|
Windows Vista Problem solving for the Windows Vista Operating System. Please remember to state which edition of Vista you are using - Home Basic, Home Premium, Business, Ultimate etc. and whether you are using the 32-bit or 64-bit version if you know. |
|
Topic Tools |
#46
|
|||
|
|||
ComboFix 09-03-23.01 - leedylan 2009-03-28 0:34:37.3 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.446.172 [GMT 0:00] Running from: C:\ComboFix.exe Command switches used :: c:\users\leedylan\Desktop\CFScript.txt AV: AVG 7.5.557 *On-access scanning enabled* (Updated) FILE :: C:\avgremover.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\avgremover.exe c:\programdata\avg7 c:\users\Facto\AppData\Roaming\AVG7 c:\users\leedylan\AppData\Roaming\AVG7 c:\users\Twins\AppData\Roaming\AVG7 . ((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-28 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-03-28 00:25 --------- d-----w c:\programdata\Google Updater 2009-03-28 00:17 --------- d-----w c:\programdata\NortonInstaller 2009-03-25 07:03 2,934,667 ----a-r C:\ComboFix.exe 2009-03-24 20:02 --------- d-----w c:\programdata\Kontiki 2009-03-22 07:52 --------- d-----w c:\users\Twins\AppData\Roaming\Nokia 2009-03-22 07:47 --------- d-----w c:\users\Twins\AppData\Roaming\ATI 2009-03-19 19:39 --------- dc----w c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-03-19 18:59 --------- d-----w c:\users\leedylan\AppData\Roaming\Azureus 2009-03-19 00:16 --------- d-----w c:\program files\My Faster PC 2009-03-16 03:08 --------- d-----w c:\programdata\Microsoft Help 2009-03-14 17:43 --------- d-----w c:\program files\Microsoft Silverlight 2008-06-15 22:16 6,054,320 ----a-w c:\users\leedylan\bitcomet_setup.exe 2008-06-15 20:23 18,878,872 ----a-w c:\users\leedylan\TomTomHOME2winlatest.exe 2008-05-27 00:08 6,919,576 ----a-w c:\users\leedylan\PokerStarsInstall.exe 2008-05-26 22:40 56 ---ha-w c:\users\All Users\ezsidmv.dat 2008-05-26 22:40 56 ---ha-w c:\programdata\ezsidmv.dat 2008-05-26 22:31 22,296,360 ----a-w c:\users\leedylan\SkypeSetup.exe 2008-04-20 19:11 1,771,601 ----a-w c:\users\leedylan\ComboFix.exe 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini 2008-10-15 09:41 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t 2008-10-15 09:41 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-10-15 09:41 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( SnapShot_2009-03-27_ 6.59.54.70 ))))))))))))))))))))))))))))))))))))))))) . - 2009-03-27 06:59:10 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat + 2009-03-28 00:30:17 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat + 2009-03-28 00:30:17 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat .LOG1 - 2009-03-27 06:59:03 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.d at + 2009-03-28 00:30:17 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.d at + 2009-03-28 00:30:17 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.d at.LOG1 + 2009-03-27 18:54:56 2,172 ----a-w c:\windows\SoftwareDistribution\EventCache\{8FC6A1 04-5AD1-4382-A9C1-C95832BC9A5C}.bin - 2009-03-26 21:55:31 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at + 2009-03-28 00:25:12 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at - 2009-03-26 21:55:31 573,440 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-03-28 00:25:12 573,440 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-03-26 21:55:31 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat + 2009-03-28 00:25:12 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat - 2009-03-25 20:43:08 5,767,168 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat + 2009-03-28 00:21:06 5,767,168 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat - 2009-03-26 19:32:26 14,000 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1418644755-1261851474-3168225958-1002_UserData.bin + 2009-03-28 00:25:09 14,052 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1418644755-1261851474-3168225958-1002_UserData.bin - 2009-03-26 19:32:26 59,606 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin + 2009-03-28 00:25:09 59,606 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin - 2009-03-26 19:32:21 50,256 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin + 2009-03-28 00:25:08 50,256 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-05-18 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-27 185896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce] "GrpConv"="grpconv -o" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm [HKLM\~\startupfolder\C:^Users^leedylan^AppData^Roa ming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\leedylan\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup |
#47
|
|||
|
|||
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
--a------ 2006-12-11 17:27 530552 c:\program files\TOSHIBA\FlashCards\TCrdMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-06-06 22:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a------ 2006-07-11 17:12 90112 c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2006-10-26 23:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-06-01 15:51 257088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx] --a------ 2008-02-27 16:56 1032376 c:\program files\Kontiki\KHost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher] --a------ 2007-09-07 13:44 3100672 c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Dispatcher v3] --a------ 2007-04-20 13:42 503808 c:\windows\System32\spool\drivers\w32x86\3\fppdis3 a.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-04-27 08:41 282624 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] --a------ 2006-12-14 19:09 493688 c:\program files\TOSHIBA\SmoothView\SmoothView.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-11-30 09:21 136600 c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-05-18 11:13 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2006-10-27 12:50 815104 c:\program files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-01-27 23:35 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] --a------ 2008-05-06 08:42 202088 c:\program files\TomTom HOME 2\HOMERunner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi] --a------ 2006-12-15 17:11 577536 c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD] --a------ 2006-11-13 09:06 413696 c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration] --a------ 2006-12-13 14:42 554640 c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Volume Indicator] --a------ 2006-12-13 09:33 94208 c:\program files\TOSHIBA\Utilities\VolControl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain] --a------ 2006-12-14 19:07 411768 c:\program files\TOSHIBA\Power Saver\TPwrMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2007-06-07 20:06 1006264 c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] --a------ 2006-11-01 15:37 3772416 c:\windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules] "{2414C825-3C07-4022-8F8E-263C8E7DA0BC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{B9CA18BA-DEFE-4047-9E2D-9AD1D8EBCD78}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{B4547ACD-218B-4A07-9C9A-C6885005DADF}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{D841EC41-2E5E-42E1-B9D9-026126E24FB1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{95FF6ED1-8295-454E-A97D-7901EF5CE650}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{2BC0F0E8-8386-4F9F-8DDD-A2D4ECBB8A5C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{A48FAB0E-8A4D-42DF-9FFC-69586629E2A6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{B158747C-A695-40A3-8AF9-ECFBF8B1DB8C}c:\\program files\\william hill poker\\ua.exe"= UDP:c:\program files\william hill poker\ua.exe:UA Application "UDP Query User{607FD1C2-3EA1-45E0-AB28-D66339A42E16}c:\\program files\\william hill poker\\ua.exe"= TCP:c:\program files\william hill poker\ua.exe:UA Application "{8C471555-5C87-4B58-88C4-706CA4E12B44}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{47BE433E-88D6-434E-AC82-7F0665A2E093}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{65247414-CC85-421A-B33F-58909DEA2377}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{43EAE9D0-BC1D-436A-89DC-45BD64BDF749}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{0C83B7E7-560F-4F5D-90A4-2C9738B3121E}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "UDP Query User{53ED86DF-D679-4C05-A111-BDA6D4999FFD}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "{DA072B71-2F61-48F4-9357-C2CA286038F5}"= UDP:c:\program files\Kontiki\KService.exeelivery Manager Service "{5E879825-E0E5-4DD0-A417-4645821825A7}"= TCP:c:\program files\Kontiki\KService.exeelivery Manager Service "TCP Query User{536A1E11-45ED-4CCB-907E-6DB1B1A45D23}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{D3873B32-7787-4828-8C6F-22CA7D28FB42}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus "{5DF30A91-9F61-4379-B894-377626D4C68D}"= UDP:c:\users\leedylan\AppData\Local\Temp\7zSC45D.t mp\SymNRT.exe:Norton Removal Tool "{54A4DB64-F81B-4687-96B1-19BFC942ECF7}"= TCP:c:\users\leedylan\AppData\Local\Temp\7zSC45D.t mp\SymNRT.exe:Norton Removal Tool [HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\PPStream\\PPStream.exe"= c:\program files\PPStream\PPStream.exe:*:Enabled:PPStream [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9bd9459c-f9a0-11dc-908f-001b2406dd74}] \shell\AutoRun\command - D:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2007-12-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] 2009-03-28 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 21:27] 2008-06-01 c:\windows\Tasks\Norton Security Scan.job - c:\program files\Norton Security Scan\Nss.exe [2008-01-09 03:08] . - - - - ORPHANS REMOVED - - - - HKLM-RunOnce-<NO NAME> - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Post Image to Blog - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5003 IE: Tag This Image - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5002 IE: Transload Image to ImageShack - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5004 IE: Upload All Images to ImageShack - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5000 IE: Upload Image to ImageShack - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5001 IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-28 00:37:32 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2009-03-28 0:39:44 ComboFix-quarantined-files.txt 2009-03-28 00:39:39 ComboFix2.txt 2009-03-27 07:01:27 ComboFix3.txt 2008-04-20 19:29:17 Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application. Post-Run: 46,090,629,120 bytes free 211 --- E O F --- 2009-03-26 03:06:03 |
#48
|
||||
|
||||
Ok, post when you have installed all Windows Updates (including SP1) and let me know if this helped.
|
#49
|
|||
|
|||
When i try to run Windows Update, it says its Downloading and installing updates. It shows the green bar moving for 5 minutes as if something is happening then it stops and goes back to the red Cross screen saying "Check for Updates for your computer"
|
#50
|
||||
|
||||
Facto, there are so many issues with this operating system, if it were mine, I would backup my data and do a clean install of Vista. Everytime we try a new step, there is a problem and I have run out of ideas.
If you want to troubleshoot this new problem, Microsoft offers free support for Windows Update issues. You can lodge a free Windows Update support incident request here. Good luck. |
#51
|
|||
|
|||
Thanks for all your help AnnMarie. My laptop is working faster now though im going to try and put AVG back on now which hopefully will not return it to its old state.
I may just indeed chuck it out the window and force myself to buy a new one. :-) Thanks again |
#52
|
||||
|
||||
LOL. You are welcome Facto but it would be a lot cheaper to backup data and restore your OS to factory default. Toshiba will send you the Recovery disk for a small fee. I am sure that will sort out any issues.
|
#53
|
|||
|
|||
Sorry to revisit this thread however i have noticed over the last week or so that any instals i try are failing at the end and rollback all changes.
I have just bought a "dongle" and my laptop wont let it install, returning error messages similar to the ones i get when trying to instal AVG.... Any ideas ? |
#54
|
||||
|
||||
Facto, I can only repeat one of my closing comments.
Quote:
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Ready to throw Laptop Into Wall | thejoz | Hardware | 14 | November 24th, 2011 04:02 PM |
I am ready to Smash my PC!!! | fline31 | Malware Removal | 17 | May 22nd, 2008 05:36 AM |
super smash bros melee on the computer? | darkcelldx | Gaming | 4 | October 26th, 2007 01:51 AM |
Ready to Cry | JazzmineRose | Internet / Browsers | 5 | September 4th, 2003 08:01 PM |
Network wont work- Ill smash my computer! | bfinger | Networking | 13 | February 1st, 2003 09:12 PM |
All times are GMT +1. The time now is 09:32 AM.