
Since I uninstalled Mcafee properly it does seem to be running quite well it even started this morning, I am going to add Microsoft security essentials to see if it likes that

CJ · 25 January 2010 at 2:20PM

aliEnRIK wrote: »

Ideally the priority is removing mcafee completely before running combofix

that done, combofix seems to be bug free so i will just go ahead with that

CJ · 25 January 2010 at 4:02PM

ComboFix 10-01-24.05 - Caroline 25/01/2010 14:02:53.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1917.1226 [GMT 0:00]
Running from: c:\users\Caroline\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-1827898830-1018533823-251637744-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\windows\Downloaded Program Files\popcaploader.inf

.
((((((((((((((((((((((((( Files Created from 2009-12-25 to 2010-01-25 )))))))))))))))))))))))))))))))
.
2010-01-25 14:31 . 2010-01-25 14:31

d

w- c:\users\TEMP\AppData\Local\temp
2010-01-25 14:31 . 2010-01-25 14:31

d

w- c:\users\Default\AppData\Local\temp
2010-01-25 14:31 . 2010-01-25 14:31

d

w- c:\users\Michael\AppData\Local\temp
2010-01-25 14:31 . 2010-01-25 14:31

d

w- c:\users\Guest\AppData\Local\temp
2010-01-24 20:49 . 2010-01-02 06:38 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-24 20:49 . 2010-01-02 04:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-24 20:48 . 2010-01-02 06:32 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-24 20:48 . 2010-01-02 06:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-24 03:31 . 2010-01-24 03:31

d

w- c:\programdata\Alwil Software
2010-01-24 03:31 . 2010-01-24 03:31

d

w- c:\program files\Alwil Software
2010-01-24 01:56 . 2010-01-24 01:56

d

w- c:\users\Caroline\AppData\Local\Windows Live Writer
2010-01-24 01:56 . 2010-01-24 01:56

d

w- c:\users\Caroline\AppData\Roaming\Windows Live Writer
2010-01-23 03:23 . 2010-01-24 19:12

d

w- c:\program files\Microsoft Security Essentials
2010-01-23 00:51 . 2010-01-23 01:31

d

w- c:\program files\Windows Live Safety Center
2010-01-16 21:10 . 2010-01-16 21:10

d

w- C:\My Music
2010-01-13 10:06 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 10:06 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-10 13:14 . 2010-01-10 13:14

d

w- c:\users\Michael\AppData\Roaming\Yahoo!
2010-01-09 20:01 . 2010-01-09 20:01

d

w- c:\users\Caroline\AppData\Roaming\Yahoo!
2010-01-09 20:01 . 2010-01-09 20:01

d

w- c:\programdata\Yahoo! Companion
2010-01-09 20:00 . 2010-01-09 20:01

d

w- c:\program files\Yahoo!
2010-01-09 20:00 . 2010-01-24 20:05

d

w- c:\program files\CCleaner
2010-01-08 21:44 . 2010-01-08 21:44

d

w- c:\users\Caroline\AppData\Roaming\Malwarebytes
2010-01-08 21:44 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 21:44 . 2010-01-08 21:44

d

w- c:\programdata\Malwarebytes
2010-01-08 21:44 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-08 21:44 . 2010-01-24 20:05

d

w- c:\program files\Malwarebytes' Anti-Malware
2009-12-27 21:09 . 2010-01-10 13:06

d

w- c:\users\Michael\Tracing
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-25 02:30 . 2007-12-08 13:23 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-24 17:43 . 2008-06-12 00:00

d

w- c:\users\Caroline\AppData\Roaming\Skype
2010-01-24 16:01 . 2008-06-12 00:03

d

w- c:\users\Caroline\AppData\Roaming\skypePM
2010-01-21 16:38 . 2009-03-07 16:34

d

w- c:\program files\Microsoft Silverlight
2010-01-16 16:19 . 2009-04-23 21:36 7268 ----a-w- c:\users\Caroline\AppData\Local\d3d9caps.dat
2010-01-14 11:12 . 2009-10-03 09:46 181120 ----a-w- c:\windows\system32\MpSigStub.exe
2010-01-12 16:44 . 2007-12-19 22:45 1734 ----a-w- c:\users\Caroline\AppData\Roaming\wklnhst.dat
2009-12-27 21:07 . 2007-12-20 18:04 115736 ----a-w- c:\users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-12 00:34 . 2009-12-12 00:34 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-10 23:55 . 2009-04-04 17:18

d

w- c:\programdata\Microsoft Help
2009-12-10 23:52 . 2007-12-08 14:04

d

w- c:\program files\Microsoft Works
2009-12-10 23:20 . 2009-03-15 21:54

d

w- c:\program files\Zylom Games
2009-12-10 22:55 . 2009-05-06 17:47

d

w- c:\users\Caroline\AppData\Roaming\Amazon
2009-12-10 22:55 . 2009-05-06 17:44

d

w- c:\program files\Amazon
2009-12-10 16:49 . 2009-12-10 16:49

d

w- c:\programdata\Citrix
2009-12-10 16:43 . 2009-12-10 16:43

d

w- c:\program files\Citrix
2009-12-10 16:42 . 2009-12-10 16:42 61224 ----a-w- c:\users\Caroline\GoToAssistDownloadHelper.exe
2009-12-01 20:18 . 2007-12-08 13:59

d

w- c:\program files\Google
2009-12-01 11:19 . 2008-04-06 15:21

d

w- c:\program files\Common Files\Real
2009-12-01 11:16 . 2009-12-01 11:16

d

w- c:\program files\Common Files\xing shared
2009-11-29 12:05 . 2009-11-20 11:28 439816 ----a-w- c:\users\Caroline\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-11-28 18:07 . 2009-09-05 17:27

d

w- c:\program files\eMusic Download Manager
2009-11-28 18:06 . 2009-09-05 17:27

d

w- c:\users\Caroline\AppData\Roaming\eMusic
2009-11-23 20:34 . 2009-11-23 20:34 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb7753.tmp.exe
2009-11-09 12:31 . 2009-12-11 18:44 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-11 18:44 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-11 18:44 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-29 09:17 . 2009-11-26 02:20 2048 ----a-w- c:\windows\system32\tzres.dll
2008-04-22 16:22 . 2008-04-22 16:22 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-12-08 13:48 . 2007-12-08 13:48 80 --sh--r- c:\windows\CT4CET.bin
2007-12-08 21:14 . 2007-12-08 21:01 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-29 36864]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-14 149280]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-09-21 184320]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-10 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-27 98304]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-01 198160]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-8 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-4-27 118784]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-12-8 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c3,7a,a0,9e,78,e5,c9,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1827898830-1018533823-251637744-1000]
"EnableNotificationsRef"=dword:00000001
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [08/12/2007 13:21 73728]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [03/10/2009 00:25 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [08/12/2007 13:59 30192]
S3 pmxmouse;PMXMOUSE;c:\windows\System32\drivers\pmxmouse.sys [08/12/2007 13:38 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\System32\drivers\pmxusblf.sys [08/12/2007 13:38 19008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.

Supplementary Scan

.
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-MCODS

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 14:37
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
[0] 0x00000014
scanning hidden autostart entries ...
scanning hidden files ...

c:\users\Caroline\AppData\Local\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.

LOCKED REGISTRY KEYS

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-25 14:50:41
ComboFix-quarantined-files.txt 2010-01-25 14:50
Pre-Run: 96,503,779,328 bytes free
Post-Run: 96,281,223,168 bytes free
- - End Of File - - F70C8876B6E90B9CA82089A81892FE4E

I removed firewall and defender but have turned firewall on again .It is all starting fine now and seems to be running quickly

aliEnRIK · 26 January 2010 at 7:32AM

Open notepad and copy/paste the text in RED below

File::
c:\programdata\Google\Google Toolbar\Update\gtb7753.tmp.exe
c:\windows\CT4CET.bin
c:\users\Caroline\AppData\Local\Temp\catchme.dll

Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

.............................
Then UPDATE malwarebytes and runa nother FULL scan (Just realised its out of date)

CJ · 26 January 2010 at 12:34PM

aliEnRIK wrote: »

Open notepad and copy/paste the text in RED below

File::
c:\programdata\Google\Google Toolbar\Update\gtb7753.tmp.exe
c:\windows\CT4CET.bin
c:\users\Caroline\AppData\Local\Temp\catchme.dll

Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

.............................
Then UPDATE malwarebytes and runa nother FULL scan (Just realised its out of date)

My God I will take it as a compliment I think, that you actually think I can do all this I'm not so sure.You are testing my computer skills!
Do I have to turn off the Microsoft security essentials

aliEnRIK · 26 January 2010 at 12:36PM

Your reading too much into it

Yes, turn off the av

All you have to do is create the notepad file and call it as above. Then drag and drop it onto the combofix icon

laptop really slow, anyone know about Regcure

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free