It is currently Sun Jul 15, 2018 11:49 pm


Laptop Slow & Freezes

Is your PC infected? Is it running slow? Just can't figure out what's making it sluggish? Here is the place to get some help.

Moderators: liljim, Gecko

Laptop Slow & Freezes

Postby jemmo » Fri Jan 24, 2014 12:10 am

Hi

My wife has been complaining that her laptop has been running slow, and more often lately has been freezing (mouse won't move - just changes from a pointer to a rotating arrow, hard drive activity light blinking like mad) for sometimes as long as a few minutes - then makes a beep and becomes useable.
We have run McAfee but that has made no difference. She reckons this happens every couple of days.
I have downloaded and rub DDS. Text file blow (wish I could read these things);

DS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20
Run by Bev at 10:28:20 on 2013-01-23
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.3000.902 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Windows\system32\dgdersvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe
C:\ProgramData\HP Mouse Suite Config\hpwjd.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\ProgramData\HP Mouse Suite Config\hpwmsd.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Users\Bev\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Windows\system32\SndVol.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mystart.incredimail.com?a=6PQrgSBCA3
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_7730
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s%s
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
dURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [KiesTrayAgent] c:\program files\samsung\kies\/\KiesTrayAgent.exe
uRun: [QuitCounter] c:\program files\quit counter\QuitCounter.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [eAudio] "c:\program files\acer\empowering technology\eaudio\eAudio.exe"
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [ProductReg] "c:\program files\acer\wr_popup\ProductReg.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Skytel] Skytel.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10d.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpmoni~1.lnk - c:\program files\hewlett-packard\hp mouse suite\hpMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpwjde~1.lnk - c:\programdata\hp mouse suite config\hpwjd.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpwmsd~1.lnk - c:\programdata\hp mouse suite config\hpwmsd.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.130\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{26C2E4C4-E2BE-4CC4-B5E9-F2C5411F0ABA} : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{6D1BAFBA-2E42-4BF5-8DF9-8C3CC90677F6} : DHCPNameServer = 192.168.1.254 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bev\appdata\roaming\mozilla\firefox\profiles\xvg8xryl.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.co.uk
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mc ... A111GB0&p=
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee security scan\3.8.130\npMcAfeeMSS.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\bev\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\users\bev\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: !HIDDEN! 2009-09-02 08:19; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-8-28 64512]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-5-3 213392]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-10-16 61424]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-10-16 81504]
R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2009-12-22 95568]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-4-17 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-9-19 217088]
R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2012-12-16 281560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-26 104880]
R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2012-12-16 145088]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2012-12-16 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2012-12-16 281560]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2012-12-16 281560]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2012-12-16 281560]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-5-3 203400]
R2 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-9-10 236000]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2012-12-16 638976]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-5-3 169320]
R2 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-4-17 572528]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-5-3 172416]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-10-16 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-1-23 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-1-23 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-1-23 171416]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-28 210432]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-3 60920]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2009-12-22 18120]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-9-19 36640]
R3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\drivers\HP8207_8307.sys [2010-2-4 13952]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-3 112128]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-17 81296]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-4-17 65928]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-3 365416]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2013-9-20 301248]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-17 3658752]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2152152]
S3 A310;AVerMedia A310 DVB-T;c:\windows\system32\drivers\AVerA310USB.sys [2008-4-17 25856]
S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\system32\drivers\AVerA310Cap.sys [2008-4-17 42880]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-10-17 147912]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.130\McCHSvc.exe [2013-9-6 235216]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2013-9-20 80656]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-3 92192]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-4-17 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-4-17 40552]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-9-19 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-9-19 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-9-19 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [2010-9-19 100224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-01-10 18:56:51 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{160d0701-007d-4a48-89d2-d838ac07586c}\mpengine.dll
2013-12-11 10:39:25 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 10:39:02 282624 ----a-w- c:\program files\internet explorer\ieinstal.exe
2013-11-14 12:35:47 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-11-14 12:35:17 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-11-14 12:35:11 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-14 12:35:10 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-17 13:52:27 147912 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2013-10-09 09:43:21 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 09:43:09 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-10-09 09:43:08 798208 ----a-w- c:\windows\system32\FntCache.dll
2013-10-09 09:43:07 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-10-09 09:43:07 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-10-09 09:43:07 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-10-09 09:43:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-10-09 09:43:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-10-09 09:43:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-10-09 09:43:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-10-09 09:42:58 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-09 09:42:57 37376 ----a-w- c:\windows\system32\cdd.dll
2013-10-09 09:42:12 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-09 09:42:10 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-09 09:42:10 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-09 09:42:09 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-09 09:42:08 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-09 09:42:06 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-09 09:41:59 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-10-09 09:41:58 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-10-09 09:41:54 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-09 09:41:45 134272 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2013-10-09 09:41:35 532480 ----a-w- c:\windows\system32\comctl32.dll
2013-10-09 09:41:27 35328 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-10-09 09:41:26 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-09-20 08:37:40 10152 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2013-09-20 08:37:24 80656 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2013-09-20 08:37:10 301248 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2013-09-14 09:43:57 615936 ----a-w- c:\windows\system32\themeui.dll
2013-09-12 12:14:42 18612928 ----a-w- c:\program files\common files\microsoft shared\office14\MSO.DLL
2013-09-05 00:43:06 72524480 ----a-w- c:\program files\common files\microsoft shared\office14\MSORES.DLL
2013-09-03 13:53:52 187248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-08-28 09:55:00 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-15 19:18:26 -------- d-----w- c:\windows\system32\MRT
2013-08-14 09:16:00 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 09:15:59 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-14 09:15:52 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 09:14:36 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 09:13:34 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 09:12:36 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 09:12:35 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 09:12:34 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 09:12:15 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 09:12:15 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 09:12:13 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-23 18:59:14 5799592 ----a-w- c:\program files\common files\microsoft shared\office14\office setup controller\OSETUP.DLL
2013-07-10 14:51:41 505344 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 14:51:11 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2013-06-28 21:53:24 3523832 ----a-w- c:\program files\common files\microsoft shared\office14\Csi.dll
2013-06-28 21:45:56 646368 ----a-w- c:\program files\common files\microsoft shared\office14\ACEEXCL.DLL
2013-06-25 21:19:36 988888 ----a-w- c:\program files\common files\microsoft shared\office14\msoshext.dll
2013-06-25 19:22:58 988888 ----a-w- c:\program files\common files\microsoft shared\filters\odffilt.dll
2013-06-25 19:22:58 1123032 ----a-w- c:\program files\common files\microsoft shared\filters\offfiltx.dll
2013-06-24 20:25:32 -------- d-----w- c:\users\bev\appdata\roaming\PowerCinema
2013-06-22 11:13:55 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-22 11:13:55 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-22 11:13:35 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-22 11:13:32 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-22 11:09:28 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-24 11:51:44 2194128 ----a-w- c:\program files\common files\microsoft shared\office14\ACECORE.DLL
2013-05-19 10:07:48 -------- d-----w- c:\users\bev\appdata\local\Canon Easy-PhotoPrint EX
2013-04-10 13:20:19 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 13:20:09 64000 ----a-w- c:\windows\system32\smss.exe
2013-04-10 13:20:08 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 13:19:38 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 13:19:34 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-03-21 18:07:37 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-20 01:24:50 105664 ----a-w- c:\program files\common files\microsoft shared\office14\1033\xlsrvintl.dll
2013-03-10 05:38:20 84736 ----a-w- c:\program files\common files\microsoft shared\vsta\pipeline.v10.0\hostsideadapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll
2013-03-10 05:38:20 78592 ----a-w- c:\program files\common files\microsoft shared\vsta\pipeline.v10.0\hostsideadapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll
2013-03-10 05:38:20 64240 ----a-w- c:\program files\common files\microsoft shared\vsta\pipeline.v10.0\hostsideadapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll
2013-03-10 05:38:20 42248 ----a-w- c:\program files\common files\microsoft shared\vsta\pipeline.v10.0\hostsideadapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll
2013-03-10 05:38:20 42240 ----a-w- c:\program files\common files\microsoft shared\vsta\pipeline.v10.0\addinsideadapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll
2013-03-10 05:38:20 36096 ----a-w- c:\program files\common files\microsoft shared\vsta\pipeline.v10.0\hostsideadapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll
2013-03-10 05:38:20 33528 ----a-w- c:\program files\common files\microsoft shared\vsta\pipeline.v10.0\addinviews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll
2013-03-10 05:38:20 25336 ----a-w- c:\program files\common files\microsoft shared\vsta\pipeline.v10.0\contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll
2013-03-10 05:38:20 24816 ----a-w- c:\program files\common files\microsoft shared\vsta\pipeline.v10.0\contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll
2013-03-09 08:17:04 82576 ----a-w- c:\program files\common files\microsoft shared\vsto\10.0\VSTOInstaller.exe
2013-03-09 08:17:04 49832 ----a-w- c:\program files\common files\microsoft shared\vsto\10.0\VSTOMessageProvider.dll
2013-03-09 08:17:04 268440 ----a-w- c:\program files\common files\microsoft shared\vsto\10.0\VSTOLoader.dll
2013-03-09 08:17:04 19080 ----a-w- c:\program files\common files\microsoft shared\vsto\10.0\1033\VSTOLoaderUI.dll
2013-03-09 08:17:04 116880 ----a-w- c:\program files\common files\microsoft shared\vsto\vstoee.dll
2013-03-09 08:17:04 10912 ----a-w- c:\program files\common files\microsoft shared\vsto\10.0\1033\VSTOInstallerUI.dll
2013-03-08 22:59:30 378072 ----a-w- c:\program files\common files\microsoft shared\office14\ACEOLEDB.DLL
2013-03-07 12:48:02 81920 ----a-w- c:\program files\common files\microsoft shared\vsta\pipeline.v10.0\addinsideadapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll
2013-03-07 12:48:02 36864 ----a-w- c:\program files\common files\microsoft shared\vsta\pipeline.v10.0\addinsideadapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll
2013-03-07 12:48:00 94208 ----a-w- c:\program files\common files\microsoft shared\vsta\pipeline.v10.0\addinviews\Microsoft.Office.Tools.v9.0.dll
2013-03-07 12:48:00 49152 ----a-w- c:\program files\common files\microsoft shared\vsta\pipeline.v10.0\contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll
2013-03-07 12:48:00 36864 ----a-w- c:\program files\common files\microsoft shared\vsta\pipeline.v10.0\addinsideadapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll
2013-03-07 12:48:00 131072 ----a-w- c:\program files\common files\microsoft shared\vsta\appinfodocument\microsoft.visualstudio.tools.office.appinfodocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll
2013-03-07 12:47:56 77824 ----a-w- c:\program files\common files\microsoft shared\vsta\pipeline.v10.0\addinviews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll
2013-03-07 12:47:56 45056 ----a-w- c:\program files\common files\microsoft shared\vsta\pipeline.v10.0\addinsideadapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll
2013-03-07 12:47:56 22016 ----a-w- c:\program files\common files\microsoft shared\vsta\pipeline.v10.0\contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll
2013-03-06 08:42:18 1101504 ----a-w- c:\program files\common files\microsoft shared\office14\office setup controller\Setup.exe
2013-03-06 08:11:18 4526232 ----a-w- c:\program files\common files\microsoft shared\office14\office setup controller\promo.exe
2013-03-06 08:07:48 839360 ----a-w- c:\program files\common files\microsoft shared\dw\DW20.EXE
2013-03-06 08:07:48 520424 ----a-w- c:\program files\common files\microsoft shared\dw\DWTRIG20.EXE
2013-03-06 07:09:58 554672 ----a-w- c:\program files\common files\microsoft shared\portal\PortalConnectCore.dll
2013-02-18 15:45:56 647816 ----a-w- c:\program files\common files\microsoft shared\office14\ACEES.DLL
2013-02-18 15:45:56 544920 ----a-w- c:\program files\common files\microsoft shared\office14\ACEDAO.DLL
2013-02-18 15:45:56 528536 ----a-w- c:\program files\common files\microsoft shared\office14\ACEREP.DLL
2013-02-18 15:45:56 37000 ----a-w- c:\program files\common files\microsoft shared\office14\ACEERR.DLL
2013-02-18 15:45:56 363656 ----a-w- c:\program files\common files\microsoft shared\office14\ACEXBE.DLL
2013-02-18 15:45:56 335488 ----a-w- c:\program files\common files\microsoft shared\office14\ACEEXCH.DLL
2013-02-18 15:45:56 221304 ----a-w- c:\program files\common files\microsoft shared\office14\ACETXT.DLL
2013-02-18 14:42:42 101992 ----a-w- c:\program files\common files\microsoft shared\office14\EXP_PDF.DLL
2013-02-14 15:10:00 59480 ----a-w- c:\program files\common files\microsoft shared\office14\EXP_XPS.DLL
2013-02-14 14:21:08 45728 ----a-w- c:\program files\common files\microsoft shared\office14\ACERCLR.DLL
2013-02-14 14:21:08 330360 ----a-w- c:\program files\common files\microsoft shared\office14\ACER3X.DLL
2013-02-14 14:21:08 279696 ----a-w- c:\program files\common files\microsoft shared\office14\ACEODBC.DLL
2013-02-13 22:44:55 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-02-06 11:27:07 -------- d-----w- c:\program files\Mozilla Firefox(14)
2013-01-23 10:15:37 18968 ----a-w- c:\windows\system32\sdnclean.exe
2013-01-23 10:14:37 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-01-23 02:12:52 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{160d0701-007d-4a48-89d2-d838ac07586c}\offreg.dll
2013-01-15 12:33:16 1367640 ----a-w- c:\program files\common files\microsoft shared\office14\RICHED20.DLL
2013-01-09 14:02:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 14:02:13 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-08 06:25:18 640216 ----a-w- c:\program files\common files\microsoft shared\office14\USP10.DLL
2013-01-06 17:38:58 -------- d-----w- c:\programdata\Xerox
2013-01-06 17:14:24 73728 ------w- c:\windows\system32\BRCrypt.dll
2013-01-06 17:13:52 102400 ------w- c:\windows\system32\BrMfNt.dll
2013-01-06 17:13:44 57856 ------w- c:\windows\system32\BrWiaNCp.dll
2013-01-06 17:13:44 42496 ------w- c:\windows\system32\Brnsplg.dll
2013-01-06 17:13:43 63488 ------w- c:\windows\system32\BrNetSti.dll
2013-01-06 17:13:43 106496 ------w- c:\windows\system32\BrMuSNMP.dll
2013-01-06 17:13:16 167936 ------w- c:\windows\system32\NSSearch.dll
2013-01-06 16:41:47 -------- d-----w- c:\programdata\Brother
2013-01-06 16:41:25 -------- d-----w- c:\users\bev\appdata\local\Macromedia
2013-01-06 16:38:41 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2013-12-11 09:05:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 03:33:38 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-04 17:22:36 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-11-04 17:17:14 213392 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-11-04 17:12:26 572528 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-11-04 17:10:42 365416 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-11-04 17:10:02 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2013-11-04 17:09:20 236000 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-11-04 17:08:22 133992 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-10-30 02:13:01 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-30 02:12:54 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-10-30 01:43:04 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-10-30 00:43:06 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-10-24 02:17:49 834048 ----a-w- c:\windows\system32\wininet.dll
2013-10-24 02:17:06 53760 ----a-w- c:\windows\apppatch\iebrshim.dll
2013-10-24 02:16:58 19456 ----a-w- c:\windows\system32\corpol.dll
2013-10-24 00:55:43 389632 ----a-w- c:\windows\system32\html.iec
2013-10-24 00:44:32 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-22 07:19:59 158208 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-11 02:08:55 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-10-11 02:08:55 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-10-11 02:08:35 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-11 00:35:42 135168 ----a-w- c:\windows\system32\cscript.exe
2013-10-11 00:35:41 155648 ----a-w- c:\windows\system32\wscript.exe
2012-11-09 06:52:22 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 06:52:12 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
.
============= FINISH: 10:30:23.33 ===============


Can anyone see if there is there anything suspicious here?

Thanks in anticipation.
Jemmo
jemmo
Senior Geek
Senior Geek
 
Posts: 122
Joined: Tue Feb 24, 2004 1:00 am

Thanks given:0
Thanks received:0
Top

Re: Laptop Slow & Freezes

Postby Gecko » Fri Jan 24, 2014 5:27 pm

jemmo,

I do see some questionable entries in your log.

Please download combofix to your desktop.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Double click combofix.exe and follow the prompts.

If combofix will not start or is ended before the "Blue window" please rename combofix.exe to cbf.exe and try again.

If cbf.exe will not start or is ended, you will have to run cbf.exe from safe mode.
Reboot in to Safe mode:
Restart Windows after you see the BIOS screen and before Windows starts to load.
Start tapping the F8 key. The Windows Advanced Options Menu appears.
Use the Arrow key to ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.

Do not exit Combofix while it is running you my loose all your personal settings!
Important Note - Do not mouseclick combofix's window while it's running, that may cause it to stall.

When it's done running it will produce a log for you. Please post that log in your next reply.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5209
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Laptop Slow & Freezes

Postby jemmo » Sun Jan 26, 2014 4:11 pm

Thanks Gecko. Assistance much appreciated.
Combofix generated the following;

ComboFix 14-01-23.02 - Bev 26/01/2014 2:11.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.3000.1619 [GMT 0:00]
Running from: d:\crossstitch\BEV\Bevs Downloads\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HPMonitor.exe.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpwjd.exe.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpwmsd.exe.lnk
c:\programdata\windows
c:\programdata\windows\msxx.dat
c:\programdata\windows\vvve.dat
c:\users\Bev\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0AAD9B92-854A-4A7D-B159-55E09A31E559}.xps
c:\users\Bev\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7C0B032F-60EB-429B-9C20-04B3F00BA8E0}.xps
c:\windows\wininit.ini
D:\Pictures.lnk
c:\program files\McAfee.com\Agent\mcagent.exe . . . . Failed to delete
.
---- Previous Run -------
.
c:\progra~1\LAUNCH~1\QtZgAcer.EXE
c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
c:\program files\Acer\WR_PopUp\ProductReg.exe
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\Malwarebytes' Anti-Malware\mbam.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
c:\program files\QuickTime\QTTask.exe
c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Yahoo!\Messenger\YahooMessenger.exe
c:\programdata\io3t50UP.exe
c:\windows\PLFSetI.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At12.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_GoogleDesktopManager-110309-193829
.
.
((((((((((((((((((((((((( Files Created from 2013-12-26 to 2014-01-26 )))))))))))))))))))))))))))))))
.
.
2014-01-26 02:29 . 2014-01-26 02:34 -------- d-----w- c:\users\Bev\AppData\Local\temp
2014-01-26 02:29 . 2014-01-26 02:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-26 02:29 . 2014-01-26 02:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-10 18:56 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{160D0701-007D-4A48-89D2-D838AC07586C}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 09:05 . 2013-01-06 16:38 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 09:05 . 2011-12-24 11:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 03:33 . 2011-12-24 14:55 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-04 17:22 . 2010-05-03 15:59 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-11-04 17:17 . 2010-05-03 15:59 213392 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-11-04 17:12 . 2008-04-17 15:35 572528 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-11-04 17:10 . 2010-05-03 15:59 365416 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-11-04 17:10 . 2008-04-17 15:35 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2013-11-04 17:09 . 2011-09-10 13:06 236000 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-11-04 17:08 . 2010-05-03 15:59 133992 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-10-30 02:13 . 2008-01-21 02:32 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-30 02:12 . 2013-12-11 10:38 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-10-30 01:43 . 2013-12-11 10:38 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-10-30 00:43 . 2013-12-11 10:38 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-10-30 00:35 . 2013-12-11 10:39 2050560 ----a-w- c:\windows\system32\win32k.sys
2009-11-27 12:16 . 2013-10-29 13:59 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
Code: Select all
<pre>
c:\program files\Acer\Empowering Technology\eAudio\eAudio .exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader .exe
c:\program files\Acer\Empowering Technology\ePower\ePower_DMC .exe
c:\program files\Acer\WR_PopUp\ProductReg .exe
c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent .exe
c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc .exe
c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService .exe
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
c:\program files\iTunes\iTunesHelper .exe
c:\windows\PLFSetI .exe
</pre>

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [N/A]
"KiesTrayAgent"="c:\program files\Samsung\Kies\/\KiesTrayAgent.exe" [N/A]
"QuitCounter"="c:\program files\Quit Counter\QuitCounter.exe" [2005-03-14 1448848]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [N/A]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [N/A]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [N/A]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [N/A]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [N/A]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-02 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-02 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-02 145944]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [N/A]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [N/A]
"PLFSetI"="c:\windows\PLFSetI.exe" [N/A]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [N/A]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [N/A]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [N/A]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [N/A]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [N/A]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [N/A]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [N/A]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-01-26 516912]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [N/A]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-15 2565520]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-03-28 1611160]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-01-26 516912]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-03-18 173352]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-25 113664]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-2-18 118784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys [2008-04-15 25856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeapfk01
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-06 09:06]
.
2014-01-26 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-01-23 10:57]
.
2014-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 19:09]
.
2014-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce7814b980d430.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 19:09]
.
2013-01-23 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-01-23 10:49]
.
2013-01-24 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-01-23 10:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com?a=6PQrgSBCA3
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_7730
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
FF - ProfilePath - c:\users\Bev\AppData\Roaming\Mozilla\Firefox\Profiles\xvg8xryl.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.co.uk
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mc ... A111GB0&p=
FF - ExtSQL: !HIDDEN! 2009-09-02 08:19; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-26 02:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1480)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
c:\windows\system32\dgdersvc.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\windows\system32\FsUsbExService.Exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\SiteAdvisor\McSACore.exe
c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\McAfee\MSC\McAPExe.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\AMCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe
c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\McAfee\VirusScan\mcods.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\RacAgent.exe
.
**************************************************************************
.
Completion time: 2014-01-26 02:47:05 - machine was rebooted
ComboFix-quarantined-files.txt 2014-01-26 02:46
ComboFix2.txt 2011-08-27 18:13
ComboFix3.txt 2011-01-10 19:59
.
Pre-Run: 20,589,449,216 bytes free
Post-Run: 22,034,276,352 bytes free
.
- - End Of File - - 218630676E226C7D1049AD61E782B287
7BA4C7EA1EF33A92F5F01BE63EDACB6A
Jemmo
jemmo
Senior Geek
Senior Geek
 
Posts: 122
Joined: Tue Feb 24, 2004 1:00 am

Thanks given:0
Thanks received:0
Top

Re: Laptop Slow & Freezes

Postby Gecko » Tue Jan 28, 2014 1:36 pm

Please download RKill by Grinler from the link below and save it to your desktop.
http://download.bleepingcomputer.com/grinler/rkill.exe

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, Windows 7 please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
Please post the resulting log in your next reply.

Now run Combofix again and post it's resulting log in your next reply along with the RKill log
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5209
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Laptop Slow & Freezes

Postby jemmo » Tue Jan 28, 2014 8:42 pm

I have thr rKill file but Combofix is saying;

Current date is 2014002-28. Combofix has expired.
Click 'Yes' to run in REDUCED FUNCTIONALITY mode
Click 'No' to exit

What should I do?
Jemmo
jemmo
Senior Geek
Senior Geek
 
Posts: 122
Joined: Tue Feb 24, 2004 1:00 am

Thanks given:0
Thanks received:0
Top

Re: Laptop Slow & Freezes

Postby jemmo » Tue Jan 28, 2014 9:31 pm

I rand in REDUCED FUNCTIONALITY mode.
Results of rKill as follows;

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/28/2014 07:05:45 PM in x86 mode.
Windows Version: Windows Vista (TM) Home Basic Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\FsUsbExService.Exe (PID: 304) [WD-HEUR]
* C:\Users\Bev\AppData\Local\Temp\RtkBtMnt.exe (PID: 5172) [UP-HEUR]
* C:\Users\Bev\AppData\Local\Temp\RtkBtMnt.exe (PID: 5172) [T-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

* ALERT: ZEROACCESS rootkit symptoms found!

* C:\Users\Bev\AppData\Local\{2ee9930a-52c8-0f2f-2ea3-d7c248d7e63d}\ [ZA Dir]
* C:\Users\Bev\AppData\Local\{2ee9930a-52c8-0f2f-2ea3-d7c248d7e63d}\L\ [ZA Dir]
* C:\Users\Bev\AppData\Local\{2ee9930a-52c8-0f2f-2ea3-d7c248d7e63d}\U\ [ZA Dir]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/28/2014 07:09:42 PM
Execution time: 0 hours(s), 3 minute(s), and 56 seconds(s)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Results of second Combofix run as follows;
(there were a couple of McAfee services I could't get to stop)

ComboFix 14-01-23.02 - Bev 28/01/2014 20:00:40.4.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.3000.1383 [GMT 0:00]
Running from: d:\crossstitch\BEV\Bevs Downloads\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2013-12-28 to 2014-01-28 )))))))))))))))))))))))))))))))
.
.
2014-01-28 20:05 . 2014-01-28 20:06 -------- d-----w- c:\users\Bev\AppData\Local\temp
2014-01-28 20:05 . 2014-01-28 20:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-28 20:05 . 2014-01-28 20:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-28 13:14 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{61457C94-66CB-41A5-BE4D-A282608D9170}\mpengine.dll
2014-01-26 16:30 . 2013-09-23 13:48 147912 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-18 06:13 . 2011-12-24 14:55 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-11 09:05 . 2013-01-06 16:38 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 09:05 . 2011-12-24 11:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-05 17:29 . 2010-05-03 15:59 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-12-05 17:22 . 2010-05-03 15:59 213392 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-12-05 17:16 . 2008-04-17 15:35 572688 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-12-05 17:14 . 2010-05-03 15:59 365416 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-12-05 17:14 . 2008-04-17 15:35 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2013-12-05 17:13 . 2011-09-10 13:06 236000 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-12-05 17:12 . 2010-05-03 15:59 133992 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2009-11-27 12:16 . 2013-10-29 13:59 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"QuitCounter"="c:\program files\Quit Counter\QuitCounter.exe" [2005-03-14 1448848]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-02 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-02 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-02 145944]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-01-26 516912]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-15 2565520]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-03-28 1611160]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-01-26 516912]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-03-18 173352]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-25 113664]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-2-18 118784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys [2008-04-15 25856]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeapfk01
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-06 09:06]
.
2014-01-27 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-01-23 10:57]
.
2014-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 19:09]
.
2014-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce7814b980d430.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 19:09]
.
2013-01-23 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-01-23 10:49]
.
2013-01-24 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-01-23 10:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com?a=6PQrgSBCA3
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_7730
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
FF - ProfilePath - c:\users\Bev\AppData\Roaming\Mozilla\Firefox\Profiles\xvg8xryl.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.co.uk
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mc ... A111GB0&p=
FF - ExtSQL: !HIDDEN! 2009-09-02 08:19; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
HKCU-Run-KiesTrayAgent - c:\program files\Samsung\Kies\/\KiesTrayAgent.exe
HKLM-Run-SynTPEnh - c:\program files\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-ePower_DMC - c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
HKLM-Run-eDataSecurity Loader - c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
HKLM-Run-eAudio - c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe
HKLM-Run-BkupTray - c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
HKLM-Run-IAAnotif - c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe
HKLM-Run-LManager - c:\progra~1\LAUNCH~1\QtZgAcer.EXE
HKLM-Run-PLFSetI - c:\windows\PLFSetI.exe
HKLM-Run-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
HKLM-Run-ArcadeDeluxeAgent - c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
HKLM-Run-PlayMovie - c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
HKLM-Run-ProductReg - c:\program files\Acer\WR_PopUp\ProductReg.exe
HKLM-Run-SSBkgdUpdate - c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
HKLM-Run-OpwareSE4 - c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
HKLM-Run-TkBellExe - c:\program files\Real\RealPlayer\Update\realsched.exe
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10d.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-28 20:05
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4156)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Completion time: 2014-01-28 20:13:06
ComboFix-quarantined-files.txt 2014-01-28 20:12
ComboFix2.txt 2014-01-26 02:47
ComboFix3.txt 2011-08-27 18:13
ComboFix4.txt 2011-01-10 19:59
.
Pre-Run: 20,914,642,944 bytes free
Post-Run: 20,849,266,688 bytes free
.
- - End Of File - - 7FD1676755E2BC4FBB8BE99B229CD4E0
7BA4C7EA1EF33A92F5F01BE63EDACB6A
Jemmo
jemmo
Senior Geek
Senior Geek
 
Posts: 122
Joined: Tue Feb 24, 2004 1:00 am

Thanks given:0
Thanks received:0
Top

Re: Laptop Slow & Freezes

Postby Gecko » Wed Jan 29, 2014 1:04 pm

First of all you do need to install the combofix update as your version is expired. Please download combofix to your desktop.

Next:
Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Folder::
c:\users\Bev\AppData\Local\temp
c:\users\Public\AppData\Local\temp
c:\users\Default\AppData\Local\temp

Now drag then drop the CFScript file onto ComboFix.exe
Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5209
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Laptop Slow & Freezes

Postby jemmo » Wed Jan 29, 2014 11:02 pm

Having a game downloading ComboFix. After downloading, I want to go to the containing folder, but the option is greyed out. Will try again torrow but at the moment we are stuck.
Have tried downloading from wife's laptop as well as my own pc. Same result on both machines.
Jemmo
jemmo
Senior Geek
Senior Geek
 
Posts: 122
Joined: Tue Feb 24, 2004 1:00 am

Thanks given:0
Thanks received:0
Top

Re: Laptop Slow & Freezes

Postby Gecko » Thu Jan 30, 2014 3:00 am

Jemmo,

Try saving it to the desktop, that is the designed start-up location.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5209
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Laptop Slow & Freezes

Postby jemmo » Thu Jan 30, 2014 9:46 pm

Not a lot of joy in saving to Desktop at all.
I have watched the file dowload and when it starts to download, I get an icon for ComboFix, and a standard Windows Folder icon labelled Desktop.
When the download completes, the ComboFix icon disappears, and I left with an emty folder on my desktop called Desktop.
Is it worth running a McAfee Scan to try and reduce any nasties?
(I didn't want to do without asking first it in case it messed up the logs)
Jemmo
jemmo
Senior Geek
Senior Geek
 
Posts: 122
Joined: Tue Feb 24, 2004 1:00 am

Thanks given:0
Thanks received:0
Top

Re: Laptop Slow & Freezes

Postby Gecko » Fri Jan 31, 2014 3:24 pm

Jemmo,

I don't think McAfee will be able to remove this infection but you can try it.

If you still have your original combofix on your system just use that to drag and drop the CFScript.txt file onto. Then when asked about updating combofix select yes.

If you do not have your original combofix and it's not in your recyclebin then;
Download Malwarebytes Anti-Malware to your desktop and run the install. During the install check the box Check for Update once it's updated then run a Full scan.

When Malwarebytes Anti-Malware is finished it will produce a log, paste the contents of that log into your next reply.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5209
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Laptop Slow & Freezes

Postby jemmo » Sat Feb 01, 2014 1:21 pm

I have the results of the second ComboFix run;

ComboFix 14-02-01.01 - Bev 01/02/2014 11:46:54.5.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.3000.1724 [GMT 0:00]
Running from: C:\Users\Bev\Desktop\ComboFix.exe
Command switches used :: C:\Users\Bev\Desktop\cfscript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


c:\users\Bev\AppData\Local\temp
c:\users\Bev\AppData\Local\temp\eDatasecurity\FileList.txt
c:\users\Bev\AppData\Local\temp\tmp00002efd\tmp00000000
c:\users\Default\AppData\Local\temp
c:\users\Public\AppData\Local\temp


((((((((((((((((((((((((( Files Created from 2014-01-01 to 2014-02-01 )))))))))))))))))))))))))))))))


2014-01-31 16:15:07 . 2013-12-04 02:57:47 7760024 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BA3DDD96-58BA-40C8-B6FF-CE8F14F95C6A}\mpengine.dll
2014-01-29 22:15:45 . 2014-01-29 22:16:58 -------- d-----w- C:\Users\Bev\AppData\Roaming\GetRightToGo
2014-01-29 00:39:34 . 2014-01-29 00:39:34 -------- d-----w- C:\Windows\Migration
2014-01-26 16:30:28 . 2013-09-23 13:48:38 147912 ----a-w- C:\Windows\system32\drivers\HipShieldK.sys
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-12-18 06:13:56 . 2011-12-24 14:55:35 231584 ------w- C:\Windows\system32\MpSigStub.exe
2013-12-11 09:05:48 . 2013-01-06 16:38:41 692616 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 09:05:48 . 2011-12-24 11:03:33 71048 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-05 17:29:02 . 2010-05-03 15:59:43 60920 ----a-w- C:\Windows\system32\drivers\cfwids.sys
2013-12-05 17:22:20 . 2010-05-03 15:59:43 213392 ----a-w- C:\Windows\system32\drivers\mfewfpk.sys
2013-12-05 17:16:44 . 2008-04-17 15:35:56 572688 ----a-w- C:\Windows\system32\drivers\mfehidk.sys
2013-12-05 17:14:48 . 2010-05-03 15:59:43 365416 ----a-w- C:\Windows\system32\drivers\mfefirek.sys
2013-12-05 17:14:02 . 2008-04-17 15:35:56 65928 ----a-w- C:\Windows\system32\drivers\mfebopk.sys
2013-12-05 17:13:14 . 2011-09-10 13:06:26 236000 ----a-w- C:\Windows\system32\drivers\mfeavfk.sys
2013-12-05 17:12:06 . 2010-05-03 15:59:43 133992 ----a-w- C:\Windows\system32\drivers\mfeapfk.sys
2009-11-27 12:16:41 . 2013-10-29 13:59:41 119808 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll

Code: Select all
<pre>
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio .exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader .exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC .exe
C:\Program Files\Acer\WR_PopUp\ProductReg .exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent .exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc .exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService .exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\Program Files\Common Files\Java\Java Update\jusched .exe
C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Launch Manager\QtZgAcer .exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam  .exe
C:\Program Files\McAfee.com\Agent\mcagent .exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\Quit Counter\QuitCounter .exe
C:\Program Files\Samsung\Kies\KiesTrayAgent .exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4 .exe
C:\Program Files\Skype\Phone\Skype .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Windows\PLFSetI .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38:12 121392 ----a-w- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2008-02-27 17:56:54 1032376]
"QuitCounter"="C:\Program Files\Quit Counter\QuitCounter.exe" [2005-03-14 19:54:04 1448848]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:35:20 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 07:35:36 6111232]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-09-02 10:06:00 150040]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-09-02 10:05:00 170520]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-09-02 10:06:00 145944]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-11-12 15:33:10 141600]
"Skytel"="Skytel.exe" [2007-11-20 10:15:58 1826816]
"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2014-01-26 02:34:27 516912]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-15 02:09:00 2565520]
"CanonSolutionMenuEx"="C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-03-28 11:40:56 1611160]
"mcpltui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2014-01-26 02:34:27 516912]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 16:57:26 959904]
"CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-03-18 09:43:20 173352]
"SDTray"="C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 11:19:26 5624784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-25 113664]
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2011-2-18 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0\0sdnclean.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R3 A310;AVerMedia A310 DVB-T;C:\Windows\system32\DRIVERS\AVerA310USB.sys [2008-04-15 02:20:48 25856]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - FSUSBEXDISK
*Deregistered* - mfeapfk01
*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

Contents of the 'Scheduled Tasks' folder

2014-02-01 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-06 16:38:42 . 2013-12-11 09:06:00]

2014-02-01 C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-01-23 10:15:55 . 2013-09-20 10:57:22]

2014-02-01 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-01 19:09:26 . 2010-02-01 19:09:11]

2014-02-01 C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce7814b980d430.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-01 19:09:26 . 2010-02-01 19:09:11]

2013-01-23 C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-01-23 10:15:39 . 2013-09-20 10:49:14]

2014-02-01 C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2013-01-23 10:15:33 . 2013-09-20 10:51:08]


------- Supplementary Scan -------

uStart Page = hxxp://mystart.incredimail.com?a=6PQrgSBCA3
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_7730
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s%s
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
FF - ProfilePath - C:\Users\Bev\AppData\Roaming\Mozilla\Firefox\Profiles\xvg8xryl.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.co.uk
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mc ... A111GB0&p=
FF - ExtSQL: !HIDDEN! 2009-09-02 08:19; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension


**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-01 12:10:16
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl"

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

Completion time: 2014-02-01 12:17:23
ComboFix-quarantined-files.txt 2014-02-01 12:17:14
ComboFix2.txt 2014-01-28 20:13:10
ComboFix3.txt 2014-01-26 02:47:13
ComboFix4.txt 2011-08-27 18:13:49
ComboFix5.txt 2014-02-01 11:43:11

Pre-Run: 20,474,281,984 bytes free
Post-Run: 20,241,133,568 bytes free

- - End Of File - - 161C1E444A60053819ACB4FEDD95C53D
7BA4C7EA1EF33A92F5F01BE63EDACB6A
Jemmo
jemmo
Senior Geek
Senior Geek
 
Posts: 122
Joined: Tue Feb 24, 2004 1:00 am

Thanks given:0
Thanks received:0
Top

Re: Laptop Slow & Freezes

Postby Gecko » Sun Feb 02, 2014 2:53 pm

It's looking better and should be running better at this point.

I see in your log that you have Malwarebytes Anti-Malware installed, start it, make sure it is up to date and then run a Full scan with Malwarebytes Anti-Malware.

When Malwarebytes Anti-Malware is finished it will produce a log, paste the contents of that log into your next reply.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5209
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Laptop Slow & Freezes

Postby jemmo » Sat Feb 08, 2014 10:36 pm

Apologies for the delay in getting back.

Ran a Malware scan - all looked clean - but McAfee alerted the good lady to a trojan found yesterday which required a restart to remove. But something is not right as when I try and open McAfee Security Centre I get the quick display on an empty comand window and nothing happens.

Malwarebytes log as follows;

Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org

Database version: v2014.02.07.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Bev :: BEV-PC [administrator]

07/02/2014 21:28:05
mbam-log-2014-02-07 (21-28-05).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 402482
Time elapsed: 6 hour(s), 34 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



((((((((((((((((((((((((00000))))))))))))))))))))))))))

One thing I have just noticed in the Resource Monitor, is in the Disk section there are lots of entries where the file path ends in IE5. The thing is, wifey uses Firefox, not IE5. So that's a bit strange.
The full path f these entries is;

C:\Users\Bev\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QPJHOV3\Client[1].txt

with each entry having a different seemingly random entry after Temporary Internet Files.
Jemmo
jemmo
Senior Geek
Senior Geek
 
Posts: 122
Joined: Tue Feb 24, 2004 1:00 am

Thanks given:0
Thanks received:0
Top

Re: Laptop Slow & Freezes

Postby Gecko » Sun Feb 09, 2014 4:27 pm

Jemmo,

First the Content.IE5 folder is where IE stores it's temp files this can be cleaned out by "Deleting Browser History" from within Internet Explorer.

It looks like combofix tried to delete a McAfee file but the log says it failed, so just in case lets restore it if it did get removed.
Open Notepad and copy/paste the text in the below code box into it:
Code: Select all
KILLALL::

DeQuarantine::
C:\Qoobox\Quarantine\C\program files\McAfee.com\Agent\mcagent.exe
QUIT::

Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
If it asks you to overide the previous file with the same name, click YES.
Now drag then drop the CFScript file onto ComboFix.exe
Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.
Also I never did see your RKill log please post that as welll
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5209
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Next

Return to Malware Support

Who is online

Users browsing this forum: No registered users and 2 guests

cron