Jump to content


Photo

slow startup and shut down


  • This topic is locked This topic is locked
29 replies to this topic

#1 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 11 April 2010 - 04:32 PM

My laptop takes forever to startup and shutdown, and even most of the normal working. I've heard it's a common thing, but I think it better get checked out as well.

Here's the Hijack this and mbam logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:00 AM, on 12/04/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\System32\ATWTUSB.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\taskeng.exe
C:\WINDOWS\System32\WTMKM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\sdclt.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chickensmoothie.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...SARIO&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...SARIO&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O13 - Gopher Prefix:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6780 bytes


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3978

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

12/04/2010 8:09:52 AM
mbam-log-2010-04-12 (08-09-52).txt

Scan type: Quick scan
Objects scanned: 103127
Time elapsed: 10 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


thanks

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 14 April 2010 - 04:42 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,318 posts

Posted 18 April 2010 - 07:27 AM

Hi,
I'm nasdaq and will be helping you.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Nothing suspicious was found on your HijackThis log.
===

Have a look at these articles from Microsoft. See what you can do. If you need help please ask.

Message when a Windows Vista-based computer takes a long time to restart or to shut down: "Windows is configuring updates"
http://support.micro...=932141&SD=tech
=*=

How to troubleshoot a problem by performing a clean boot in Windows Vista
http://support.micro...=929135&SD=tech

===

Please run this security check for my review.

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 21 April 2010 - 06:34 PM

sorry for the delay, I didn't get a message.

Here's the security check log:

Results of screen317's Security Check version 0.99.3
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
COMODO Registry Cleaner 1.0.17.23
Java™ 6 Update 14
Java™ SE Runtime Environment 6
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,318 posts

Posted 22 April 2010 - 06:26 AM

Secure your system by updating 3rd party programs.

Please download JavaRa

If you get this message:
Problems with the download? Please use this direct link or try another mirror.

Select the Direct link download unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

Next, open JavaRa.exe again, and select Search For Updates.

Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Look for JDK 6 Update 20 (JDK or JRE). On the right select this one Download JRE..

In Vista and Windows 7 run the tool as Administrator.

ADOBE - Reader and Flash Players vulnerabilities.

Visit Link to ADOBE and download the latest version of Acrobat Reader.
Having the latest updates ensures there are no security vulnerabilities in your system.

Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions.
I suggest you install version 9.3 - see link to Security Advisory... below.
http://www.adobe.com....jsp?ftpID=4607

Latest Security Advisory for Adobe Reader and Acrobat
http://www.adobe.com.../apsb10-07.html

===

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

Latest Security update available for Adobe Flash Player
http://www.adobe.com.../apsb10-06.html

===

Check this out if in case you have other products from Adobe.
Security update available for BlazeDS.
http://www.adobe.com.../apsb10-05.html
===

If Real Player is installed on your computer, cover this also.
RealNetworks, Inc. Releases Update to Address Security Vulnerabilities.
http://service.real....2010_player/en/
<<<>>>


Any luck with the Microsoft's articles?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 22 April 2010 - 05:07 PM

The JavaRa didn't leave a log, but it said it removed 4 different things. I've updated everything you said. There didn't seem to be much difference when I tried that stuff from Microsoft.

#7 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 22 April 2010 - 06:36 PM

I just found something called Pando Media Booster on the laptop. I'm not sure what it is, I've Googled it, and that doesn't help at all, some say remove it, others say it's needed to play some games!

What do you think

thanks again

#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,318 posts

Posted 23 April 2010 - 06:48 AM

I just found something called Pando Media Booster on the laptop. I'm not sure what it is, I've Googled it, and that doesn't help at all, some say remove it, others say it's needed to play some games!


Do a CTRL+ALT+DEL open your task manager. If you see a reference to it disable it.
===

Execute this command from the elevated command prompt: sfc /scannow

You will find the tutorial here.
How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833
===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 23 April 2010 - 06:56 PM

There was an uninstaller for Pando, so I completely removed it.

The sfc scannow found some problems and fixed them, but I'm not seeing any obvious improvement.

thanks again

#10 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,318 posts

Posted 24 April 2010 - 08:03 AM

Two more links for your assistance.

Optimize Windows Vista for better performance
http://windowshelp.m...5C954E1033.mspx
*/*

Get maximum performance from Windows Vista
http://windowshelp.m...E9156A1033.mspx
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#11 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 25 April 2010 - 01:17 AM

I actually managed to remove heaps of programs that I think were installed when I got it, and I stopped heaps of programs at startup. I also went to do an error check, but it kept freezing at stage 5!.

I'm doing a cleanup and defrag now. I'd done them a little while ago, but with all these programs removed, it will probably need it again. Haven't noticed any real improvement though.

#12 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,318 posts

Posted 25 April 2010 - 09:06 AM

I also went to do an error check, but it kept freezing at stage 5!.


Can you elaborate?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#13 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 25 April 2010 - 06:00 PM

I just tried it again and it was alright this time. It's the check disk in the drive properties, I ticked both boxes - auto fix file system errors and scan for and attempt recovery of bad sectors. It was stalling at stage 5 - verifying free space. I tried a couple of times, but now this morning when I tried again, it went through it all and said there were no problems.

thanks

#14 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 29 April 2010 - 12:57 AM

Is there no other help you can think of?

thanks

#15 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,318 posts

Posted 29 April 2010 - 06:47 AM

Just found this Microsoft article. Hope it works.

How to troubleshoot a problem by performing a clean boot in Windows Vista
http://support.micro...=929135&SD=tech
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#16 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 30 April 2010 - 05:16 AM

Already tried that one, to no avail.

thanks

#17 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,318 posts

Posted 30 April 2010 - 08:23 AM

Download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingc...to-use-combofix

Link 1
Link 2


**Note: It is important that it is saved directly to your desktop**

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingc...opic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log for further review.
Note:
Do not mouse click combofix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingc...opic114351.html
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#18 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 01 May 2010 - 04:04 AM

I downloaded from the second link (the first one didn't work, some problem with the download). I stopped Avast by right clicking and stopping "on access protection". But then combofix told me it was still going, so I looked it up on Google and found another setting "Click on Program Settings...
Click on Troubleshooting
Place a tick next to Disable avast! self-defense module".

But combofix still said it was on! I decided to let it run anyway, but then it said there was a newer version of combofix available! So I decided it sounded odd, and decided to leave it. I guess I'll try the same link again and see what happens.

Edited by craftcove, 01 May 2010 - 05:18 AM.


#19 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 01 May 2010 - 04:08 AM

I tried to just save a new one over the original, but it says the file is set to read only. I googled uninstalling combofix but it seems there's some confusion with it, so I better wait for your next post.

thanks

#20 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,318 posts

Posted 01 May 2010 - 05:49 AM

Try to uninstall it this way.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall
===

If that fails delete you copy of ComboFix the folder and all.

Download again.

Run it.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#21 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 01 May 2010 - 08:47 PM

Combofix still thinks Avast is active! it says "Combofix has detected the following real time scanners to be active: antivirus: avast antivirus 4.8.1296 [VPS 090207-0]
antispyware: avast antivirus 4.8.1296 [VPS 090207-0]

I've definitely turned Avast off though!

#22 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,318 posts

Posted 02 May 2010 - 09:08 AM

Run it anyway.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#23 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 02 May 2010 - 06:37 PM

Now Hijackthis gives me this message: "For some reason your system denied write access to the hosts file. If any hijacked domains are in this file, Hijack This may not be able to fix this. If that happens, You need to edit the file yourself. To do this click start run and type: notepad H:\windows\system32\drivers\etc\hosts
And press enter. Find the Lines hijack this reports and delete them. Save the file as "hosts" (with quotes), and reboot"

I tried to run it as administrator, but there was no option to choose it!

And during Combofix I had this message pop up: handleviewer stopped working

Here are the logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:00 AM, on 12/04/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\System32\ATWTUSB.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\taskeng.exe
C:\WINDOWS\System32\WTMKM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\sdclt.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chickensmoothie.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...SARIO&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...SARIO&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O13 - Gopher Prefix:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6780 bytes


ComboFix 10-05-02.01 - Lawson 03/05/2010 9:51.2.1 - x86
Running from: c:\users\Lawson\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090207-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1296 [VPS 090207-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
.

2010-05-03 00:03 . 2010-05-03 00:03 -------- d-----w- c:\users\Lawson\AppData\Local\temp
2010-05-03 00:03 . 2010-05-03 00:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-03 00:03 . 2010-05-03 00:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-02 23:14 . 2010-05-02 23:14 388096 ----a-r- c:\users\Lawson\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-01 10:30 . 2010-05-01 10:30 6153352 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-25 00:19 . 2010-04-25 00:19 -------- d-----w- c:\users\Lawson\AppData\Local\Seven Zip
2010-04-22 22:27 . 2010-04-22 22:27 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-04-22 22:25 . 2010-04-23 00:01 -------- d-----w- c:\programdata\NOS
2010-04-22 01:12 . 2010-04-22 22:14 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-18 02:32 . 2010-04-18 02:32 -------- d-----w- c:\program files\Auslogics
2010-04-15 09:05 . 2010-04-15 09:05 -------- d-----w- c:\programdata\Messenger Plus!
2010-04-15 09:05 . 2010-04-15 09:05 -------- d-----w- c:\program files\Messenger Plus! Live
2010-04-15 06:27 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 06:27 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 06:27 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 06:27 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 06:27 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 06:27 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 05:56 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 05:56 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 05:56 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 06:04 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 06:04 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-12 22:18 . 2010-04-12 22:18 -------- d-----w- c:\programdata\F-Secure
2010-04-11 22:28 . 2010-04-11 22:28 -------- d-----w- c:\program files\Trend Micro
2010-04-11 21:58 . 2010-04-11 21:58 -------- d-----w- c:\users\Lawson\AppData\Roaming\Malwarebytes
2010-04-11 21:57 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-11 21:57 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-11 21:57 . 2010-04-11 21:57 -------- d-----w- c:\programdata\Malwarebytes
2010-04-11 21:57 . 2010-05-01 10:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 23:25 . 2009-02-12 05:33 -------- d-----w- c:\users\Lawson\AppData\Roaming\Free Download Manager
2010-05-02 02:55 . 2009-03-22 00:46 117760 ----a-w- c:\users\Lawson\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-01 10:49 . 2009-03-23 01:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-01 09:01 . 2009-03-23 00:25 -------- d-----w- c:\program files\CCleaner
2010-04-26 00:43 . 2009-01-19 06:47 -------- d-----w- c:\program files\Windows Live
2010-04-26 00:40 . 2007-07-06 07:20 -------- d-----w- c:\program files\MediaRing
2010-04-26 00:38 . 2007-07-06 07:06 -------- d-----w- c:\program files\HP
2010-04-25 07:35 . 2007-07-06 06:00 -------- d-----w- c:\program files\CONEXANT
2010-04-25 02:09 . 2009-01-08 03:30 103728 ----a-w- c:\users\Lawson\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-25 01:31 . 2007-07-06 06:36 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-04-25 01:31 . 2007-07-06 06:40 -------- d-----w- c:\programdata\Roxio
2010-04-25 01:22 . 2007-07-06 06:36 -------- d-----w- c:\program files\Roxio
2010-04-25 01:18 . 2007-07-06 06:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-25 01:14 . 2007-07-06 07:24 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-04-25 01:04 . 2009-04-03 00:17 -------- d-----w- c:\programdata\Tablet
2010-04-25 01:03 . 2007-07-06 06:15 -------- d-----w- c:\program files\Hewlett-Packard
2010-04-25 00:36 . 2010-03-01 21:13 -------- d-----w- c:\program files\Outspark
2010-04-23 23:19 . 2010-03-01 08:11 -------- d-----w- c:\program files\Pando Networks
2010-04-23 00:22 . 2009-03-21 23:58 -------- d-----w- c:\program files\Panda Security
2010-04-22 22:37 . 2007-07-06 07:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-22 01:13 . 2007-07-06 07:54 -------- d-----w- c:\program files\Common Files\Java
2010-04-22 01:12 . 2007-07-06 07:54 -------- d-----w- c:\program files\Java
2010-04-22 00:20 . 2009-10-11 08:54 -------- d-----w- c:\program files\Microsoft ATS
2010-04-16 00:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-16 00:40 . 2007-07-06 07:01 -------- d-----w- c:\programdata\Microsoft Help
2010-03-07 04:32 . 2010-02-28 09:47 -------- d-----w- c:\program files\Typing Tournament V1.1.1 Home
2010-03-01 23:29 . 2010-01-06 21:39 52224 ----a-w- c:\users\Lawson\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-26 07:13 . 2010-04-06 00:16 17160 ----a-w- c:\windows\Help\OEM\scripts\HPHCDisableObject.exe
2010-02-24 00:16 . 2009-10-02 23:35 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 04:06 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 04:05 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 04:05 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 04:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-22 03:28 . 2010-04-06 00:16 1282824 ----a-w- c:\windows\Help\OEM\scripts\SamsungHDDFW1HC.exe
2010-02-04 06:51 . 2010-04-06 00:16 49152 ----a-w- c:\windows\Help\OEM\scripts\Interop.TaskScheduler.dll
2010-02-03 23:01 . 2010-03-02 11:15 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-03 23:01 . 2010-03-02 11:15 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-03 23:01 . 2010-03-02 11:15 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-03 23:01 . 2010-03-02 11:15 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2009-03-21 04:34 . 2009-03-21 04:34 8 --sh--r- c:\windows\System32\3D848EC34F.sys
2009-04-12 09:17 . 2009-03-21 04:34 1004 --sha-w- c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-25 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Lawson^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 20:26 484904 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 05:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 01:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-01-29 22:11 52392 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-10 23:12 317128 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Apoint"=c:\program files\Apoint2K\Apoint.exe
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"SSDPSRV"=c:\windows\system32\ssdpsrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3d,cb,68,3f,64,06,ca,01

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
R3 XDva281;XDva281;c:\windows\system32\XDva281.sys [x]
R3 XDva337;XDva337;c:\windows\system32\XDva337.sys [x]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-02-17 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-02-17 55024]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
S2 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2009-03-01 37376]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.chickensmoothie.com/
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel
FF - ProfilePath - c:\users\Lawson\AppData\Roaming\Mozilla\Firefox\Profiles\0c1aug7e.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://my.deviantart.com/messages/
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 10:03
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3118837330-783783928-1212472252-1000\Software\SecuROM\License information*]
"datasecu"=hex:f7,2f,2c,73,2e,aa,02,61,17,e2,65,c9,fe,4d,ab,5c,0d,73,6a,69,49,
80,7d,53,ca,60,1d,91,7a,6e,4c,36,94,82,8f,24,70,fb,31,b9,9e,73,ba,df,bc,75,\
"rkeysecu"=hex:b9,96,90,e5,4e,46,70,ad,fa,7d,64,4b,ed,75,49,7a

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-05-03 10:13:12
ComboFix-quarantined-files.txt 2010-05-03 00:13
ComboFix2.txt 2010-05-02 22:53

Pre-Run: 36,228,833,280 bytes free
Post-Run: 36,136,542,208 bytes free

- - End Of File - - 51DB7AA47DD749EDAC278ABD14B0664B


thanks again

Edited by craftcove, 02 May 2010 - 06:49 PM.


#24 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 02 May 2010 - 07:34 PM

I just tried running fsecure, and I got got an error id27 when it tried to download!.

I'll try bitdefender or housecall next.

Just a couple of things: Panda activescan doesn't do a free clean anymore, only tells you what the problems are, and Kaspersky is currently offline while they make a new one.

#25 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,318 posts

Posted 03 May 2010 - 06:59 AM

Your logs are clean.

Panda activescan doesn't do a free clean anymore, only tells you what the problems are


If you get a log it can help identify any malware. That may help.
===

No problem with the Hosts file. In Vista run HijackThis as and Administrator.

===

Is this your current issue?

Message when a Windows Vista-based computer takes a long time to restart or to shut down: "Windows is configuring updates"
http://support.micro...=932141&SD=tech
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#26 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 03 May 2010 - 04:02 PM

There wasn't an option to run Hijack This as administrator!

This isn't a new laptop, it's a couple of years old. I don't think it's the problem with updates, sometimes there is a message that says it's configuring updates, and that's fair enough, but this problem is all the time.

thanks again

#27 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,318 posts

Posted 04 May 2010 - 06:54 AM

This article should clarify your situation.

Message when a Windows Vista-based computer takes a long time to restart or to shut down: "Windows is configuring updates"
http://support.microsoft.com/kb/932141

Not sure if there is a solution to this problem.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#28 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 04 May 2010 - 04:36 PM

As I said, I don't think that's the problem. That info seems to relate to new computers, mine isn't new! And regardless, it happens all the time, not just every now and again when it might have added updates!

#29 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,318 posts

Posted 05 May 2010 - 08:08 AM

I Googled this string "Windows is configuring updates" and found out that you are not the only one with this problem.

It may have been an issue when you did a security update from Microsoft.

See if you can fix this issue by selecting the Last Known Good Configuration.

http://windows.micro...d-Configuration

If not what about a good restore point?
http://windows.micro...-System-Restore
Select one prior to the start of your problem.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#30 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,318 posts

Posted 19 May 2010 - 07:36 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




Member of UNITE
Support SpywareInfo Forum - click the button