We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
laptop really slow, anyone know about Regcure
Comments
-
ComboFix 10-01-25.06 - Caroline 26/01/2010 12:46:49.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1917.1093 [GMT 0:00]
Running from: c:\users\Caroline\Desktop\ComboFix.exe
Command switches used :: c:\users\Caroline\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\programdata\Google\Google Toolbar\Update\gtb7753.tmp.exe"
"c:\users\Caroline\AppData\Local\Temp\catchme.dll"
"c:\windows\CT4CET.bin"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Google\Google Toolbar\Update\gtb7753.tmp.exe
c:\windows\CT4CET.bin
.
((((((((((((((((((((((((( Files Created from 2009-12-26 to 2010-01-26 )))))))))))))))))))))))))))))))
.
2010-01-26 13:15 . 2010-01-26 13:17
d
w- c:\users\Caroline\AppData\Local\temp
2010-01-26 13:15 . 2010-01-26 13:15
d
w- c:\users\TEMP\AppData\Local\temp
2010-01-26 13:15 . 2010-01-26 13:15
d
w- c:\users\Public\AppData\Local\temp
2010-01-26 13:15 . 2010-01-26 13:15
d
w- c:\users\Michael\AppData\Local\temp
2010-01-26 13:15 . 2010-01-26 13:15
d
w- c:\users\Guest\AppData\Local\temp
2010-01-26 13:15 . 2010-01-26 13:15
d
w- c:\users\Default\AppData\Local\temp
2010-01-24 20:49 . 2010-01-02 06:38 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-24 20:49 . 2010-01-02 04:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-24 20:48 . 2010-01-02 06:32 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-24 20:48 . 2010-01-02 06:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-24 03:31 . 2010-01-24 03:31
d
w- c:\programdata\Alwil Software
2010-01-24 03:31 . 2010-01-24 03:31
d
w- c:\program files\Alwil Software
2010-01-24 01:56 . 2010-01-24 01:56
d
w- c:\users\Caroline\AppData\Local\Windows Live Writer
2010-01-24 01:56 . 2010-01-24 01:56
d
w- c:\users\Caroline\AppData\Roaming\Windows Live Writer
2010-01-23 03:23 . 2010-01-26 00:59
d
w- c:\program files\Microsoft Security Essentials
2010-01-23 00:51 . 2010-01-23 01:31
d
w- c:\program files\Windows Live Safety Center
2010-01-16 21:10 . 2010-01-16 21:10
d
w- C:\My Music
2010-01-13 10:06 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 10:06 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-10 13:14 . 2010-01-10 13:14
d
w- c:\users\Michael\AppData\Roaming\Yahoo!
2010-01-09 20:01 . 2010-01-09 20:01
d
w- c:\users\Caroline\AppData\Roaming\Yahoo!
2010-01-09 20:00 . 2010-01-26 01:05
d
w- c:\program files\Yahoo!
2010-01-09 20:00 . 2010-01-24 20:05
d
w- c:\program files\CCleaner
2010-01-08 21:44 . 2010-01-08 21:44
d
w- c:\users\Caroline\AppData\Roaming\Malwarebytes
2010-01-08 21:44 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 21:44 . 2010-01-08 21:44
d
w- c:\programdata\Malwarebytes
2010-01-08 21:44 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-08 21:44 . 2010-01-24 20:05
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-12-27 21:09 . 2010-01-10 13:06
d
w- c:\users\Michael\Tracing
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 02:33 . 2007-12-08 13:23 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-26 02:31 . 2007-12-08 13:59
d
w- c:\program files\Google
2010-01-26 02:29 . 2008-06-12 00:00
d
w- c:\users\Caroline\AppData\Roaming\Skype
2010-01-26 01:25 . 2007-12-08 13:37
d
w- c:\program files\Java
2010-01-26 00:00 . 2008-06-12 00:03
d
w- c:\users\Caroline\AppData\Roaming\skypePM
2010-01-21 16:38 . 2009-03-07 16:34
d
w- c:\program files\Microsoft Silverlight
2010-01-16 16:19 . 2009-04-23 21:36 7268 ----a-w- c:\users\Caroline\AppData\Local\d3d9caps.dat
2010-01-14 11:12 . 2009-10-03 09:46 181120
w- c:\windows\system32\MpSigStub.exe
2010-01-12 16:44 . 2007-12-19 22:45 1734 ----a-w- c:\users\Caroline\AppData\Roaming\wklnhst.dat
2009-12-27 21:07 . 2007-12-20 18:04 115736 ----a-w- c:\users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-12 00:34 . 2009-12-12 00:34 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-10 23:55 . 2009-04-04 17:18
d
w- c:\programdata\Microsoft Help
2009-12-10 23:52 . 2007-12-08 14:04
d
w- c:\program files\Microsoft Works
2009-12-10 23:20 . 2009-03-15 21:54
d
w- c:\program files\Zylom Games
2009-12-10 22:55 . 2009-05-06 17:47
d
w- c:\users\Caroline\AppData\Roaming\Amazon
2009-12-10 22:55 . 2009-05-06 17:44
d
w- c:\program files\Amazon
2009-12-10 16:49 . 2009-12-10 16:49
d
w- c:\programdata\Citrix
2009-12-10 16:43 . 2009-12-10 16:43
d
w- c:\program files\Citrix
2009-12-10 16:42 . 2009-12-10 16:42 61224 ----a-w- c:\users\Caroline\GoToAssistDownloadHelper.exe
2009-12-01 11:19 . 2008-04-06 15:21
d
w- c:\program files\Common Files\Real
2009-12-01 11:16 . 2009-12-01 11:16
d
w- c:\program files\Common Files\xing shared
2009-11-29 12:05 . 2009-11-20 11:28 439816 ----a-w- c:\users\Caroline\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-11-28 18:07 . 2009-09-05 17:27
d
w- c:\program files\eMusic Download Manager
2009-11-28 18:06 . 2009-09-05 17:27
d
w- c:\users\Caroline\AppData\Roaming\eMusic
2009-11-09 12:31 . 2009-12-11 18:44 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-11 18:44 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-11 18:44 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-29 09:17 . 2009-11-26 02:20 2048 ----a-w- c:\windows\system32\tzres.dll
2008-04-22 16:22 . 2008-04-22 16:22 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-12-08 21:14 . 2007-12-08 21:01 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-29 36864]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-09-21 184320]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-27 98304]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-01 198160]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-8 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-4-27 118784]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-12-8 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c3,7a,a0,9e,78,e5,c9,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1827898830-1018533823-251637744-1000]
"EnableNotificationsRef"=dword:00000001
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [08/12/2007 13:21 73728]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [18/06/2009 18:48 42480]
R3 pmxmouse;PMXMOUSE;c:\windows\System32\drivers\pmxmouse.sys [08/12/2007 13:38 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\System32\drivers\pmxusblf.sys [08/12/2007 13:38 19008]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [03/10/2009 00:25 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
Supplementary Scan
.
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 13:16
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-26 13:29:51
ComboFix-quarantined-files.txt 2010-01-26 13:29
ComboFix2.txt 2010-01-25 14:50
Pre-Run: 98,602,692,608 bytes free
Post-Run: 98,597,896,192 bytes free
- - End Of File - - 62C2A7B580C7CB24B79584DAF974C824
nothing detected on the malawarebytes scan0 -
For some reason there was gap in one of the instructions
Not to worry
Manually find and delete this (If it still exists)
c:\users\Caroline\AppData\Local\Temp\catchme.dll:idea:0 -
Follow the address
Open 'C' drive
Look for the folder USERS
open that
Look for the folder CAROLINE etc:idea:0 -
folder was empty0
-
Hows the computer running now?:idea:0
-
it seems to be running a lot more smoothly, starting fine, occasionally still not responding especially in my windows live e mail
Lets hope that it sorted thanks for your patience0 -
How much RAM does it have?
Download CCLEANER
http://www.ccleaner.com/download/builds/downloading-slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)
reboot
Download GLARY UTILITIES
http://www.glaryutilities.com/download/gusetup_slim.exe
Run the ONE CLICK scan
Goto MODULES / SYSTEM TOOLS / WINDOWS STANDARD TOOLS / then run SYSTEM FILE CHECKER:idea:0 -
According to the task manager it's running at 46% physical memory was more before I ran he scans but not much Don't know if thats what you meant
Ccleaner got rid of a load of stuff there was still quite a lot of McAfee and 55 items on the registry, the Glary found another 411
If there was a report on the system file checker I missed it when I came back it was finished
I have restarted it and apart from the wireless connection being a bit slow everything is running smoothly
Do I need to keep combo fix, malawarebytes, ccleaner and glary on the computer?0 -
Wireless connection slower than it was?:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.9K Banking & Borrowing
- 252.7K Reduce Debt & Boost Income
- 453K Spending & Discounts
- 242.8K Work, Benefits & Business
- 619.7K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards