Computer keeps freezing

View previous topic View next topic Go down

Computer keeps freezing

Post by lhowley on Sun Apr 11, 2010 7:44 pm

Hi there,
I have a fairly new computer only about 1 year old and it keeps freezing on me every 30 seconds or so...
The operating system is windows vista.
I have run scans fro Superantispyware and mailwarebytes and they keep finding adware and cookies and also trojans.
My computer then runs good for a few hours and then starts to freeze again.
I read on the internet that combofix is the best so i ran this aswell. Computer is still freezing on me.
Can you help me pls??? Thx in advance:))

Here are the log files from my scans:

Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 3978

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

11/04/2010 18:03:52
mbam-log-2010-04-11 (18-03-52).txt

Scan type: Quick scan
Objects scanned: 104741
Time elapsed: 6 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix 10-04-10.02 - Lisa Howley 11/04/2010 19:57:35.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.3000.1843 [GMT 1:00]
Running from: c:\users\Lisa Howley\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1013661873-3314279378-44470637-500
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

.
((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-11 19:07 . 2010-04-11 19:07 -------- d-----w- c:\users\Lisa Howley\AppData\Local\temp
2010-04-11 19:07 . 2010-04-11 19:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-11 18:43 . 2010-02-12 17:41 558448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-04-11 16:54 . 2010-04-11 16:54 -------- d-----w- c:\users\Lisa Howley\AppData\Roaming\Malwarebytes
2010-04-11 16:54 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-11 16:54 . 2010-04-11 16:54 -------- d-----w- c:\programdata\Malwarebytes
2010-04-11 16:54 . 2010-04-11 16:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-11 16:54 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-11 16:11 . 2010-02-03 09:00 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100411.005\NAVENG.SYS
2010-04-11 16:11 . 2010-02-03 09:00 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100411.005\NAVEX15.SYS
2010-04-11 16:11 . 2009-12-09 09:00 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100411.005\CCERASER.DLL
2010-04-11 16:11 . 2009-09-23 08:00 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100411.005\ECMSVR32.DLL
2010-04-11 16:11 . 2009-08-27 08:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100411.005\EECTRL.SYS
2010-04-11 16:11 . 2009-08-27 08:00 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100411.005\ERASER.SYS
2010-04-11 16:11 . 2009-08-25 08:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100411.005\NAVENG32.DLL
2010-04-11 16:11 . 2009-08-25 08:00 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100411.005\NAVEX32A.DLL
2010-04-06 18:35 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100402.001\IDSvix86.sys
2010-04-06 18:35 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100402.001\Scxpx86.dll
2010-04-06 18:35 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100402.001\IDSxpx86.dll
2010-04-06 18:35 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100402.001\IDSXpx86.sys
2010-04-06 18:35 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100402.001\IDSviA64.sys
2010-03-26 15:02 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSvix86.sys
2010-03-26 15:02 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSXpx86.sys
2010-03-26 15:02 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\Scxpx86.dll
2010-03-26 15:02 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSxpx86.dll
2010-03-26 15:02 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSviA64.sys
2010-03-24 22:20 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-24 16:16 . 2010-03-24 16:20 20895216 ----a-w- c:\users\Lisa Howley\AppData\Roaming\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-24 16:16 . 2010-03-24 16:16 8405312 ----a-w- c:\users\Lisa Howley\AppData\Roaming\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-22 22:55 . 2010-04-11 17:07 -------- d-----w- c:\users\Lisa Howley\Tracing
2010-03-22 22:51 . 2010-03-22 22:51 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-03-22 22:51 . 2009-08-05 22:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-03-22 22:49 . 2010-03-22 22:49 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-03-22 22:49 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-03-22 22:49 . 2010-03-22 22:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-03-22 22:46 . 2010-03-22 22:46 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-03-22 22:45 . 2010-03-22 22:51 -------- d-----w- c:\program files\Windows Live
2010-03-22 21:27 . 2010-03-22 21:27 -------- d-----w- c:\users\Public\Roaming
2010-03-22 21:27 . 2010-03-22 21:27 -------- d-----w- c:\users\Lisa Howley\Roaming
2010-03-22 21:27 . 2010-03-22 21:27 -------- d-----w- c:\users\Lisa Howley\AppData\Roaming\Intel
2010-03-22 21:27 . 2010-03-22 21:27 -------- d-----w- c:\users\Default\Roaming
2010-03-22 21:27 . 2010-03-22 21:27 -------- d-----w- c:\programdata\Roaming
2010-03-22 21:25 . 2010-03-22 21:25 -------- d-----w- c:\program files\Cisco
2010-03-22 21:25 . 2010-03-22 21:25 -------- d-----w- c:\program files\Common Files\Intel
2010-03-22 21:25 . 2010-03-22 21:25 -------- d-----w- c:\programdata\Intel
2010-03-22 21:24 . 2010-03-22 22:46 -------- d-----w- c:\program files\Microsoft
2010-03-22 21:24 . 2010-03-22 21:24 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-14 21:09 . 2010-03-14 21:09 52224 ----a-w- c:\users\Lisa Howley\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-14 21:09 . 2010-04-11 17:39 117760 ----a-w- c:\users\Lisa Howley\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-14 21:08 . 2010-03-14 21:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-03-14 21:07 . 2010-03-14 21:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-14 21:07 . 2010-03-14 21:07 -------- d-----w- c:\users\Lisa Howley\AppData\Roaming\SUPERAntiSpyware.com
2010-03-14 21:06 . 2010-03-14 21:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-14 17:27 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-14 17:27 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-14 17:27 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 18:42 . 2009-03-06 00:35 -------- d-----w- c:\program files\Google
2010-04-11 17:22 . 2008-04-30 09:42 -------- d-----w- c:\program files\Acer GameZone
2010-04-10 14:01 . 2010-04-10 14:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-04-09 21:52 . 2009-09-17 22:15 5972 ----a-w- c:\users\Lisa Howley\AppData\Local\d3d9caps.dat
2010-03-31 22:15 . 2010-03-05 21:10 439816 ----a-w- c:\users\Lisa Howley\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-03-26 15:48 . 2010-03-26 15:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-03-25 18:05 . 2009-03-06 15:33 -------- d-----w- c:\users\Lisa Howley\AppData\Roaming\Apple Computer
2010-03-25 17:55 . 2009-03-06 15:30 -------- d-----w- c:\programdata\Apple
2010-03-22 21:25 . 2008-04-30 07:21 -------- d-----w- c:\program files\Intel
2010-03-18 19:05 . 2008-04-30 09:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-14 18:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-14 17:35 . 2008-04-30 09:38 -------- d-----w- c:\programdata\Microsoft Help
2010-03-09 16:28 . 2010-03-09 16:28 149000 ----a-w- c:\users\Lisa Howley\AppData\Roaming\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-09 16:28 . 2010-03-09 16:27 10309448 ----a-w- c:\users\Lisa Howley\AppData\Roaming\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-09 16:25 . 2010-03-09 16:25 79368 ----a-w- c:\users\Lisa Howley\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe
2010-03-09 16:25 . 2010-03-09 16:25 64000 ----a-w- c:\users\Lisa Howley\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-09 16:25 . 2010-03-09 16:25 52288 ----a-w- c:\users\Lisa Howley\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-09 16:25 . 2010-03-09 16:25 50688 ----a-w- c:\users\Lisa Howley\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-09 16:25 . 2010-03-09 16:25 49152 ----a-w- c:\users\Lisa Howley\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-09 16:25 . 2010-03-09 16:25 118784 ----a-w- c:\users\Lisa Howley\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-02-27 19:28 . 2009-03-06 00:37 72312 ----a-w- c:\users\Lisa Howley\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-03-31 22:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 22:21 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 22:21 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 22:21 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-11 01:48 . 2010-02-11 01:47 -------- d-----w- c:\program files\iTunes
2010-02-11 01:47 . 2010-02-11 01:47 -------- d-----w- c:\program files\iPod
2010-02-11 01:47 . 2009-03-06 15:30 -------- d-----w- c:\program files\Common Files\Apple
2010-02-11 01:45 . 2010-02-11 01:44 -------- d-----w- c:\program files\QuickTime
2010-02-11 01:32 . 2010-02-11 01:32 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-02 19:11 . 2010-02-02 19:11 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbFEF.tmp.exe
2010-01-25 12:00 . 2010-02-26 17:14 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-26 17:14 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-26 17:14 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-26 17:14 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-26 17:14 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-26 17:14 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-26 17:14 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-26 17:14 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-26 17:14 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-26 17:15 2048 ----a-w- c:\windows\system32\tzres.dll
2008-12-09 21:32 . 2008-12-09 21:31 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-15 01:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 10:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 14:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-07 05:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-04-10 23:30 167936 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-05-15 01:05 526896 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2008-06-11 18:22 409600 ----a-w- c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 19:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-09-10 22:02 809480 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-04-18 22:18 167936 ----a-w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 02:15 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-11-30 18:48 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c4,17,22,77,d2,46,ca,01

R2 gupdate1c9a0fef85b4bd4;Google Update Service (gupdate1c9a0fef85b4bd4);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-09 133104]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NTPASp50.sys [2005-04-19 17536]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100402.001\IDSvix86.sys [2009-10-28 343088]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 61424]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-17 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-17 122368]
S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2008-06-06 435488]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-08-22 48688]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-09 21:35]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-09 21:35]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-eRecoveryService - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-04-11 20:07
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\0000024D 1343488 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Pervasive Software\PSQL]
@Denied: ) (Everyone)
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-04-11 20:11:44
ComboFix-quarantined-files.txt 2010-04-11 19:11

Pre-Run: 204,720,865,280 bytes free
Post-Run: 204,737,249,280 bytes free

- - End Of File - - B3F17A952055BF471CC0B28B8EC224F1

lhowley
Novice
Novice

Posts Posts : 14
Joined Joined : 2010-04-11
OS OS : windows vista
Points Points : 24486
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum