CPU Running High/Hot--SLOW!!!

[screenname79]

Hi,

First post--I apologize if this information is provided elsewhere; I looked but, to be honest, couldn't lurk as much as I would have liked seeing as how I've already wasted a lot of time trying to fix the problem myself (and failed) and I have to have my computer tomorrow at work, so hopefully someone can help me (as it's already 4:00 am)

Anyways,

So, I'm in safe-mode right now (with networking). I've run Malwarebytes and it found only one problem, which I promptly removed. Still, my CPU is running ridiculously high. 100% (according to the speedometer wigit on my desktop), and staying at 100--unwaveringly. The RAM speedometer wigit isn't as high--which is odd since, lately, the problem had been reversed, though not so bad that I had to start up in safe mode.

Literally, I turn on my computer, and it takes 30-40 minutes before it is capable of responding to my first action (which is usually a PC scan from CCCleaner or something), but once that's clicked it takes another looooong time before anything happens.

The only way I can get anything accomplished is in safe mode.

Like I said, Malwarebytes only detected one threat and it was deleted...

But it happened SUDDENLY. Seriously, everything was fine and then all of the sudden BOOM--couldn't do anything.

Looking for help/ideas/anything.

SPECS:
Hewlett-Packard laptop (this time of the year 2009)
HP Pavillion dv6 Notebook PC
Windows 7 (pre-installed when I bought it) rates my PC at a 3.4. I tried to get that fixed once but could not figure out how...
PROCESSOR: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz 2.19GHz
RAM: 4.00 GB (2.00 GB usable)
64-bit Operating System
145GB free of 253GB available.

Anything else?

Thanks in advance

 

[screenname79]

I should also mention that my PC only runs high/hot when I'm not in safe-mode. In safe-mode, no problem.

 

[johnb35]

Run the following in safe mode and post the logs.

1.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.

If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.

2.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  Combofix
  
  
• When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
• Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
  
  
  
• We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
  
  
• Close all open Windows including this one.
  
• Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
  Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  
• Please click on I agree on the disclaimer window.
• ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
  
  
  
  
  
• ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
  
  
  
  
  
• Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
  
  
  
  
  
• At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  
• Please click on yes in the next window to continue scanning for malware.
  
• ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  
• ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  
• While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
  
  
  
  
  
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  
• When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  
• Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
  

In your next reply please post:

• The ComboFix log
• A fresh HiJackThis log
• An update on how your computer is running

3.

Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces

 

[screenname79]

Im running ComboFix now (at least, I think its still running). I started it in Safe Mode, as Safe Mode is the only way I can get anything accomplished. Everything was going how you described in your post until it said it was going to reboot.

"I hope it reboots in safe mode, but I'm sure it knows what its doing."

It doesn't boot back up into safe mode. It goes into normal. Pretty much nothing has happened in 20 minutes. Normal? If yes, then as you said I will post the log when its done.

Btw, TDSSKiller came up negative--nothig wrong.

Thanks for replying and helping!

 

[screenname79]

OP here again. Alright, here's what it all amounts to, even though (most of it) is all Greek to me:

I attached two screencaps. The first is what came up with TDSSKiller. The second came up with HijackThis, but I'll get to that.

After the TDSSKiller, I ran ComboFix. Here's the results:


ComboFix 11-11-28.02 - Kenton S. Lime 11/28/2011 17:13:05.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2048.1327 [GMT -7:00]
Running from: c:\users\Kenton S. Lime\Desktop\PROGRAMS\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Resources\images\btn-msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\chevronButton.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\images\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
c:\program files (x86)\StartNow Toolbar\Resources\searchbox\dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\users\Kenton S. Lime\AppData\Local\{D6F92668-6844-4F05-9502-8941F43B531D}
c:\users\Kenton S. Lime\AppData\Local\{D6F92668-6844-4F05-9502-8941F43B531D}\chrome.manifest
c:\users\Kenton S. Lime\AppData\Local\{D6F92668-6844-4F05-9502-8941F43B531D}\chrome\content\_cfg.js
c:\users\Kenton S. Lime\AppData\Local\{D6F92668-6844-4F05-9502-8941F43B531D}\chrome\content\overlay.xul
c:\users\Kenton S. Lime\AppData\Local\{D6F92668-6844-4F05-9502-8941F43B531D}\install.rdf
c:\users\Kenton S. Lime\AppData\Local\Windows Server
c:\users\Kenton S. Lime\AppData\Local\Windows Server\hlp.dat
c:\users\Kenton S. Lime\AppData\Local\Windows Server\server.dat
c:\users\Kenton S. Lime\AppData\Roaming\.#
c:\users\Public\videos\HP MediaSmart Demo.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Toolbar Updater Service
-------\Service_Toolbar Updater Service
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))
.
.
2011-11-29 00:26 . 2011-11-29 00:26 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F6F99CF-2725-4680-9B5D-91AD5E0150C6}\offreg.dll
2011-11-29 00:18 . 2011-11-29 00:18 -------- dc----w- c:\users\Default\AppData\Local\temp
2011-11-28 02:18 . 2011-11-28 11:39 -------- dc----w- c:\users\Kenton S. Lime\.thinupload
2011-11-28 02:18 . 2011-11-28 02:18 -------- dc----w- c:\windows\Sun
2011-11-26 04:24 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F6F99CF-2725-4680-9B5D-91AD5E0150C6}\mpengine.dll
2011-11-25 11:54 . 2011-11-25 12:00 -------- dc----w- C:\Downloads
2011-11-25 11:54 . 2011-11-27 07:40 -------- dc----w- c:\users\Kenton S. Lime\AppData\Roaming\BitComet
2011-11-25 11:53 . 2011-11-25 11:54 -------- dc----w- c:\program files (x86)\BitComet
2011-11-25 03:38 . 2011-11-25 03:38 -------- dc----w- c:\program files\iPod
2011-11-25 03:38 . 2011-11-25 03:38 -------- dc----w- c:\program files\iTunes
2011-11-25 03:38 . 2011-11-25 03:38 -------- dc----w- c:\program files (x86)\iTunes
2011-11-25 03:36 . 2011-11-25 03:36 -------- dc----w- c:\program files (x86)\Apple Software Update
2011-11-25 03:36 . 2011-11-25 03:36 -------- dc----w- c:\program files\Common Files\Apple
2011-11-25 03:36 . 2011-11-25 03:36 -------- dc----w- c:\program files\Bonjour
2011-11-25 03:36 . 2011-11-25 03:36 -------- dc----w- c:\program files (x86)\Bonjour
2011-11-20 12:15 . 2011-11-20 12:16 -------- dc----w- C:\Intel
2011-11-20 12:14 . 2011-11-20 12:14 -------- dc----w- c:\users\KENTON~1~LIM
2011-11-20 12:08 . 2011-11-20 12:10 -------- dc----w- c:\users\Kenton S. Lime\AppData\Roaming\SystemRequirementsLab
2011-11-20 11:12 . 2011-11-20 11:15 -------- dc----w- c:\users\Kenton S. Lime\AppData\Local\IM
2011-11-20 11:12 . 2011-11-20 11:14 -------- dc----w- c:\programdata\IM
2011-11-20 11:12 . 2011-11-20 11:12 -------- dc----w- c:\programdata\IncrediMail
2011-11-20 11:10 . 2011-11-20 14:45 -------- dc----w- c:\program files (x86)\CPU Speed Pro
2011-11-20 10:15 . 2011-11-20 10:15 -------- dc----w- c:\program files\IDT
2011-11-20 10:15 . 2009-06-25 21:59 160768 -c--a-w- c:\windows\system32\AESTAC64.dll
2011-11-20 10:15 . 2009-05-21 21:57 436224 -c--a-w- c:\windows\system32\AESTEC64.dll
2011-11-20 10:15 . 2009-03-02 20:58 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2011-11-20 10:15 . 2009-07-22 01:33 564224 -c--a-w- c:\windows\system32\idt64mp1.exe
2011-11-20 10:15 . 2009-07-22 01:33 450048 -c--a-w- c:\windows\sttray64.exe
2011-11-20 10:15 . 2009-07-22 01:33 3593216 -c--a-w- c:\windows\system32\stlang64.dll
2011-11-20 10:15 . 2009-07-22 01:33 12158464 -c--a-w- c:\windows\system32\idtcpl64.cpl
2011-11-20 10:15 . 2009-03-02 20:47 90624 -c--a-w- c:\windows\system32\AESTCo64.dll
2011-11-20 10:15 . 2011-11-20 10:15 -------- dc----w- c:\program files\LSI SoftModem
2011-11-20 07:50 . 2011-11-20 07:50 -------- dc----w- c:\users\Kenton S. Lime\AppData\Local\Skyrim
2011-11-19 03:36 . 2011-11-19 03:36 -------- dc----w- c:\programdata\Uniblue
2011-11-19 03:34 . 2011-11-19 04:18 -------- dcsh--w- c:\windows\SysWow64\AI_RecycleBin
2011-11-19 03:34 . 2011-11-19 03:34 18944 -c--a-r- c:\users\Kenton S. Lime\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2011-11-19 03:27 . 2011-11-19 03:27 -------- dc----w- c:\program files\Jnes 0.6
2011-11-11 11:25 . 2011-11-18 03:05 -------- dc----r- c:\users\Kenton S. Lime\Dropbox
2011-11-11 11:22 . 2011-11-20 09:14 -------- dc----w- c:\users\Kenton S. Lime\AppData\Roaming\Dropbox
2011-11-10 06:44 . 2011-06-21 04:09 200976 -c--a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2011-11-08 17:42 . 2011-11-08 17:42 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 17:42 . 2011-11-08 17:42 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-08 17:42 . 2011-11-08 17:42 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-08 17:41 . 2011-11-08 17:41 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-06 23:21 . 2011-11-06 23:21 -------- dc----w- c:\program files (x86)\Application Updater
2011-11-06 23:21 . 2011-11-06 23:21 -------- dc----w- c:\program files (x86)\IObit Toolbar
2011-11-06 23:21 . 2011-11-06 23:21 -------- dc----w- c:\program files (x86)\Common Files\Spigot
2011-11-03 06:59 . 2011-11-03 06:59 917816 -c--a-w- c:\program files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 22:27 . 2011-10-18 08:37 3350 -csha-w- c:\programdata\KGyGaAvL.sys
2011-10-18 08:37 . 2011-10-18 08:37 8 -csh--r- c:\programdata\CE648E5CC5.sys
2011-10-13 19:14 . 2011-10-13 19:14 162584 -c--a-w- c:\windows\system32\igfxtray.exe
2011-10-13 19:14 . 2011-10-13 19:14 510232 -c--a-w- c:\windows\system32\igfxsrvc.exe
2011-10-13 19:14 . 2011-10-13 19:14 417560 -c--a-w- c:\windows\system32\igfxpers.exe
2011-10-13 19:14 . 2011-10-13 19:14 224024 -c--a-w- c:\windows\system32\igfxext.exe
2011-10-13 19:14 . 2011-10-13 19:14 386840 -c--a-w- c:\windows\system32\hkcmd.exe
2011-10-13 19:14 . 2011-10-13 19:14 3157784 -c--a-w- c:\windows\system32\GfxUI.exe
2011-10-13 19:14 . 2011-10-13 19:14 152856 -c--a-w- c:\windows\system32\difx64.exe
2011-10-13 19:10 . 2011-10-13 19:10 90112 -c--a-w- c:\windows\system32\igfxCoIn_v2555.dll
2011-10-13 19:05 . 2011-10-13 19:05 6549504 -c--a-w- c:\windows\system32\igdumd64.dll
2011-10-13 19:05 . 2011-10-13 19:05 10629184 -c--a-w- c:\windows\system32\drivers\igdkmd64.sys
2011-10-13 19:01 . 2009-06-03 19:09 4967424 ----a-w- c:\windows\SysWow64\igdumd32.dll
2011-10-13 18:58 . 2009-06-03 19:03 571904 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2011-10-13 18:57 . 2009-06-03 19:01 4722176 ----a-w- c:\windows\system32\igd10umd64.dll
2011-10-13 18:55 . 2010-08-26 02:23 4411392 -c--a-w- c:\windows\SysWow64\igd10umd32.dll
2011-10-13 18:50 . 2011-10-13 18:50 15546880 -c--a-w- c:\windows\system32\ig4icd64.dll
2011-10-13 18:42 . 2011-10-13 18:42 11405312 -c--a-w- c:\windows\SysWow64\ig4icd32.dll
2011-10-13 18:38 . 2011-10-13 18:38 88064 -c--a-w- c:\windows\system32\igfxrsky.lrc
2011-10-13 18:38 . 2011-10-13 18:38 87552 -c--a-w- c:\windows\system32\igfxrtrk.lrc
2011-10-13 18:38 . 2011-10-13 18:38 87552 -c--a-w- c:\windows\system32\igfxrslv.lrc
2011-10-13 18:38 . 2011-10-13 18:38 88576 -c--a-w- c:\windows\system32\igfxresn.lrc
2011-10-13 18:38 . 2011-10-13 18:38 88064 -c--a-w- c:\windows\system32\igfxrrus.lrc
2011-10-13 18:38 . 2011-10-13 18:38 87552 -c--a-w- c:\windows\system32\igfxrsve.lrc
2011-10-13 18:38 . 2011-10-13 18:38 87040 -c--a-w- c:\windows\system32\igfxrtha.lrc
2011-10-13 18:38 . 2011-10-13 18:38 88064 -c--a-w- c:\windows\system32\igfxrptg.lrc
2011-10-13 18:38 . 2011-10-13 18:38 88064 -c--a-w- c:\windows\system32\igfxrplk.lrc
2011-10-13 18:38 . 2011-10-13 18:38 87552 -c--a-w- c:\windows\system32\igfxrptb.lrc
2011-10-13 18:38 . 2011-10-13 18:38 87552 -c--a-w- c:\windows\system32\igfxrnor.lrc
2011-10-13 18:38 . 2011-10-13 18:38 84992 -c--a-w- c:\windows\system32\igfxrkor.lrc
2011-10-13 18:38 . 2011-10-13 18:38 88576 -c--a-w- c:\windows\system32\igfxrell.lrc
2011-10-13 18:38 . 2011-10-13 18:38 88064 -c--a-w- c:\windows\system32\igfxrita.lrc
2011-10-13 18:38 . 2011-10-13 18:38 87552 -c--a-w- c:\windows\system32\igfxrhun.lrc
2011-10-13 18:38 . 2011-10-13 18:38 86528 -c--a-w- c:\windows\system32\igfxrheb.lrc
2011-10-13 18:38 . 2011-10-13 18:38 84992 -c--a-w- c:\windows\system32\igfxrjpn.lrc
2011-10-13 18:38 . 2011-10-13 18:38 88576 -c--a-w- c:\windows\system32\igfxrfra.lrc
2011-10-13 18:38 . 2011-10-13 18:38 88064 -c--a-w- c:\windows\system32\igfxrnld.lrc
2011-10-13 18:38 . 2011-10-13 18:38 88064 -c--a-w- c:\windows\system32\igfxrdeu.lrc
2011-10-13 18:38 . 2011-10-13 18:38 87552 -c--a-w- c:\windows\system32\igfxrfin.lrc
2011-10-13 18:38 . 2011-10-13 18:38 87552 -c--a-w- c:\windows\system32\igfxrcsy.lrc
2011-10-13 18:38 . 2011-10-13 18:38 87040 -c--a-w- c:\windows\system32\igfxrdan.lrc
2011-10-13 18:38 . 2011-10-13 18:38 86528 -c--a-w- c:\windows\system32\igfxrara.lrc
2011-10-13 18:38 . 2011-10-13 18:38 83968 -c--a-w- c:\windows\system32\igfxrcht.lrc
2011-10-13 18:38 . 2011-10-13 18:38 83968 -c--a-w- c:\windows\system32\igfxrchs.lrc
2011-10-13 18:38 . 2011-10-13 18:38 122368 -c--a-w- c:\windows\system32\igfxcpl.cpl
2011-10-13 18:37 . 2011-10-13 18:37 244224 -c--a-w- c:\windows\system32\igfxpph.dll
2011-10-13 18:37 . 2011-10-13 18:37 380416 -c--a-w- c:\windows\system32\igfxTMM.dll
2011-10-13 18:37 . 2011-10-13 18:37 27648 -c--a-w- c:\windows\system32\igfxexps.dll
2011-10-13 18:37 . 2011-10-13 18:37 61952 -c--a-w- c:\windows\system32\igfxsrvc.dll
2011-10-13 18:36 . 2011-10-13 18:36 108544 -c--a-w- c:\windows\system32\hccutils.dll
2011-10-13 18:36 . 2011-10-13 18:36 119808 -c--a-w- c:\windows\system32\gfxSrvc.dll
2011-10-13 18:36 . 2011-10-13 18:36 4096 -c--a-w- c:\windows\system32\IGFXDEVLib.dll
2011-10-13 18:36 . 2011-10-13 18:36 272896 -c--a-w- c:\windows\system32\igfxdev.dll
2011-10-13 18:36 . 2011-10-13 18:36 87552 -c--a-w- c:\windows\system32\igfxrenu.lrc
2011-10-13 18:36 . 2011-10-13 18:36 142336 -c--a-w- c:\windows\system32\igfxdo.dll
2011-10-13 18:36 . 2011-10-13 18:36 830464 -c--a-w- c:\windows\system32\igfxress.dll
2011-10-13 18:32 . 2011-10-13 18:32 23552 -c--a-w- c:\windows\SysWow64\igfxexps32.dll
2011-10-13 18:31 . 2011-10-13 18:31 228864 -c--a-w- c:\windows\SysWow64\igfxdv32.dll
2011-10-13 18:30 . 2011-10-13 18:30 208896 -c--a-w- c:\windows\SysWow64\iglhsip32.dll
2011-10-13 18:30 . 2011-10-13 18:30 206336 -c--a-w- c:\windows\system32\iglhsip64.dll
2011-10-13 18:30 . 2011-10-13 18:30 188416 -c--a-w- c:\windows\system32\iglhcp64.dll
2011-10-13 18:30 . 2011-10-13 18:30 147456 -c--a-w- c:\windows\SysWow64\iglhcp32.dll
2011-10-12 04:26 . 2011-10-12 04:26 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-12 04:26 . 2011-10-12 04:26 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-10-12 04:26 . 2011-10-12 04:26 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-12 04:26 . 2011-10-12 04:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-12 04:26 . 2011-10-12 04:26 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-10-12 04:26 . 2011-10-12 04:26 482816 ----a-w- c:\windows\system32\html.iec
2011-10-12 04:26 . 2011-10-12 04:26 386048 ----a-w- c:\windows\SysWow64\html.iec
2011-10-12 04:26 . 2011-10-12 04:26 1197568 ----a-w- c:\windows\system32\wininet.dll
2011-10-12 04:17 . 2011-10-12 04:17 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 04:17 . 2011-10-12 04:17 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 04:17 . 2011-10-12 04:17 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-10-12 04:17 . 2011-10-12 04:17 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 04:17 . 2011-10-12 04:17 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-10-12 04:17 . 2011-10-12 04:17 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 04:17 . 2011-10-12 04:17 288256 ----a-w- c:\windows\system32\MSNP.ax
2011-10-12 04:17 . 2011-10-12 04:17 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2011-10-12 04:17 . 2011-10-12 04:17 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 04:17 . 2011-10-12 04:17 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 04:17 . 2011-10-12 04:17 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 04:17 . 2011-10-12 04:17 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 04:17 . 2011-10-12 04:17 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 04:17 . 2011-10-12 04:17 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-09-01 00:00 . 2010-10-14 03:32 25416 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 06:05 . 2011-08-31 06:05 96104 -c--a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05 . 2011-08-31 06:05 85864 -c--a-w- c:\windows\system32\dnssd.dll
2011-08-31 06:05 . 2011-08-31 06:05 61288 -c--a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 06:05 . 2011-08-31 06:05 212840 -c--a-w- c:\windows\system32\dnssdX.dll
2011-08-31 06:05 . 2011-08-31 06:05 83816 -c--a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 06:05 . 2011-08-31 06:05 73064 -c--a-w- c:\windows\SysWow64\dnssd.dll
2011-08-31 06:05 . 2011-08-31 06:05 50536 -c--a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-31 06:05 . 2011-08-31 06:05 178536 -c--a-w- c:\windows\SysWow64\dnssdX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-04-28 20336]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-03-23 33184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-03-23 21328]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-16 249648]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-09-28 745880]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-06-01 821080]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1480369582-2274605798-2795022772-1001Core.job
- c:\users\Kenton S. Lime\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01 13:19]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1480369582-2274605798-2795022772-1001UA.job
- c:\users\Kenton S. Lime\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01 13:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 417560]
"combofix"="c:\combofix\CF21709.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com/mb59?u=92260411316914272
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;192.168.*.*;*.local
IE: &D&ownload &with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: Copy to &Lightning Note - c:\program files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{B99CB406-3B0C-4FCA-8D3B-3D9A6DEE8328}\26C61636B696E686F6C6C69777F6F646D27657563747: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Kenton S. Lime\AppData\Roaming\Mozilla\Firefox\Profiles\f89i1o35.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=642886&p=
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1316113400
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1316113640
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1316113520
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1316113280
FF - user.js: browser.bookmarks.restore_default_bookmarks - false
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.download.lastDir - c:\\Users\\Kenton S. Lime\\Pictures\\b\\Raff-Ruse
FF - user.js: browser.migration.version - 5
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.search.defaultenginename - Yahoo
FF - user.js: browser.search.param.yahoo-fr - chr-greentree_ff&type=642886
FF - user.js: browser.search.selectedEngine - Yahoo
FF - user.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - user.js: browser.startup.homepage_override.buildID - 20110902133214
FF - user.js: browser.startup.homepage_override.mstone - rv:6.0.2
FF - user.js: browser.syncPromoViewsLeft - 0
FF - user.js: browser.taskbar.lastgroupid - Mozilla.Firefox.6.0.2
FF - user.js: extensions.blocklist.pingCountTotal - 3
FF - user.js: extensions.blocklist.pingCountVersion - 3
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 4
FF - user.js: extensions.enabledAddons - {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3,{972ce4c6-7e08-4474-a285-3208198ce6fd}:6.0.2
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\[email protected]\:{\descriptor\:\c:\\\\Program Files (x86)\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\,\mtime\:1249808016692},\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\:{\descriptor\:\c:\\\\Program Files (x86)\\\\Adobe\\\\Adobe Contribute CS5\\\\Plugins\\\\FirefoxPlugin\\\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\,\mtime\:1313106896190},\{ABDE892B-13A8-4d1b-88E6-365A6E755758}\:{\descriptor\:\c:\\\\ProgramData\\\\Real\\\\RealPlayer\\\\BrowserRecordPlugin\\\\Firefox\\\\Ext\,\mtime\:1316119510933}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1315795338052}}},{\name\:\winreg-app-user\,\addons\:{\{D6F92668-6844-4F05-9502-8941F43B531D}\:{\descriptor\:\c:\\\\Users\\\\Kenton S. Lime\\\\AppData\\\\Local\\\\{D6F92668-6844-4F05-9502-8941F43B531D}\,\mtime\:1286575876662}}}]
FF - user.js: extensions.lastAppVersion - 6.0.2
FF - user.js: extensions.lastPlatformVersion - 6.0.2
FF - user.js: extensions.pendingOperations - false
FF - user.js: idle.lastDailyNotification - 1315799333
FF - user.js: intl.charsetmenu.browser.cache - ISO-8859-1, UTF-8
FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=642886&p=
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: places.database.lastMaintenance - 1315799333
FF - user.js: places.history.expiration.transient_current_max_pages - 93591
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: storage.vacuum.last.index - 0
FF - user.js: storage.vacuum.last.places.sqlite - 1315799333
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1318387376
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{90eee664-34b1-422a-a782-779af65cdf6d} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{90EEE664-34B1-422A-A782-779AF65CDF6D} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Writer's DreamKit 4.0 - c:\program files (x86)\Write Brothers
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2011-11-28 17:46:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-29 00:46
.
Pre-Run: 156,053,323,776 bytes free
Post-Run: 155,975,680,000 bytes free
.
- - End Of File - - 79094B0E34F238BCB6221BE005035B75




............................So there's that.

HUGE difference on my CPU running speed. Where before it was at 100%, now it's running at 06% upon startup. So, problem solved. Awesome.

Not to say that, if you notice anything fishy about anything here, that I wouldn't want to fix it, of course.

Then I ran HiJackThis. I ran it with 'save a log' and it came up with a blank untitled txt. document, so, not sure what that means. Didn't get a screencap of it. Tried to run again to see if it would do it again but nope--no txt. document.

Just did it again. I'll add the screencap(s).

Hope all of that makes sense. I really appreciate the help! Bigtime! If you notice anything else, of course, I'd appreciate any further input. Otherwise, I'll be sure to pass this advice along should anyone ever have similar problems in the future.

 

[screenname79]

Perhaps I spoke too soon. Now the CPU is going haywire. It shoots from 6% to 100% to 50% to 6 again... still, better than it was, but still wonky for sure.

 

[johnb35]

Could be windows update running in the background. Open task manager and tell me which process or processes is using up the cpu when it gets to 100.

To run hijackthis, right click on the icon and click on run as. If the run as option doesn't appear then press and hold the shift key while right clicking on hijackthis icon.

 

[screenname79]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:57:53 AM, on 11/29/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Users\Kenton S. Lime\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenton S. Lime\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenton S. Lime\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenton S. Lime\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenton S. Lime\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenton S. Lime\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Kenton S. Lime\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/mb59?u=92260411316914272
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Copy to &Lightning Note - c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - (no file)
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files (x86)\BitComet\tools\BitCometService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11392 bytes


^My HiJackThis log.

When my CPU goes back up to 100 I'll do a task manager check, per your recommendation. Luckily, now I can run task manager. Before, it wouldn't let me.

 

[johnb35]

While we are waiting I need you to do 2 more things for me.

1.

Combofix created an uninstall log automatically that I need to look at. Navigate to C:\Qoobox and in that folder will be a file named "add-remove programs.txt". Please open that file and copy and paste the contents back here.

2.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates, install and then start scanning your system.
When the scan is done, push list of found threats
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply.
If no threats are found then it won't produce a log.

 

[screenname79]

Qoobox Add-Remove Programs.txt:


7-Zip 9.20
Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2 MUI
Adobe Shockwave Player 11.6
Advanced SystemCare 4
Apple Application Support
Apple Software Update
avast! Free Antivirus
BitComet 1.30
BitTorrent
Celtx (2.7)
D3DX10
DAEMON Tools Lite
Final Draft
Free RAR Extract Frog
Game Booster
Google Chrome
HP Advisor
HP Customer Experience Enhancements
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart Software Notebook Demo
HP MediaSmart Webcam
HP Quick Launch Buttons
HP Setup
HP Smart Web Printing
HP Support Assistant
HP Update
HP User Guides 0154
HP Wireless Assistant
Intel(R) Graphics Media Accelerator Driver
InterActual Player
IObit Malware Fighter
IObit Toolbar v4.7
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Logitech Touch Mouse Server 1.0
Malwarebytes' Anti-Malware version 1.51.2.1300
Mesh Runtime
Messenger Companion
Microsoft Live Search Toolbar
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Minecraft Beta Cracked
MotoHelper 2.0.51 Driver 5.2.0
MotoHelper MergeModules
Mozilla Firefox 6.0.2 (x86 en-US)
MSVCRT
MSVCRT_amd64
OpenOffice.org 3.1
Photo Pos Pro
PowerRecover
PxMergeModule
QLBCASL
QuickTime
RarZilla Free Unrar
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skype™ 4.1
Smart Defrag 2
swMSM
TES Construction Set
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Verizon V CAST Media Manager
VLC media player 1.1.9
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Writer's DreamKit
Writer's DreamKit 4.0
Writer's DreamKit Story Wizard
Yahoo! Messenger


Also, after beginning to think that my CPU wasn't going to have a 100% usage fit again, it decided to get angry and top out. I took a couple screencaps of what my task manager was showing me. But in short, I gathered that Google Chrome & Task Manager were taking up most of the CPU processes (30-40 each), maybe more Chrome. Then it said that Java crapped out and wanted to know if I wanted to end it's processes. I clicked "sure thing" (aka "Yes") and then the CPU went back down to 6% usage just like that.

I've had this window open a while, waiting for ESET Online Scanner to finish (62%) and my CPU hit critical mass a second time. This time I noticed that desktop windows manager--dwm.exe--was contributing it's fair share to the task manager cpu processes report. I x'ed out of facebook on Chrome and my CPU immediatelly dropped to 60-70%, and it's now going back and forth between 70-80%. Also; where before, my computer asked me if I wanted to close Java and bring me back to my CPU performing at 6% happened over the course of perhaps 5-10 minutes, my current CPU's slow processing rate has been ongoing for about 20-30 minutes. And although it's not so slow that I'm incapable of working with it, it's noticeably lagging; and for a longer period of time than before.

My RAM, meanwhile, has been holding rock-steady at 56% practically the whole time.

Here's the results of a 10-12 hour ESET scan:

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Toolbar32.dll.vir a variant of Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\Users\Kenton S. Lime\AppData\Local\Windows Server\hlp.dat.vir Win32/Bamital.DZ trojan
C:\Users\Kenton S. Lime\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\43458f85-7c5daf36 a variant of Java/Agent.BR trojan
C:\Users\Kenton S. Lime\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\23496074-5416d300 Java/Agent.X trojan
C:\Users\Kenton S. Lime\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\8ffeffa-1fc9b95d multiple threats
C:\Users\Kenton S. Lime\Desktop\Documents\004. GAMES\NINTENDO\setup_MightyMagoo_v1.exe a variant of Win32/Adware.OpenInstall application
C:\Users\Kenton S. Lime\Downloads\cnet2_setupcpuspeedpro_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Kenton S. Lime\Downloads\Corel WordPerfect Office Professional X5.v15 Incl Keymaker\Keygen.exe a variant of Win32/Keygen.AF application
C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EB trojan
C:\Windows\Installer\622cc.msi a variant of Win32/Adware.Toolbar.Dealio application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\updater-startnow-200-2.4[1].exe a variant of Win32/Toolbar.Zugo application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\updater-startnow-200-2.4[1].exe a variant of Win32/Toolbar.Zugo application

 

[screenname79]

I never heard back from you. What should I do next? Really appreciated your help so far, but I have no clue what doing all of this amounted to, and don't know what I should do next to help my PC from running so high. Ideas?

 

[johnb35]

Sorry about that, I miss a thread or two every now and then.

First of all, I notice you have file sharing software installed. Using file sharing software is an easy way of getting yourself infected and causing system instability issues. So, if you have any illegal/pirated software installed that you got from file sharing then I highly recommend you uninstall it along with the file sharing programs.

There are a few things you need to do here.

1.

Follow this procedure to clear your java cache.

http://www.java.com/en/download/help/plugin_cache.xml

2.

Download and run Ccleaner

http://download.cnet.com/ccleaner/

Click on the green download now box. Download, install and open the program, click on run cleaner.

3.

uninstall the following programs.

BitComet 1.30
BitTorrent
Java(TM) 6 Update 26


Then download the latest version of java here.


http://www.java.com/en/download/index.jsp

This will get you started. I still need to go through your combofix log. I'll reply with that tomorrow morning.

 

[screenname79]

Will do, sir! Continued thanks!

 

[johnb35]

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Killall::

Files::

C:\Users\Kenton S. Lime\Downloads\cnet2_setupcpuspeedpro_exe.exe
C:\Users\Kenton S. Lime\Downloads\Corel WordPerfect Office Professional X5.v15 Incl Keymaker\Keygen.exe 
C:\Users\Public\Documents\Server\hlp.dat 
C:\Windows\Installer\622cc.msi 
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\updater-startnow-200-2.4[1].exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\updater-startnow-200-2.4[1].exe

Folder::

c:\program files (x86)\CPU Speed Pro
c:\programdata\Uniblue
c:\program files (x86)\Application Updater
c:\program files (x86)\Common Files\Spigot


Reglock::

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

The next time you get high cpu usage, take a screen shot of task manager showing what process is using the most.

It could be windows installing updates in the background or antivirus updating. Also when was the last time you cleaned out your cpu cooling fan or case for that matter?

 

[screenname79]

Hope it doesn't make a difference, I kind of accidentally ran your recommendations out of order--my goof. I did the notepad/Combofix deal first and then went back to clear java cahce, run ccleaner (already had it) and uninstall/update the new version of java second. Again--hope it doesn't make a difference.

So, here's the results of the Combofix log:



ComboFix 11-12-10.01 - Kenton S. Lime 12/10/2011 6:41.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2048.946 [GMT -7:00]
Running from: c:\users\Kenton S. Lime\Desktop\PROGRAMS\ComboFix.exe
Command switches used :: c:\users\Kenton S. Lime\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Application Updater
c:\program files (x86)\Application Updater\config.ini
c:\program files (x86)\Common Files\Spigot
c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\config.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ie.xml
c:\program files (x86)\Common Files\Spigot\wtxpcom\chrome.manifest
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\program files (x86)\Common Files\Spigot\wtxpcom\install.rdf
c:\program files (x86)\CPU Speed Pro
c:\program files (x86)\CPU Speed Pro\settings.ini
c:\programdata\Uniblue
.
.
((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 )))))))))))))))))))))))))))))))
.
.
2011-12-10 13:55 . 2011-12-10 13:55 -------- dc----w- c:\users\Default\AppData\Local\temp
2011-12-09 14:29 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{43394420-49DF-411F-9D80-E3515C7EDAB6}\mpengine.dll
2011-12-06 15:48 . 2011-12-06 15:48 -------- dc----w- c:\program files (x86)\Common Files\Adobe AIR
2011-12-06 15:47 . 2011-12-06 15:47 -------- dc----w- c:\programdata\McAfee Security Scan
2011-12-06 15:47 . 2011-12-06 15:47 -------- dc----w- c:\programdata\McAfee
2011-12-06 15:47 . 2011-12-06 15:47 -------- dc----w- c:\program files (x86)\McAfee Security Scan
2011-11-29 18:07 . 2011-11-29 18:07 -------- dc----w- c:\program files (x86)\ESET
2011-11-29 00:48 . 2011-11-29 00:48 388096 -c--a-r- c:\users\Kenton S. Lime\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-29 00:48 . 2011-11-29 00:48 -------- dc----w- c:\program files (x86)\Trend Micro
2011-11-28 02:18 . 2011-11-28 11:39 -------- dc----w- c:\users\Kenton S. Lime\.thinupload
2011-11-28 02:18 . 2011-11-28 02:18 -------- dc----w- c:\windows\Sun
2011-11-25 11:54 . 2011-11-30 12:03 -------- dc----w- C:\Downloads
2011-11-25 11:54 . 2011-12-10 13:56 -------- dc----w- c:\users\Kenton S. Lime\AppData\Roaming\BitComet
2011-11-25 11:53 . 2011-11-25 11:54 -------- dc----w- c:\program files (x86)\BitComet
2011-11-25 03:38 . 2011-11-25 03:38 -------- dc----w- c:\program files\iPod
2011-11-25 03:38 . 2011-11-25 03:38 -------- dc----w- c:\program files\iTunes
2011-11-25 03:38 . 2011-11-25 03:38 -------- dc----w- c:\program files (x86)\iTunes
2011-11-25 03:36 . 2011-11-25 03:36 -------- dc----w- c:\program files (x86)\Apple Software Update
2011-11-25 03:36 . 2011-11-25 03:36 -------- dc----w- c:\program files\Common Files\Apple
2011-11-25 03:36 . 2011-11-25 03:36 -------- dc----w- c:\program files\Bonjour
2011-11-25 03:36 . 2011-11-25 03:36 -------- dc----w- c:\program files (x86)\Bonjour
2011-11-20 12:15 . 2011-11-20 12:16 -------- dc----w- C:\Intel
2011-11-20 12:14 . 2011-11-20 12:14 -------- dc----w- c:\users\KENTON~1~LIM
2011-11-20 12:08 . 2011-11-20 12:10 -------- dc----w- c:\users\Kenton S. Lime\AppData\Roaming\SystemRequirementsLab
2011-11-20 11:12 . 2011-11-20 11:15 -------- dc----w- c:\users\Kenton S. Lime\AppData\Local\IM
2011-11-20 11:12 . 2011-11-20 11:14 -------- dc----w- c:\programdata\IM
2011-11-20 11:12 . 2011-11-20 11:12 -------- dc----w- c:\programdata\IncrediMail
2011-11-20 10:15 . 2011-11-20 10:15 -------- dc----w- c:\program files\IDT
2011-11-20 10:15 . 2009-06-25 21:59 160768 -c--a-w- c:\windows\system32\AESTAC64.dll
2011-11-20 10:15 . 2009-05-21 21:57 436224 -c--a-w- c:\windows\system32\AESTEC64.dll
2011-11-20 10:15 . 2009-03-02 20:58 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2011-11-20 10:15 . 2009-07-22 01:33 564224 -c--a-w- c:\windows\system32\idt64mp1.exe
2011-11-20 10:15 . 2009-07-22 01:33 450048 -c--a-w- c:\windows\sttray64.exe
2011-11-20 10:15 . 2009-07-22 01:33 3593216 -c--a-w- c:\windows\system32\stlang64.dll
2011-11-20 10:15 . 2009-07-22 01:33 12158464 -c--a-w- c:\windows\system32\idtcpl64.cpl
2011-11-20 10:15 . 2009-03-02 20:47 90624 -c--a-w- c:\windows\system32\AESTCo64.dll
2011-11-20 10:15 . 2011-11-20 10:15 -------- dc----w- c:\program files\LSI SoftModem
2011-11-20 07:50 . 2011-11-20 07:50 -------- dc----w- c:\users\Kenton S. Lime\AppData\Local\Skyrim
2011-11-19 03:34 . 2011-11-19 04:18 -------- dcsh--w- c:\windows\SysWow64\AI_RecycleBin
2011-11-19 03:34 . 2011-11-19 03:34 18944 -c--a-r- c:\users\Kenton S. Lime\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2011-11-19 03:27 . 2011-11-19 03:27 -------- dc----w- c:\program files\Jnes 0.6
2011-11-11 11:25 . 2011-11-18 03:05 -------- dc----r- c:\users\Kenton S. Lime\Dropbox
2011-11-11 11:22 . 2011-11-20 09:14 -------- dc----w- c:\users\Kenton S. Lime\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 22:27 . 2011-10-18 08:37 3350 -csha-w- c:\programdata\KGyGaAvL.sys
2011-11-08 17:42 . 2011-11-08 17:42 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 17:41 . 2011-11-08 17:41 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-10-18 08:37 . 2011-10-18 08:37 8 -csh--r- c:\programdata\CE648E5CC5.sys
2011-10-13 19:14 . 2011-10-13 19:14 162584 -c--a-w- c:\windows\system32\igfxtray.exe
2011-10-13 19:14 . 2011-10-13 19:14 510232 -c--a-w- c:\windows\system32\igfxsrvc.exe
2011-10-13 19:14 . 2011-10-13 19:14 417560 -c--a-w- c:\windows\system32\igfxpers.exe
2011-10-13 19:14 . 2011-10-13 19:14 224024 -c--a-w- c:\windows\system32\igfxext.exe
2011-10-13 19:14 . 2011-10-13 19:14 386840 -c--a-w- c:\windows\system32\hkcmd.exe
2011-10-13 19:14 . 2011-10-13 19:14 3157784 -c--a-w- c:\windows\system32\GfxUI.exe
2011-10-13 19:14 . 2011-10-13 19:14 152856 -c--a-w- c:\windows\system32\difx64.exe
2011-10-13 19:10 . 2011-10-13 19:10 90112 -c--a-w- c:\windows\system32\igfxCoIn_v2555.dll
2011-10-13 19:05 . 2011-10-13 19:05 6549504 -c--a-w- c:\windows\system32\igdumd64.dll
2011-10-13 19:05 . 2011-10-13 19:05 10629184 -c--a-w- c:\windows\system32\drivers\igdkmd64.sys
2011-10-13 19:01 . 2009-06-03 19:09 4967424 ----a-w- c:\windows\SysWow64\igdumd32.dll
2011-10-13 18:58 . 2009-06-03 19:03 571904 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2011-10-13 18:57 . 2009-06-03 19:01 4722176 ----a-w- c:\windows\system32\igd10umd64.dll
2011-10-13 18:55 . 2010-08-26 02:23 4411392 -c--a-w- c:\windows\SysWow64\igd10umd32.dll
2011-10-13 18:50 . 2011-10-13 18:50 15546880 -c--a-w- c:\windows\system32\ig4icd64.dll
2011-10-13 18:42 . 2011-10-13 18:42 11405312 -c--a-w- c:\windows\SysWow64\ig4icd32.dll
2011-10-13 18:38 . 2011-10-13 18:38 88064 -c--a-w- c:\windows\system32\igfxrsky.lrc
2011-10-13 18:38 . 2011-10-13 18:38 87552 -c--a-w- c:\windows\system32\igfxrtrk.lrc
2011-10-13 18:38 . 2011-10-13 18:38 87552 -c--a-w- c:\windows\system32\igfxrslv.lrc
2011-10-13 18:38 . 2011-10-13 18:38 88576 -c--a-w- c:\windows\system32\igfxresn.lrc
2011-10-13 18:38 . 2011-10-13 18:38 88064 -c--a-w- c:\windows\system32\igfxrrus.lrc
2011-10-13 18:38 . 2011-10-13 18:38 87552 -c--a-w- c:\windows\system32\igfxrsve.lrc
2011-10-13 18:38 . 2011-10-13 18:38 87040 -c--a-w- c:\windows\system32\igfxrtha.lrc
2011-10-13 18:38 . 2011-10-13 18:38 88064 -c--a-w- c:\windows\system32\igfxrptg.lrc
2011-10-13 18:38 . 2011-10-13 18:38 88064 -c--a-w- c:\windows\system32\igfxrplk.lrc
2011-10-13 18:38 . 2011-10-13 18:38 87552 -c--a-w- c:\windows\system32\igfxrptb.lrc
2011-10-13 18:38 . 2011-10-13 18:38 87552 -c--a-w- c:\windows\system32\igfxrnor.lrc
2011-10-13 18:38 . 2011-10-13 18:38 84992 -c--a-w- c:\windows\system32\igfxrkor.lrc
2011-10-13 18:38 . 2011-10-13 18:38 88576 -c--a-w- c:\windows\system32\igfxrell.lrc
2011-10-13 18:38 . 2011-10-13 18:38 88064 -c--a-w- c:\windows\system32\igfxrita.lrc
2011-10-13 18:38 . 2011-10-13 18:38 87552 -c--a-w- c:\windows\system32\igfxrhun.lrc
2011-10-13 18:38 . 2011-10-13 18:38 86528 -c--a-w- c:\windows\system32\igfxrheb.lrc
2011-10-13 18:38 . 2011-10-13 18:38 84992 -c--a-w- c:\windows\system32\igfxrjpn.lrc
2011-10-13 18:38 . 2011-10-13 18:38 88576 -c--a-w- c:\windows\system32\igfxrfra.lrc
2011-10-13 18:38 . 2011-10-13 18:38 88064 -c--a-w- c:\windows\system32\igfxrnld.lrc
2011-10-13 18:38 . 2011-10-13 18:38 88064 -c--a-w- c:\windows\system32\igfxrdeu.lrc
2011-10-13 18:38 . 2011-10-13 18:38 87552 -c--a-w- c:\windows\system32\igfxrfin.lrc
2011-10-13 18:38 . 2011-10-13 18:38 87552 -c--a-w- c:\windows\system32\igfxrcsy.lrc
2011-10-13 18:38 . 2011-10-13 18:38 87040 -c--a-w- c:\windows\system32\igfxrdan.lrc
2011-10-13 18:38 . 2011-10-13 18:38 86528 -c--a-w- c:\windows\system32\igfxrara.lrc
2011-10-13 18:38 . 2011-10-13 18:38 83968 -c--a-w- c:\windows\system32\igfxrcht.lrc
2011-10-13 18:38 . 2011-10-13 18:38 83968 -c--a-w- c:\windows\system32\igfxrchs.lrc
2011-10-13 18:38 . 2011-10-13 18:38 122368 -c--a-w- c:\windows\system32\igfxcpl.cpl
2011-10-13 18:37 . 2011-10-13 18:37 244224 -c--a-w- c:\windows\system32\igfxpph.dll
2011-10-13 18:37 . 2011-10-13 18:37 380416 -c--a-w- c:\windows\system32\igfxTMM.dll
2011-10-13 18:37 . 2011-10-13 18:37 27648 -c--a-w- c:\windows\system32\igfxexps.dll
2011-10-13 18:37 . 2011-10-13 18:37 61952 -c--a-w- c:\windows\system32\igfxsrvc.dll
2011-10-13 18:36 . 2011-10-13 18:36 108544 -c--a-w- c:\windows\system32\hccutils.dll
2011-10-13 18:36 . 2011-10-13 18:36 119808 -c--a-w- c:\windows\system32\gfxSrvc.dll
2011-10-13 18:36 . 2011-10-13 18:36 4096 -c--a-w- c:\windows\system32\IGFXDEVLib.dll
2011-10-13 18:36 . 2011-10-13 18:36 272896 -c--a-w- c:\windows\system32\igfxdev.dll
2011-10-13 18:36 . 2011-10-13 18:36 87552 -c--a-w- c:\windows\system32\igfxrenu.lrc
2011-10-13 18:36 . 2011-10-13 18:36 142336 -c--a-w- c:\windows\system32\igfxdo.dll
2011-10-13 18:36 . 2011-10-13 18:36 830464 -c--a-w- c:\windows\system32\igfxress.dll
2011-10-13 18:32 . 2011-10-13 18:32 23552 -c--a-w- c:\windows\SysWow64\igfxexps32.dll
2011-10-13 18:31 . 2011-10-13 18:31 228864 -c--a-w- c:\windows\SysWow64\igfxdv32.dll
2011-10-13 18:30 . 2011-10-13 18:30 208896 -c--a-w- c:\windows\SysWow64\iglhsip32.dll
2011-10-13 18:30 . 2011-10-13 18:30 206336 -c--a-w- c:\windows\system32\iglhsip64.dll
2011-10-13 18:30 . 2011-10-13 18:30 188416 -c--a-w- c:\windows\system32\iglhcp64.dll
2011-10-13 18:30 . 2011-10-13 18:30 147456 -c--a-w- c:\windows\SysWow64\iglhcp32.dll
2011-10-12 04:26 . 2011-10-12 04:26 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-12 04:26 . 2011-10-12 04:26 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-10-12 04:26 . 2011-10-12 04:26 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-12 04:26 . 2011-10-12 04:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-12 04:26 . 2011-10-12 04:26 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-10-12 04:26 . 2011-10-12 04:26 482816 ----a-w- c:\windows\system32\html.iec
2011-10-12 04:26 . 2011-10-12 04:26 386048 ----a-w- c:\windows\SysWow64\html.iec
2011-10-12 04:26 . 2011-10-12 04:26 1197568 ----a-w- c:\windows\system32\wininet.dll
2011-10-12 04:17 . 2011-10-12 04:17 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 04:17 . 2011-10-12 04:17 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 04:17 . 2011-10-12 04:17 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-10-12 04:17 . 2011-10-12 04:17 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 04:17 . 2011-10-12 04:17 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-10-12 04:17 . 2011-10-12 04:17 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 04:17 . 2011-10-12 04:17 288256 ----a-w- c:\windows\system32\MSNP.ax
2011-10-12 04:17 . 2011-10-12 04:17 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2011-10-12 04:17 . 2011-10-12 04:17 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 04:17 . 2011-10-12 04:17 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 04:17 . 2011-10-12 04:17 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 04:17 . 2011-10-12 04:17 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 04:17 . 2011-10-12 04:17 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 04:17 . 2011-10-12 04:17 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-29_00.37.27 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-11-29 00:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-10 13:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-10 13:58 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-29 00:38 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-10 13:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-29 00:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-09 07:02 . 2011-12-04 04:06 65856 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-07 05:44 64214 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-20 10:20 . 2011-12-07 05:44 14230 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1480369582-2274605798-2795022772-1001_UserData.bin
+ 2009-08-25 08:42 . 2011-12-04 09:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-25 08:42 . 2011-11-20 14:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-25 08:42 . 2011-12-04 09:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-25 08:42 . 2011-11-20 14:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-04 09:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-20 14:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-20 20:45 . 2011-12-10 13:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-20 20:45 . 2011-11-29 00:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-11-29 01:09 80504 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-12-20 20:45 . 2011-12-10 13:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-20 20:45 . 2011-11-29 00:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-20 20:45 . 2011-12-10 13:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-20 20:45 . 2011-11-29 00:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-20 10:22 . 2011-12-10 13:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-20 10:22 . 2011-11-29 00:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-20 10:22 . 2011-12-10 13:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-20 10:22 . 2011-11-29 00:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-06 15:47 . 2011-12-06 15:47 32256 c:\windows\Installer\7ef6b7d.msi
+ 2011-06-06 19:55 . 2011-06-06 19:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2009-12-22 03:08 . 2011-12-10 13:57 7804 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2009-12-21 23:18 . 2011-12-09 03:25 2846 c:\windows\system32\wdi\{95c162b7-5b71-44f8-82e4-abfd3108f40f}.bin
- 2011-11-29 00:20 . 2011-11-29 00:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-10 13:57 . 2011-12-10 13:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-10 13:57 . 2011-12-10 13:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-29 00:20 . 2011-11-29 00:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-21 18:10 . 2011-12-07 18:05 338626 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-12-20 21:09 . 2011-12-09 11:57 407750 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-12-20 20:32 . 2011-05-25 01:14 270720 c:\windows\system32\MpSigStub.exe
- 2009-12-20 20:32 . 2011-05-25 02:14 270720 c:\windows\system32\MpSigStub.exe
- 2009-07-14 05:01 . 2011-11-27 11:24 444668 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-10 13:57 444668 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-06 19:55 . 2011-06-06 19:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-06-06 20:45 . 2011-06-06 20:45 2318848 c:\windows\Installer\7ef6f1b.msi
+ 2011-11-29 00:47 . 2011-11-29 00:47 1402880 c:\windows\Installer\1a8152.msi
+ 2011-06-06 19:55 . 2011-06-06 19:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
- 2009-07-14 02:34 . 2011-11-27 12:56 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-12-09 21:13 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\7ef6f1c.msp
+ 2011-06-06 19:55 . 2011-06-06 19:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-04-28 20336]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-03-23 33184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-03-23 21328]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-16 249648]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-06-01 821080]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1480369582-2274605798-2795022772-1001Core.job
- c:\users\Kenton S. Lime\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01 13:19]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1480369582-2274605798-2795022772-1001UA.job
- c:\users\Kenton S. Lime\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01 13:19]
.
2011-12-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1480369582-2274605798-2795022772-1001.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2011-08-11 22:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 417560]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com/mb59?u=92260411316914272
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;192.168.*.*;*.local
IE: &D&ownload &with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: Copy to &Lightning Note - c:\program files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{B99CB406-3B0C-4FCA-8D3B-3D9A6DEE8328}\26C61636B696E686F6C6C69777F6F646D27657563747: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Kenton S. Lime\AppData\Roaming\Mozilla\Firefox\Profiles\f89i1o35.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=642886&p=
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1316113400
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1316113640
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1316113520
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1316113280
FF - user.js: browser.bookmarks.restore_default_bookmarks - false
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.download.lastDir - c:\\Users\\Kenton S. Lime\\Pictures\\b\\Raff-Ruse
FF - user.js: browser.migration.version - 5
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.search.defaultenginename - Yahoo
FF - user.js: browser.search.param.yahoo-fr - chr-greentree_ff&type=642886
FF - user.js: browser.search.selectedEngine - Yahoo
FF - user.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - user.js: browser.startup.homepage_override.buildID - 20110902133214
FF - user.js: browser.startup.homepage_override.mstone - rv:6.0.2
FF - user.js: browser.syncPromoViewsLeft - 0
FF - user.js: browser.taskbar.lastgroupid - Mozilla.Firefox.6.0.2
FF - user.js: extensions.blocklist.pingCountTotal - 3
FF - user.js: extensions.blocklist.pingCountVersion - 3
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 4
FF - user.js: extensions.enabledAddons - {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3,{972ce4c6-7e08-4474-a285-3208198ce6fd}:6.0.2
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\[email protected]\:{\descriptor\:\c:\\\\Program Files (x86)\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\,\mtime\:1249808016692},\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\:{\descriptor\:\c:\\\\Program Files (x86)\\\\Adobe\\\\Adobe Contribute CS5\\\\Plugins\\\\FirefoxPlugin\\\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\,\mtime\:1313106896190},\{ABDE892B-13A8-4d1b-88E6-365A6E755758}\:{\descriptor\:\c:\\\\ProgramData\\\\Real\\\\RealPlayer\\\\BrowserRecordPlugin\\\\Firefox\\\\Ext\,\mtime\:1316119510933}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1315795338052}}},{\name\:\winreg-app-user\,\addons\:{\{D6F92668-6844-4F05-9502-8941F43B531D}\:{\descriptor\:\c:\\\\Users\\\\Kenton S. Lime\\\\AppData\\\\Local\\\\{D6F92668-6844-4F05-9502-8941F43B531D}\,\mtime\:1286575876662}}}]
FF - user.js: extensions.lastAppVersion - 6.0.2
FF - user.js: extensions.lastPlatformVersion - 6.0.2
FF - user.js: extensions.pendingOperations - false
FF - user.js: idle.lastDailyNotification - 1315799333
FF - user.js: intl.charsetmenu.browser.cache - ISO-8859-1, UTF-8
FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=642886&p=
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: places.database.lastMaintenance - 1315799333
FF - user.js: places.history.expiration.transient_current_max_pages - 93591
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: storage.vacuum.last.index - 0
FF - user.js: storage.vacuum.last.places.sqlite - 1315799333
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1318387376
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2011-12-10 07:06:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-10 14:06
ComboFix2.txt 2011-12-03 05:25
ComboFix3.txt 2011-11-29 00:46
.
Pre-Run: 172,533,374,976 bytes free
Post-Run: 172,729,405,440 bytes free
.
- - End Of File - - 0D2A62C8154C40F57AA567D47AA4F2CD


I dropped the notepad txt file (with what was pasted on it) before running--although Combofix had to download an update before the real scan began. I can't make heads or tails of the log info, so I suppose I'll leave it for you to tell me if it did any good.

I'll keep my eye out on my CPU activity as I have been--it still has fits, but it's not a constant thing anymore, which is a step in the right direction. If anything, it'll just run really high for an hour or two, tops, before settling back down again and rnning normal. For instance, right now it's hovering between 15-20%; RAM at 63% (steady). I've taken screenshots of taskmanager before when the CPU runs hot--really nothing much to speak of in terms of processes. But I'll take more screencaps again in the future when/if it happens and post them here.

Again, appreciate your efforts, sir! You're doing God's work.

 

[screenname79]

Here's a screen cap of my taskmanager when my CPU was going at 100% just a minute ago--obviously after the Combofix & java cache clean.

Let me know if any of that looks unusual.

 

[screenname79]

And could it at all be worth mentioning that whenever I'm playing ANY video on my computer at all (DVD, Youtube, etc.) the problem is almost immediate? Usually, I would just give up watching videos on my laptop but since my job is to watch and write about movies, it kind of makes it difficult (and frustrating)

Oh, and also; no I haven't cleaned out my fan, ever--but this is only because I was told not to with a laptop. Even if this isn't true, I would have no idea where to begin with dismantling my model of laptop and cleaning it out. Thoughts?

 

[Troncoso]

And could it at all be worth mentioning that whenever I'm playing ANY video on my computer at all (DVD, Youtube, etc.) the problem is almost immediate? Usually, I would just give up watching videos on my laptop but since my job is to watch and write about movies, it kind of makes it difficult (and frustrating)

Oh, and also; no I haven't cleaned out my fan, ever--but this is only because I was told not to with a laptop. Even if this isn't true, I would have no idea where to begin with dismantling my model of laptop and cleaning it out. Thoughts?

Definitely wait for JohnB to reply to finish up. He is a busy person, running his own business and all.
But for the fans, it you have anything that you can blow air with (air compressor, vacuum, air can) Just use it to blow into the vents, where ever they are on the laptop.

Be careful with the air can though, if you shake it or turn it upside down in anyway, you risk blowing liquid straight into your laptop. If you go that route, make sure you blow some air out to make sure it's clean before using it on your computer.

 

[screenname79]

Definitely wait for JohnB to reply to finish up. He is a busy person, running his own business and all.
But for the fans, it you have anything that you can blow air with (air compressor, vacuum, air can) Just use it to blow into the vents, where ever they are on the laptop.

Be careful with the air can though, if you shake it or turn it upside down in anyway, you risk blowing liquid straight into your laptop. If you go that route, make sure you blow some air out to make sure it's clean before using it on your computer.

Indeed--John's been a big help thus far.

And duly noted; I was unaware that there was a danger of liquid spraying into computer parts with those air cans--though, it makes perfect sense. Thanks for the heads up!

 

[johnb35]

Here's a screen cap of my taskmanager when my CPU was going at 100% just a minute ago--obviously after the Combofix & java cache clean.

Let me know if any of that looks unusual.

Unfortunatley that screenshot is way too small to see anything. Anyway you can make it bigger?